PDFLib includes a modified version of the tiff library. New vulnerabilities were found on the tiff library (see bug 75213) so this must probably be updated.
Sending mail upstream to get status.
Reply from upstream : ---------------------------------- It turns out no action is required in PDFlib 5.0.x or 6.0.x The vulnerability affects only malloc(0) calls, but these are always trapped in PDFlib. ----------------------------------