Backport fix for CVE-2026-12912 to compat-libtiff3 (libtiff 3.9.4).
Two upstream commits were cherry-picked and adapted to the 3.9.4
API to fix a heap-buffer-overflow in PixarLogDecode when handling
8BITABGR data with stride 3. The first patch adds a bounds check
and fixes the output pointer advance, and the second extends the
bounds check to handle multi-row strip decoding.
CVE: CVE-2026-12912
Upstream patches:
- ba2b04b114.patch
- f9bda11bf2.patch
Resolves: RHEL-189375
This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Ymir