An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
https://access.redhat.com/errata/RHSA-2019:2053
https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html
https://usn.ubuntu.com/3864-1/