The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
https://security.gentoo.org/glsa/201709-08
https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html