An off-by-one error was found in t2p_readwrite_pdf_image_tile() that can lead to heap buffer overflow triggered by running tiff2pdf on crafted tiff file. Upstream patch: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2640 CVE assignment: http://seclists.org/oss-sec/2017/q1/3 Reproducer: https://github.com/asarubbo/poc/blob/master/00112-libtiff-heapoverflow-_TIFFmemcpy
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1410123]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1410124] Affects: epel-7 [bug 1410125]