A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2811
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1630006] Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1630009] Affects: fedora-all [bug 1630007]
Analysis: It seems like the flaw was introduced after libtiff-4.0.9 was released. So this is likely a regression in the unreleased version of libtiff (current git master). Which means that any released versions of the pkg will not be affected.
*** Bug 1677528 has been marked as a duplicate of this bug. ***