A null pointer dereference issue was found in Libtiff's tif_dirinfo.c file. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or just injecting faults, which would cause segmentation fault. This may cause an application crash, eventually leading to a denial of service. References: https://gitlab.com/libtiff/libtiff/-/merge_requests/559 https://gitlab.com/libtiff/libtiff/-/issues/624
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:6360 https://access.redhat.com/errata/RHSA-2024:6360