In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1530913]
I am not able to reproduce this on any version of libtiff shipped with Red Hat Enterprise Linux or with the upstream version compiled with ASAN. Currently there is no response from upstream nor any response from the reporter of this flaw.
I am going to mark this issue as notaffected, until there is more information available.