A Segment fault (SEGV) issue found in TIFFReadRGBATileExt could be triggered by passing a craft tiff file. The SEGV issue could possibly be converted to a Heap-buffer-overflow issue. Remote attackers could utilize this bug cause deny-of-services or further exploitation. This bug is fixed in commit: 51558511bdbbc References: https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a Reproducible: Always Steps to Reproduce: See in the url. Actual Results: ==320426==ERROR: AddressSanitizer: SEGV on unknown address 0x611400002d38 (pc 0x555995f3ba30 bp 0x7fff67a7c2f0 sp 0x7fff67a7baa0 T0) ==320426==The signal is caused by a READ memory access. #0 0x555995f3ba30 in __sanitizer::internal_memmove(void*, void const*, unsigned long) /compiler-rt/lib/sanitizer_common/sanitizer_libc.cpp:64:14 #1 0x555995ebbcef in __interceptor_memmove /compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:882:3 #2 0x555995f82767 in TIFFReadRGBATileExt /libtiff/tif_getimage.c:3345:9 #3 0x555995f62b7a in LLVMFuzzerTestOneInput /poc.cc:52:17 Expected Results: no crash.
griffon --profile triage service products-contain-component libtiff rhel-8 compat-libtiff3 rhel-8 libtiff rhel-9 libtiff rhel-br-8 libtiff rhel-br-8 mingw-libtiff rhel-br-9 libtiff rhivos-1 libtiff depcli -a libtiff fedora-all/iv=new fedora-all/libtiff=new fedora-all/mingw-libtiff=new fedora-all/tkimg=new rhel-6/libtiff=new rhel-7/compat-libtiff3=new rhel-7/libtiff=new rhel-8/compat-libtiff3=new rhel-8/libtiff=new rhel-9/libtiff=new rhel-br-8/mingw-libtiff=new rhivos-1/libtiff=new
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 2250335] Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 2250336]
*** This bug has been marked as a duplicate of bug 2251344 ***