There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. Reference: http://bugzilla.maptools.org/show_bug.cgi?id=2848
Created iv tracking bugs for this issue: Affects: fedora-all [bug 2235767]