You can downgrade and version-pin the package and continue using the vulnerable version until a better version is released IFF you're sure the bug won't affect your use cases.
This email is in response to www.debian.org/security/2016/dsa-3708
I relied on MAT (Metadata Anonymisation Toolkit) on a daily basis to remove the metadata from PDFs as it is a requirement for my job. I must have this ability. I appreciate the effort to fix this bug but it was not a major issue for me because the PDFs I encounter did not have images. Now that MAT cannot deal with PDFs at all, I am forced to use Windows (which I hate) because I cannot find a suitable alternative to MAT.
Can anyone please suggest a Debian solution to my current problem? I am assuming that Debian Stretch Stable (2017 release) will have an updated version of MAT that will again process PDFs? But what can I do until then to be able to meet my work demands?