The putagreytile function in tif_getimage.c in LibTIFF has a left-shift undefined behavior issue, which might allow attackers to cause a denial of service (application crash) via a crafted image. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2658 Upstream patch: https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1438465]
Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1438466]
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1441273]