A flaw was reported in libtiff's thunder decoder. The thunder decoder assumes 4bits per pixel, but if a file has bitpersample set to a smaller value, or defaulted (1) then the allocated strip buffer will be too small, and a heap-based buffer overlow may occur. This could be used to crash an application linked to libtiff, or execute arbitrary code with the privileges of the application opening a malicious TIFF file.
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:0392 https://rhn.redhat.com/errata/RHSA-2011-0392.html