REDHAT-BUG-2450768: Integer Overflow
A flaw was found in the libtiff library. A signed integer overflow exists in the putcontig8bitYCbCr44tile function (and potentially similar functions like putcontig8bitYCbCr42tile, putcontig8bitYCbCr22tile, and putcontig8bitYCbCr12tile) within tif_getimage.c. When processing a specially crafted TIFF file with an extremely large width and specific YCbCr subsampling, the calculation for the pointer progression variable (incr) can overflow the 32-bit signed integer boundary. This results in an incorrect negative progression of memory pointers, leading to an out-of-bounds heap write. An attacker could exploit this to cause a denial of service (application crash) or potentially execute arbitrary code.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2450768?
The severity of REDHAT-BUG-2450768 is considered high due to the potential for exploitation through crafted TIFF files.
How do I fix REDHAT-BUG-2450768?
To fix REDHAT-BUG-2450768, update the libtiff library to the latest patched version from the vendor.
What is the impact of REDHAT-BUG-2450768?
The impact of REDHAT-BUG-2450768 includes the possibility of denial of service or remote code execution when processing malicious TIFF files.
Which software is affected by REDHAT-BUG-2450768?
REDHAT-BUG-2450768 affects the LibTIFF library, particularly its TIFF processing functions.
What types of TIFF functions are vulnerable in REDHAT-BUG-2450768?
The vulnerable TIFF functions in REDHAT-BUG-2450768 include putcontig8bitYCbCr44tile and potentially related functions like putcontig8bitYCbCr42tile, putcontig8bitYCbCr22tile, and putcontig8bitYCbCr12tile.