The TIFFVGetField function in tifdir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
{ "urgency": "not yet assigned" }