LibTIFF since version 3.9.0 is vulnerable to a heap-based buffer overflow in the
tif_lzw.c:LZWDecodeCompat() function. An attacker could exploit this to cause a
denial of service via crafted TIF file.
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1559705]
Created mingw-libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1559706]
Affects: epel-7 [bug 1559707]
Any updates on this defect?
What kind of updates are you looking for?
Maybe I cannot access all the dependent pages. Is there a workaround or some mitigation recommendation that we can apply?
(In reply to Riccardo Schirone from comment #9)
> Upstream patch:
Thank You so much!
Updated packages have been already pushed on Fedora 27 and Fedora 28.
For RHEL, a future update may address this issue.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:2053
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):