The port directs to a vulnerable verion of libtiff (4.0.7_1). Besides, is there any reason for it to exist at all, when there's graphics/tiff which installs libtiff too?
A commit references this bug: Author: bofh Date: Tue Jun 6 14:16:02 UTC 2017 New revision: 442775 URL: https://svnweb.freebsd.org/changeset/ports/442775 Log: graphics/tiffgt: Update version 4.0.7=>4.0.8 PR: 219783 Reported by: a@carniajeu.com Changes: head/graphics/tiffgt/Makefile head/graphics/tiffgt/distinfo
Vulnerable version has been updated. This is different from libtiff or tiff in the sense this port provides tools which are not provided by the graphics/tiff.