CVE-2016-9538: libtiff: Integer overflow leads to reading undefined buffer in readContigStripsIntoBuffer()

Severity: Critical

CVSS Score: 9.8

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.