A flaw was foung in LibTIFF 4.0.9. There is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c that could lead to information disclosure and denial of service. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2767
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1529528] Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1529526] Affects: fedora-all [bug 1529525]