2012.09.22 18:36 "[Tiff] Libtiff 3.9.7 released", by Bob Friesenhahn
Libtiff 3.9.7 is now available. This release is intended to support
users of libtiff 3.9.X and 3.8.X who are not yet able to update to
4.0.X. This release is not recommended to support new development
since users should be transitioning to 4.0.X.
Visit http://www.remotesensing.org/libtiff/ to learn more about
libtiff or to download the release.
The following are the changes in this release since the 3.9.6 release.
CHANGES IN THE SOFTWARE CONFIGURATION:
* Updated to use Automake 1.12.4. Avoids security problem with 'make distcheck' (CVE-2012-3386).
CHANGES IN LIBTIFF:
- tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).
- libtiff/tif_dir.c: Avoid generic handling of TIFFTAG_WHITELEVEL. (http://bugzilla.maptools.org/show_bug.cgi?id=2321).
- libtiff/tif_dirread.c: Avoid trusting samplesperpixel's default of 1 for purposes of trimming tags. This is to get some super crappy OJPEG files to work again. (http://bugzilla.maptools.org/show_bug.cgi?id=2348).
- libtiff/tif_strip.c, libtiff/tif_tile.c: Back-patch the 4.0 behavior of treating signed overflow as an error in TIFFVStripSize and TIFFVTileSize. This is needed since the result is declared as tsize_t which is signed, and callers are likely to do the wrong thing entirely when the returned value is negative (CVE-2012-2088). __________________________________________
CHANGES IN THE TOOLS:
- tiff2pdf: Defend against integer overflows while calculating required buffer sizes (CVE-2012-2113).
- tiff2pdf: Fail when TIFFSetDirectory() fails. This prevents core dumps or perhaps even arbitrary code execution when processing a corrupt input file (CVE-2012-3401).
- tiff2pdf: Fix two places where t2p_error didn't get set after a malloc failure. No crash risk AFAICS, but the program might not report exit code 1 as desired. __________________________________________
- CHANGES IN THE CONTRIB AREA:
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/