The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
https://security.gentoo.org/glsa/201701-16
https://bugzilla.redhat.com/show_bug.cgi?id=1346694
http://www.securityfocus.com/bid/91204