Summary

If the EXIF tag Thumbnail JPEGInterchangeFormat stores a non-integer value (as seen in the attached sample),
exifread.core.exif_header.ExifHeader.extract_jpeg_thumbnail attempts to evaluate self.offset + thumb_offset.values[0] and
raises TypeError: unsupported operand type(s) for +: 'int' and 'tuple'. The exception escapes exifread.process_file, letting a
crafted JPEG consistently crash any consumer.

PoC:

import io
import exifread  # 3.5.1

with open("poc_TypeConfuse.tiff", "rb") as f:
    stream = io.BytesIO(f.read())

exifread.process_file(stream, details=False, strict=False, debug=False)

Traceback:

Traceback (most recent call last):
  File "<stdin>", line 8, in <module>
  File ".../exifread/__init__.py", line 131, in process_file
    hdr.extract_jpeg_thumbnail()
  File ".../exifread/core/exif_header.py", line 472, in extract_jpeg_thumbnail
    self.file_handle.seek(self.offset + thumb_offset.values[0])
TypeError: unsupported operand type(s) for +: 'int' and 'tuple'

poc_TypeConfuse.zip