There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a denial of service attack. Upstream issue: http://bugzilla.maptools.org/show_bug.cgi?id=2728
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1474373] Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1474372] Affects: fedora-all [bug 1474374]