LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1644230]
This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of libtiff as shipped with Red Hat Enterprise Linux 7.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:2053
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):