diff --git a/src/3rdparty/libtiff/ChangeLog b/src/3rdparty/libtiff/ChangeLog
index e15feec321bf6c5792dfbb29013be9fca046f813..ea8622b8a77b00bbac1cbb9107060eed80848063 100644
--- a/src/3rdparty/libtiff/ChangeLog
+++ b/src/3rdparty/libtiff/ChangeLog
@@ -1,3 +1,51 @@
+2017-11-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* configure.ac: libtiff 4.0.9 released.
+
+	* html/v4.0.9.html: Add HTML file to document changes in libtiff
+	v4.0.9.
+
+2017-11-17  Even Rouault <even.rouault at spatialys.com>
+
+	* libtiff/tif_aux.c, tif_getimage.c, tif_read.c: typo fixes in
+	comments.
+
+2017-11-02  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* test/Makefile.am: Add some tests for tiff2bw.
+
+2017-11-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* tools/tiff2bw.c (main): Free memory allocated in the tiff2bw
+	program.  This is in response to the report associated with
+	CVE-2017-16232 but does not solve the extremely high memory usage
+	with the associated POC file.
+
+2017-10-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* tools/tiff2pdf.c (t2p_sample_realize_palette): Fix possible
+	arithmetic overflow in bounds checking code and eliminate
+	comparison between signed and unsigned type.
+
+	* tools/fax2tiff.c (_FAX_Client_Data): Pass FAX_Client_Data as the
+	client data.  This client data is not used at all at the moment,
+	but it makes the most sense.  Issue that the value of
+	client_data.fd was passed where a pointer is expected was reported
+	via email by Gerald Schade on Sun, 29 Oct 2017.
+
+2017-10-23  Even Rouault <even.rouault at spatialys.com>
+
+	* libtiff/tif_getimage.c: avoid floating point division by zero in
+	initCIELabConversion()
+	Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3733
+	Credit to OSS Fuzz
+
+2017-10-17  Even Rouault <even.rouault at spatialys.com>
+
+	* libtiff/tif_jpeg.c: add compatibility with libjpeg-turbo 1.5.2 that
+	honours max_memory_to_use > 0.
+	Cf https://github.com/libjpeg-turbo/libjpeg-turbo/issues/162
+
 2017-10-10  Even Rouault <even.rouault at spatialys.com>
 
 	* nmake.opt: support a DEBUG=1 option, so as to adjust OPTFLAGS and use
@@ -310,7 +358,7 @@
 	one to opt in to having a branch built on Windows with Cygwin,
 	MinGW and MSVC automatically when a branch is pushed to GitHub,
 	GitLab, BitBucket or any other supported git hosting service.
-	
+
 	* CMakeLists.txt, test/CMakeLists.txt, test/TiffTestCommon.cmake: apply
 	patch 0001-cmake-Improve-Cygwin-and-MingGW-test-support.patch from Roger
 	Leigh (sent to mailing list on 2017-06-08)
diff --git a/src/3rdparty/libtiff/RELEASE-DATE b/src/3rdparty/libtiff/RELEASE-DATE
index 301f35608896f4da519eb1e69c6c07408873c8f5..f5a5ad7294d3cc5854e6bd7e1f7bea744c8b84f3 100644
--- a/src/3rdparty/libtiff/RELEASE-DATE
+++ b/src/3rdparty/libtiff/RELEASE-DATE
@@ -1 +1 @@
-20170521
+20171118
diff --git a/src/3rdparty/libtiff/TODO b/src/3rdparty/libtiff/TODO
index 121d93d563db01806feaf5997f694a3237ad7cab..2ff86272b874bdf05339dffc79ab864cdce02447 100644
--- a/src/3rdparty/libtiff/TODO
+++ b/src/3rdparty/libtiff/TODO
@@ -1,4 +1,4 @@
-#	$Header: /cvs/maptools/cvsroot/libtiff/TODO,v 1.6 2002-10-10 05:28:43 warmerda Exp $
+#	$Header: /cvs/libtiff/TODO,v 1.6 2002/10/10 05:28:43 warmerda Exp $
 
