It was found that tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Upstream patch: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1397781]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1397782] Affects: epel-7 [bug 1397783]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2017:0225 https://rhn.redhat.com/errata/RHSA-2017-0225.html