LibTIFF 4.0.7 has an invalid read in the TIFFVGetField function in tifdir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
{ "urgency": "not yet assigned" }