 o gif2tiff segaulting on selected images
 o tiffcmp read data by strip/tile instead of scanline
diff --git a/src/3rdparty/libtiff/VERSION b/src/3rdparty/libtiff/VERSION
index a2cec7aff418bbc41322af26ccbf723b04eac2f2..7919852fe1049d84c6be9e736751ce61d4ebff7f 100644
--- a/src/3rdparty/libtiff/VERSION
+++ b/src/3rdparty/libtiff/VERSION
@@ -1 +1 @@
-4.0.8
+4.0.9
diff --git a/src/3rdparty/libtiff/libtiff/SConstruct b/src/3rdparty/libtiff/libtiff/SConstruct
index dc00c8cbc56e8a803778c592ac04e7d018e489fd..cb6a7cc957fbf6f09650c0f8c4ecbf5be1b939f4 100644
--- a/src/3rdparty/libtiff/libtiff/SConstruct
+++ b/src/3rdparty/libtiff/libtiff/SConstruct
@@ -1,4 +1,4 @@
-# $Id: SConstruct,v 1.4 2007-02-24 15:03:50 dron Exp $
+# $Id: SConstruct,v 1.4 2007/02/24 15:03:50 dron Exp $
 
 # Tag Image File Format (TIFF) Software
 #
diff --git a/src/3rdparty/libtiff/libtiff/tif_aux.c b/src/3rdparty/libtiff/libtiff/tif_aux.c
index 7f6721b9de007380011112b49b4e401bbe7d4d19..10b8d00c25efd1de0e4c100052e465dd60d53339 100644
--- a/src/3rdparty/libtiff/libtiff/tif_aux.c
+++ b/src/3rdparty/libtiff/libtiff/tif_aux.c
@@ -1,4 +1,4 @@
-/* $Id: tif_aux.c,v 1.30 2017-09-07 14:02:52 erouault Exp $ */
+/* $Id: tif_aux.c,v 1.31 2017-11-17 20:21:00 erouault Exp $ */
 
 /*
  * Copyright (c) 1991-1997 Sam Leffler
@@ -361,7 +361,7 @@ _TIFFUInt64ToDouble(uint64 ui64)
 
 int _TIFFSeekOK(TIFF* tif, toff_t off)
 {
-    /* Huge offsets, expecially -1 / UINT64_MAX, can cause issues */
+    /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
     /* See http://bugzilla.maptools.org/show_bug.cgi?id=2726 */
     return off <= (~(uint64)0)/2 && TIFFSeekFile(tif,off,SEEK_SET)==off;
 }
diff --git a/src/3rdparty/libtiff/libtiff/tif_config.h b/src/3rdparty/libtiff/libtiff/tif_config.h
index 2924a3494250693d5a2f00be3e6a3d5c0ffa9cd0..7306e52c4912d053ac2001fd01286444e639bc43 100644
--- a/src/3rdparty/libtiff/libtiff/tif_config.h
+++ b/src/3rdparty/libtiff/libtiff/tif_config.h
@@ -266,7 +266,7 @@
 /* #undef PACKAGE_URL */
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION "4.0.8"
+#define PACKAGE_VERSION "4.0.9"
 
 /* Support Macintosh PackBits algorithm */
 /* #undef PACKBITS_SUPPORT */
diff --git a/src/3rdparty/libtiff/libtiff/tif_getimage.c b/src/3rdparty/libtiff/libtiff/tif_getimage.c
index c51c8894975f2dd8bcbe4b602b14a0089211454e..fc554ccab306ff879b1ed17af230bf5740aa3b9e 100644
--- a/src/3rdparty/libtiff/libtiff/tif_getimage.c
+++ b/src/3rdparty/libtiff/libtiff/tif_getimage.c
@@ -1,4 +1,4 @@
-/* $Id: tif_getimage.c,v 1.112 2017-07-24 10:34:14 erouault Exp $ */
+/* $Id: tif_getimage.c,v 1.114 2017-11-17 20:21:00 erouault Exp $ */
 
 /*
  * Copyright (c) 1991-1997 Sam Leffler
@@ -138,7 +138,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 			/*
 			 * TODO: if at all meaningful and useful, make more complete
 			 * support check here, or better still, refactor to let supporting
-			 * code decide whether there is support and what meaningfull
+			 * code decide whether there is support and what meaningful
 			 * error to return
 			 */
 			break;
@@ -416,7 +416,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024])
 			/*
 			 * TODO: if at all meaningful and useful, make more complete
 			 * support check here, or better still, refactor to let supporting
-			 * code decide whether there is support and what meaningfull
+			 * code decide whether there is support and what meaningful
 			 * error to return
 			 */
 			break;
@@ -2332,6 +2332,13 @@ initCIELabConversion(TIFFRGBAImage* img)
 	float   *whitePoint;
 	float   refWhite[3];
 
