An out-of-bounds heap write was found in _TIFFFax3fillruns when output buffer was not correctly incremented in readContigStripsIntoBuffer() in ignore mode in tiffcrop.c Upstream patch: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2620 CVE assignment: http://seclists.org/oss-sec/2017/q1/9
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1410123]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1410124] Affects: epel-7 [bug 1410125]