Below issues were reported [1] and fixed upstream in libtiff: - uninitialized memory in putcontig8bitYCbCr21tile Fixed in: 2014-12-29 Even Rouault <even.rouault () spatialys com> * libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and putcontig8bitYCbCr21tile cases. - uninitialized memory in NeXTDecode Fixed in: 2014-12-29 Even Rouault <even.rouault () spatialys com> * libtiff/tif_next.c: add new tests to check that we don't read outside of the compressed input stream buffer. [1]: http://seclists.org/oss-sec/2015/q1/454
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1190710]
Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1190712]
Patch ===== https://github.com/vadz/libtiff/commit/40a5955cbf0df62b1f9e9bd7d9657b0070725d19#diff-8267b6b5121b27393df8c9734578a8ae
libtiff-4.0.3-20.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Statement: This issue affects the version of libtiff package as shipped with Red Hat Enterprise Linux 5, 6 and 7. A further update may address this flaw in Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1546 https://rhn.redhat.com/errata/RHSA-2016-1546.html