Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
pcre3 to version 2:8.38-1 or higher.