libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the processCropSelections function in tools/tiffcrop.c, resulting in a denial of service.
This update for tiff fixes the following issues. Fixed a NULL pointer dereference in raw2tiff. Fixed an integer overflow in raw2tiff. Fixed a memory leak in tiffcrop. Fixed an out of bounds read in tiffcp. Fixed an out of bounds read when transforming a little-endian file to a big-endian output. Fixed a NULL pointer dereference while encoding FAX3 files. Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer. Fixed a NULL pointer dereference while opening a file in an inaccessible path. Fixed a buffer overflow in tiffcrop.
