A Segment fault (SEGV) issue found in TIFFReadRGBATileExt could be triggered by passing a craft tiff file. The SEGV issue could possibly be converted to a Heap-buffer-overflow issue. Remote attackers could utilize this bug cause deny-of-services or further exploitation. This bug is fixed in commit: 51558511bdbbc References: https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a Reproducible: Always Steps to Reproduce: See in the url. Actual Results: ==320426==ERROR: AddressSanitizer: SEGV on unknown address 0x611400002d38 (pc 0x555995f3ba30 bp 0x7fff67a7c2f0 sp 0x7fff67a7baa0 T0) ==320426==The signal is caused by a READ memory access. #0 0x555995f3ba30 in __sanitizer::internal_memmove(void*, void const*, unsigned long) /compiler-rt/lib/sanitizer_common/sanitizer_libc.cpp:64:14 #1 0x555995ebbcef in __interceptor_memmove /compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:882:3 #2 0x555995f82767 in TIFFReadRGBATileExt /libtiff/tif_getimage.c:3345:9 #3 0x555995f62b7a in LLVMFuzzerTestOneInput /poc.cc:52:17 Expected Results: no crash.
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 40 development cycle. Changing version to 40.
*** This bug has been marked as a duplicate of bug 2260112 ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days