CVE-2014-8129 -- LibTIFF -- Out-of-bounds Read & Write

0. Status
---------
20140124 - Complete

1. Description
--------------
LibTIFF provides support for the Tag Image File Format (TIFF), a widely used
format for storing image data.
It is composed of a library for working with TIFF files along with a small
collection of tools for doing simple manipulations of TIFF images.

Multiple out-of-bounds reads & writes can be triggered with malformed TIFF
images in the "tiff2pdf" tool.

2. Affected versions
--------------------
Reported on Ubuntu 14.04.1 LTS (amd64) 4.0.3-7ubuntu0.1 .
Last stable source release v4.0.3 is also affected.

3. Fix
------
Fixed in CVS HEAD since at least 21/12/2014:

4. References
-------------
  - http://bugzilla.maptools.org/show_bug.cgi?id=2487
  - http://bugzilla.maptools.org/show_bug.cgi?id=2488

5. Credits
----------
William Robinet - Conostix S.A. - william.robinet-libtiff [AT] conostix.com
american fuzzy lop - http://lcamtuf.coredump.cx/afl/