A heap-buffer overflow vulnerability was found in libtiff in the tools/tiffcp. Using a maliciously crafted BitsPerSample value could cause the application to crash or possibly allow code execution.
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1410123]
Created mingw-libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1410124]
Affects: epel-7 [bug 1410125]
This is a heap-based buffer overflow in the tiffcp utility of libtiff. A specially-crafted image when processed via the tiffcp binary, could cause it to crash or execute arbitrary code with the permissions of the user running the utility.