+	TIFFGetFieldDefaulted(img->tif, TIFFTAG_WHITEPOINT, &whitePoint);
+	if (whitePoint[1] == 0.0f ) {
+		TIFFErrorExt(img->tif->tif_clientdata, module,
+		    "Invalid value for WhitePoint tag.");
+		return NULL;
+        }
+
 	if (!img->cielab) {
 		img->cielab = (TIFFCIELabToRGB *)
 			_TIFFmalloc(sizeof(TIFFCIELabToRGB));
@@ -2342,7 +2349,6 @@ initCIELabConversion(TIFFRGBAImage* img)
 		}
 	}
 
-	TIFFGetFieldDefaulted(img->tif, TIFFTAG_WHITEPOINT, &whitePoint);
 	refWhite[1] = 100.0F;
 	refWhite[0] = whitePoint[0] / whitePoint[1] * refWhite[1];
 	refWhite[2] = (1.0F - whitePoint[0] - whitePoint[1])
diff --git a/src/3rdparty/libtiff/libtiff/tif_jpeg.c b/src/3rdparty/libtiff/libtiff/tif_jpeg.c
index eed13574570750bb7a7b9a315407cdc735aa9602..0fbdb3548ac7d8732da70d3eaf1b64bcd4d89912 100644
--- a/src/3rdparty/libtiff/libtiff/tif_jpeg.c
+++ b/src/3rdparty/libtiff/libtiff/tif_jpeg.c
@@ -1,4 +1,4 @@
-/* $Id: tif_jpeg.c,v 1.133 2017-08-29 08:08:10 erouault Exp $ */
+/* $Id: tif_jpeg.c,v 1.134 2017-10-17 19:04:47 erouault Exp $ */
 
 /*
  * Copyright (c) 1994-1997 Sam Leffler
@@ -2456,12 +2456,22 @@ static int JPEGInitializeLibJPEG( TIFF * tif, int decompress )
 #ifndef TIFF_JPEG_MAX_MEMORY_TO_USE
 #define TIFF_JPEG_MAX_MEMORY_TO_USE (10 * 1024 * 1024)
 #endif
-        /* Increase the max memory usable. This helps when creating files */
-        /* with "big" tile, without using libjpeg temporary files. */
-        /* For example a 512x512 tile with 3 bands */
-        /* requires 1.5 MB which is above libjpeg 1MB default */
-        if( sp->cinfo.c.mem->max_memory_to_use < TIFF_JPEG_MAX_MEMORY_TO_USE )
-            sp->cinfo.c.mem->max_memory_to_use = TIFF_JPEG_MAX_MEMORY_TO_USE;
+        /* libjpeg turbo 1.5.2 honours max_memory_to_use, but has no backing */
+        /* store implementation, so better not set max_memory_to_use ourselves. */
+        /* See https://github.com/libjpeg-turbo/libjpeg-turbo/issues/162 */
+        if( sp->cinfo.c.mem->max_memory_to_use > 0 )
+        {
+            /* This is to address bug related in ticket GDAL #1795. */
+            if (getenv("JPEGMEM") == NULL)
+            {
+                /* Increase the max memory usable. This helps when creating files */
+                /* with "big" tile, without using libjpeg temporary files. */
+                /* For example a 512x512 tile with 3 bands */
+                /* requires 1.5 MB which is above libjpeg 1MB default */
+                if( sp->cinfo.c.mem->max_memory_to_use < TIFF_JPEG_MAX_MEMORY_TO_USE )
+                    sp->cinfo.c.mem->max_memory_to_use = TIFF_JPEG_MAX_MEMORY_TO_USE;
+            }
+        }
     }
 
     sp->cinfo_initialized = TRUE;
diff --git a/src/3rdparty/libtiff/libtiff/tif_read.c b/src/3rdparty/libtiff/libtiff/tif_read.c
index d5ce8377c02523c7a8cec48bdaac9ec83c2beff2..2ba985a749706d592b27081bb3a424c5edc433a6 100644
--- a/src/3rdparty/libtiff/libtiff/tif_read.c
+++ b/src/3rdparty/libtiff/libtiff/tif_read.c
@@ -1,4 +1,4 @@
-/* $Id: tif_read.c,v 1.65 2017-07-15 12:33:25 erouault Exp $ */
+/* $Id: tif_read.c,v 1.66 2017-11-17 20:21:00 erouault Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -544,7 +544,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
 
