Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
tiff to version 4.0.8-2+deb9u6 or higher.