Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff"s LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code . The updated packages have been patched to prevent this issue.