The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. References: https://bugzilla.redhat.com/show_bug.cgi?id=554371 http://bugzilla.maptools.org/show_bug.cgi?id=2210
This particular symptom of unknown / out-of-order tag handling issues did not affect current libtiff packages in Red Hat Enterprise Linux 3, 4 and 5 due to previously applied patch (libtiff-*-ormandy.patch). Future libtiff updates will improve that patch to use approach from patch submitted in the upstream bug report #2210. The fix is already included in Fedora 3.9.4-1 packages. Statement: Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.