A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted tiff file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service. Bugs https://gitlab.com/libtiff/libtiff/-/issues/620 https://gitlab.com/libtiff/libtiff/-/issues/619 (related) https://bugzilla.redhat.com/show_bug.cgi?id=2297636 Notes Author| Note —|— | Priority reason: Only a resource consumption DoS via API misuse sbeattie | texmaker added an embedded copy of libtiff in bionic mdeslaur | Per the tiff developers, this API can't perform restrictions on imagewidth and imagelength, as high values are also valid. Application developers should be using the TIFFOpenOptionsSetMaxSingleMemAlloc() API. The upstream bug is likely to get closed, and this CVE rejected. Marking as deferred for…Read More