The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF allows attackers to cause a denial of service (memory leak) via a crafted image. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2659 Upstream patches: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 1438465]
Created mingw-libtiff tracking bugs for this issue: Affects: epel-7 [bug 1438466]
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 1441273]