An out-of-bounds read in ZIPEncode function in tif_zip.c when running bmp2tiff on crafted BMP file was found in libtiff-4.0.6.
Name: Mei Wang (Qihoo 360)
Created attachment 1135193 [details]
ASAN and GDB report
This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 6 and 7. This issue did not affect the versions of compat-libtiff3 as shipped with Red Hat Enterprise Linux 7, as they did not include the bmp2tiff tool.