It was found that tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Upstream patch: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1397781]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1397782] Affects: epel-7 [bug 1397783]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2017:0225 https://rhn.redhat.com/errata/RHSA-2017-0225.html