tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2pprocessjpegstrip(). Reported as MSVR 35098, aka "t2pprocessjpegstrip heap-buffer-overflow."
{ "urgency": "not yet assigned" }