ochang@, it looks like CVE-2015-7554 was reported for libtiff 4.0.6, but it hasn't been patched so it would still exist in the version used by pdfium.

Total of three bugs:

https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe:/a:libtiff_project:libtiff:4.0.6

CVE-2016-3186
CVE-2015-8668
CVE-2015-7554

Since it's a public CVE, I'm removing the view restrictions.

There appear to be no patches for this though, and I'm not familiar enough with tiff to make a confident judgement about whether this actually affects pdfium, or to write a correct patch for it...

hong_zhang, could you please route this security bug to the appropriate person? thanks.

I will. ochange@

Additional CVEs with buffer overflows:

CVE-2016-5318
CVE-2016-5319 

Details:
http://www.openwall.com/lists/oss-security/2016/06/07/1

Marking this severity-high because at least one (CVE-2015-8668) of these CVEs is a buffer overflow.

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Can you please add the OS label which was affected ?

Also, please let us know if this can be tested manually.

This is marked as M52 RB-Beta label, hence requesting you to provide you the details so that this can be fixed & merged in to M52 branch for next beta promotion this wednesday.

Removing the release block label -- there was no demonstrated reachable vulnerability in this bug report, and the feature in question that uses this library has already been turned off.

We have since updated libtiff to 4.0.8, which I believe has this issue fixed.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

(the VRP panel declined to award, see comment 19)