Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tifthunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.