NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service , as demonstrated by end2xml.