CVE-2020-19131: 
NixOS vulnerability analysis and mitigation

CVE-2020-19131 is a buffer overflow vulnerability discovered in LibTiff version 4.0.10, specifically affecting the 'invertImage()' function in the 'tiffcrop' component. The vulnerability was publicly disclosed and tracked in security databases, with patches being released to address the issue (NVD, Debian Security).

The vulnerability exists in the invertImage() function within tiffcrop.c at line 9206. The function contains multiple issues related to pixel processing and value calculations. The code incorrectly processes 4 pixels per iteration while performing width iterations, leading to 4*width pixels being inverted and causing a heap buffer overflow. Additionally, there are calculation errors where values should be (3 - x) instead of (4 - x) for certain bit-per-sample (bps) values (Maptools Bugzilla). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability allows remote attackers to cause a denial of service condition through a heap buffer overflow by manipulating the color space inversion process. When exploited, this can lead to application crashes and potential system instability (NVD, Debian Security).

The vulnerability has been fixed through a merge request (MR 61) in the LibTiff repository. The fix includes correcting the pixel processing loop and value calculations. Multiple Linux distributions have released patched versions, including Debian which addressed this in version 4.0.8-2+deb9u7 (Debian Security, Maptools Bugzilla).