 /* Variant of TIFFReadEncodedStrip() that does 
  * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillStrip() has
- *   suceeded. This avoid excessive memory allocation in case of truncated
+ *   succeeded. This avoid excessive memory allocation in case of truncated
  *   file.
  * * calls regular TIFFReadEncodedStrip() if *buf != NULL
  */
@@ -1019,7 +1019,7 @@ TIFFReadEncodedTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size)
 
 /* Variant of TIFFReadTile() that does 
  * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has
- *   suceeded. This avoid excessive memory allocation in case of truncated
+ *   succeeded. This avoid excessive memory allocation in case of truncated
  *   file.
  * * calls regular TIFFReadEncodedTile() if *buf != NULL
  */
@@ -1038,7 +1038,7 @@ _TIFFReadTileAndAllocBuffer(TIFF* tif,
 
 /* Variant of TIFFReadEncodedTile() that does 
  * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has
- *   suceeded. This avoid excessive memory allocation in case of truncated
+ *   succeeded. This avoid excessive memory allocation in case of truncated
  *   file.
  * * calls regular TIFFReadEncodedTile() if *buf != NULL
  */
diff --git a/src/3rdparty/libtiff/libtiff/tif_win32.c b/src/3rdparty/libtiff/libtiff/tif_win32.c
index ea4016338bc27bafae5fc6388bdc8260aa09d3a5..090baed871353383c6bbe2137dcdf0696bc82db5 100644
--- a/src/3rdparty/libtiff/libtiff/tif_win32.c
+++ b/src/3rdparty/libtiff/libtiff/tif_win32.c
@@ -398,6 +398,7 @@ _TIFFmemcmp(const void* p1, const void* p2, tmsize_t c)
 	return (memcmp(p1, p2, (size_t) c));
 }
 
+#ifndef _WIN32_WCE
 
 #if (_MSC_VER < 1500)
 #  define vsnprintf _vsnprintf
@@ -463,6 +464,7 @@ Win32ErrorHandler(const char* module, const char* fmt, va_list ap)
 }
 TIFFErrorHandler _TIFFerrorHandler = Win32ErrorHandler;
 
+#endif /* ndef _WIN32_WCE */
 
 /* vim: set ts=8 sts=8 sw=8 noet: */
 /*
diff --git a/src/3rdparty/libtiff/libtiff/tiffiop.h b/src/3rdparty/libtiff/libtiff/tiffiop.h
index 4da486b7cc89326cb39cb318f40172b586659974..daa291c083065d66028e8eb729369c2651410fc9 100644
--- a/src/3rdparty/libtiff/libtiff/tiffiop.h
+++ b/src/3rdparty/libtiff/libtiff/tiffiop.h
@@ -37,11 +37,7 @@
 #endif
 
 #ifdef HAVE_SYS_TYPES_H
-#  ifdef Q_OS_WINCE
-#    include <types.h>
-#  else
-#    include <sys/types.h>
-#  endif
+# include <sys/types.h>
 #endif
 
 #ifdef HAVE_STRING_H
diff --git a/src/3rdparty/libtiff/libtiff/tiffvers.h b/src/3rdparty/libtiff/libtiff/tiffvers.h
index 890e433d8a03444c4c954da447f0baa3361f61dc..7c415740f6555150909c50e581aff678434e7da1 100644
--- a/src/3rdparty/libtiff/libtiff/tiffvers.h
+++ b/src/3rdparty/libtiff/libtiff/tiffvers.h
@@ -1,4 +1,4 @@
-#define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.8\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc."
+#define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.9\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc."
 /*
  * This define can be used in code that requires
  * compilation-related definitions specific to a
@@ -6,4 +6,4 @@
  * version checking should be done based on the
  * string returned by TIFFGetVersion.
  */
-#define TIFFLIB_VERSION 20170521
+#define TIFFLIB_VERSION 20171118
diff --git a/src/3rdparty/libtiff/qt_attribution.json b/src/3rdparty/libtiff/qt_attribution.json
index 52b4413fb8de441ecf2abcd2c8aa9f56b9618233..c247ea265800441072917ad56ecd69a18972a0b8 100644
--- a/src/3rdparty/libtiff/qt_attribution.json
+++ b/src/3rdparty/libtiff/qt_attribution.json
@@ -6,7 +6,7 @@
 
     "Description": "",
     "Homepage": "http://www.simplesystems.org/libtiff/",
-    "Version": "4.0.8",
+    "Version": "4.0.9",
     "License": "libtiff License",
     "LicenseId": "libtiff",
     "LicenseFile": "COPYRIGHT",