A vulnerability was found in the libtiff library. Using the tagCompare function with the thumbnail command on a maliciously crafted tif file could cause the application to crash.
tagCompare(const void* a, const void* b)
338 const TIFFField* ta = *(const TIFFField**) a;
339 const TIFFField* tb = *(const TIFFField**) b;
340 /* NB: be careful of return values for 16-bit platforms */
341 if (ta->field_tag != tb->field_tag)
342 return (int)ta->field_tag - (int)tb->field_tag;
344 return (ta->field_type == TIFF_ANY) ?
345 0 : ((int)tb->field_type - (int)ta->field_type);
*** Bug 1316876 has been marked as a duplicate of this bug. ***
This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 5, 6 and 7. This issue did not affect the versions of compat-libtiff3 as shipped with Red Hat Enterprise Linux 7.