tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. Reference: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 Upstream commits: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1765706]
Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1771370]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3902 https://access.redhat.com/errata/RHSA-2020:3902
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17546
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4634 https://access.redhat.com/errata/RHSA-2020:4634