This patch fixes a buffer overflow in libtiff:

http://bugzilla.maptools.org/show_bug.cgi?id=2587
http://seclists.org/oss-sec/2016/q4/381

There is no CVE ID assigned yet.