In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. https://nvd.nist.gov/vuln/detail/CVE-2017-17942