Denial of service via a TIFF image that triggers errors in the TIFFFetchAnyArray function in tif_dirread.c; certain "codec cleanup methods" in tif_lzw.c, tif_pixarlog.c, and tif_zip.c; and improper restoration of setfield and getfield methods in cleanup functions within tif_jpeg.c, tif_pixarlog.c, tif_fax3.c, and tif_zip.c, TIFFToRGB out-of-memory reference, tif_jpeg.c double free(), TIFFFetchData integer overflow.