/usr/lib/Img1.3/libjpegtcl1.0.so contains libjpeg /usr/lib/Img1.3/libpngtcl1.2.24.so contains libpng /usr/lib/Img1.3/libtifftcl3.8.2.so contains libtiff /usr/lib/Img1.3/libzlibtcl1.2.3.so contains zlib Considering the version in the filename the version of the upstream library, at least libtiff might be vulnerable to GLSA 200809-07, and libpng is most likely vulnerable to GLSA 200804-15 .
Should be fixed (tkimg-1.3.20081202).