The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. Upstream Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2816
Not reproducible on f28 with libtiff-tools-4.0.9-10.fc28.x86_64.
Unable to reproduce on any RHEL* packages.