Tavis Ormandy discovered that the Tag Image File Format library is vulnerable to a buffer overflow triggered by a crafted OJPEG file which allows for a crash and potentially execution of arbitrary code. The oldstable distribution is not affected by this problem.