The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. References: https://bugs.launchpad.net/bugs/591605 https://bugzilla.redhat.com/show_bug.cgi?id=603081 http://bugzilla.maptools.org/show_bug.cgi?id=2216 http://secunia.com/advisories/40422
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0519 https://rhn.redhat.com/errata/RHSA-2010-0519.html