A flaw was found in LibTIFF 4.0.9, there is a Use-After-Free(UAF)in the t2p_writeproc function in tools/tiff2pdf.c. An attacker could exploit this via crafted TIFF file to cause a denial of service or possibly have unspecified other impact.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1562824
Looks to have very low impact.
Reported upstream, no acknowledgement from upstream as of yet. Guessing it slipped past the radar or they judged it very low priority.
Interestingly, doesn't appear to affect Fedora 28, so unclear if it was stealth patched accidentally fixed via refactoring.
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1630031]
Created mingw-libtiff tracking bugs for this issue:
Affects: epel-7 [bug 1630030]
Affects: fedora-all [bug 1630032]