Published: 15 March 2017
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.
Debian and Ubuntu use a netpbm fork which does not contain the issue. See here: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8
CVSS 3 base score: 5.5