A heap-buffer oveflow was found in bmp2tiff, A tool used to created TIFF format files from BMP format image files. An attacker could provide a specially-crafted BMP format file, which when converted to TIFF format, using the bmp2tiff tool, could lead to bmp2tiff executable to crash. Reference: http://seclists.org/bugtraq/2015/Dec/138
I haven't completed my analysis yet, but for now I tend to say that this is only OOB read.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1546 https://rhn.redhat.com/errata/RHSA-2016-1546.html
I think the patch is incomplete. See http://bugzilla.maptools.org/show_bug.cgi?id=2563#c2