The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The libtiff package ships a library, for reading and writing TIFF, as well as a small collection of tools for manipulating TIFF images. The cvt_whole_image function used in the tiff2rgba tool and the tiffcvt function used in the rgb2ycbcr tool do not properly validate the width and height of the image. Specific TIFF images with large width and height can be crafted to trigger the vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/79132/oCERT-2009-012.txt
Source: https://packetstormsecurity.com/files/79132/Open-Source-CERT-Security-Advisory-2009.12.html