From https://bugzilla.redhat.com/show_bug.cgi?id=871700 : A flaw was found in the way ppm2tiff, a tool to create a TIFF file from PPM, PGM and PBM image files, did not check the return value of TIFFScanlineSize() function. When TIFFScanlineSize encountered an integer-overflow and returned zero, this value was not checked. A remote attacker could provide a specially-crafted PPM image format file, that when processed by ppm2tiff would lead to ppm2tiff executable crash or, potentially, arbitrary code execution with the privileges of the user running the ppm2tiff binary.
CVE-2012-4564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4564): ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
This issue was resolved and addressed in GLSA 201402-21 at http://security.gentoo.org/glsa/glsa-201402-21.xml by GLSA coordinator Chris Reffett (creffett).