Heap-based buffer overflow vulnerability was found in tif_packbits.c in PackBitsEncode function. Memory corruption can be triggered when bmp2tiff is handling maliciously crafted bmp file causing application to crash. CVE assignment: http://seclists.org/oss-sec/2016/q2/486
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1344070]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1344071] Affects: epel-7 [bug 1344072]
https://github.com/vadz/libtiff/ -> the forked version of libtiff, reacted to this flaw by removing the bmp2tiff utility from the package.