A vulnerability identified as CVE-2013-4244 was discovered and fixed in libtiff. However, related file isn't updated in the POV-Ray project.
POV-Ray Version
Affected build version: < 3.7.0.10
Details
It was fixed on libtiff with the following commit: https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833 which amended 'process' function in tools/gif2tiff.c file.
The POV-Ray project contains an identical 'process' function in libraries/tiff/tools/gif2tiff.c file, which has not been updated.
Summary
A vulnerability identified as CVE-2013-4244 was discovered and fixed in libtiff. However, related file isn't updated in the POV-Ray project.
POV-Ray Version
Details It was fixed on libtiff with the following commit: https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833 which amended 'process' function in tools/gif2tiff.c file. The POV-Ray project contains an identical 'process' function in libraries/tiff/tools/gif2tiff.c file, which has not been updated.
References
Report Origin The bug is reported by a tool developed at CAST.