It was found that tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Upstream patch: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1397781]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1397782] Affects: epel-7 [bug 1397783]
Hi Adam, is the link correct? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9535 mentions the two commits: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
(In reply to Miroslav Hradílek from comment #5) > Hi Adam, > > is the link correct? > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9535 mentions the > two commits: > https://github.com/vadz/libtiff/commit/ > 3ca657a8793dd011bf869695d72ad31c779c3cc1 > https://github.com/vadz/libtiff/commit/ > 6a984bf7905c6621281588431f384e79d11a2e33 The above links are correct, the ones mentioned in comment #0 seem to be wrong.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2017:0225 https://rhn.redhat.com/errata/RHSA-2017-0225.html