tifread.c in LibTIFF 4.0.7 does not ensure that tifrawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
{ "urgency": "not yet assigned" }