A vulnerability was found in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1745952]
This is more of a hardening then a flaw. libtiff used an unsafe way to detect overflow in multiplication of signed types, which was implementation dependent. The issue is fixed by adding proper integer overflow checks.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:1688 https://access.redhat.com/errata/RHSA-2020:1688
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):