An out-of-bounds read in ZIPEncode function in tif_zip.c when running bmp2tiff on crafted BMP file was found in libtiff-4.0.6.
Acknowledgments: Name: Mei Wang (Qihoo 360)
Created attachment 1135193 [details] ASAN and GDB report
Public via: http://seclists.org/oss-sec/2016/q2/21
Statement: This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 6 and 7. This issue did not affect the versions of compat-libtiff3 as shipped with Red Hat Enterprise Linux 7, as they did not include the bmp2tiff tool.