AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2023.04.03 20:50 "[Tiff] Remove TIFFCROP from LibTiff", by Sulau
2023.04.04 12:59 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
2023.04.04 13:49 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Bob Friesenhahn
2023.04.04 14:04 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
2023.04.04 15:14 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Kurt Schwehr
2023.04.04 15:23 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Rob Boehne
2023.04.04 15:27 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
2023.04.04 15:40 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Miguel Medalha
2023.04.04 16:46 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Daniel McCoy
2023.04.04 22:47 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Kurt Schwehr
2023.04.05 19:11 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Sulau
2023.04.06 19:07 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Even Rouault
2023.04.07 00:05 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Miguel Medalha
2023.04.07 00:20 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Even Rouault
2023.04.07 13:28 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Bob Friesenhahn

2023.04.03 20:50 "[Tiff] Remove TIFFCROP from LibTiff", by Sulau

Dear all

I have been trying to fix the constant CVE issues at tiffcrop for several years.

Today I can say "fixing is not possible".

The endless combinable parameters and the grown implementation of the working buffer allocation for input, intermediate results and output make maintenance nearly impossible.

Also the code often (partially) does something different than I would expect based on the parameter description. This is then often visible in the resulting image, which looks different than what the very brief parameter description would suggest.

With this in mind, I would recommend removing tiffcrop from the LibTiff library to avoid endless CVE and buffer overrun issues that are not really part of LibTiff.

Regards

Su