CVE-2017-9815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9815): In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. CVE-2017-9404 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9404): In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. CVE-2017-9147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9147): LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. CVE-2017-9117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9117): In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. @Maintainers LibTIFF 4.0.7 is vulnerable to multiple DoS vulnerabilites. Could you please call for 4.0.8 stabilization?
tiff-4.0.8 was stabilized via bug 618610
