The pal2rgb tool (tools/pal2rgb.c) in LibTIFF 4.0.9 is vulnerable to a heap-based bufferflow when parsing a specially crafted .tif file. A remote attacker could exploit this to cause an application crash (denial of service) or other possible unspecified impact.
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1524285]
Note: As per upstream bug, there is currently no patch yet. The proposed patch seems to be insufficient, since the issue still manifests after the patch is applied.