Multiple integer overflows were found in writeBufferToSeparateStrips(), writeBufferToContigTiles() and writeBufferToSeparateTiles() that could lead to out-of-bounds heap read. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2592 CVE assignment: http://seclists.org/oss-sec/2016/q4/487
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1397781]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1397782] Affects: epel-7 [bug 1397783]
Upstream patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad