The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6314