LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. https://nvd.nist.gov/vuln/detail/CVE-2018-10126