libtiff-4.0.3-35.0.1.el7.AXS7

The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files. TIFF is a widely used file
format for bitmapped images. TIFF files usually end in the .tif extension and
they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF format
image files.

Security Fix(es):

* CVE-2023-52356: added proper validation and boundary checks to prevent the
SEGV and potential heap-buffer overflow
* CVE-2023-52355: added functionality to set a maximum possible allocation size
in bytes in order to prevent out-of-memory issues when opening a TIFF file and
added memory limit option in tools

CVE(s):
CVE-2023-52355
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
CVE-2023-52356
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.