LibTIFF is prone to an overflow condition. The OJPEGReadHeaderInfoSecStreamSof() function in tif_ojpeg.c fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted TIFF file, a context-dependent attacker can potentially cause arbitrary code execution.
Local / Remote,
Loss of Integrity
It has been reported that this issue has been fixed. Upgrade to version 3.9.5, 4.0.0beta7, or higher, to address this vulnerability.