2023.04.03 20:50 "[Tiff] Remove TIFFCROP from LibTiff", by Sulau
-
2023.04.04 12:59 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
- 2023.04.04 13:49 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Bob Friesenhahn
- 2023.04.04 15:40 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Miguel Medalha
- 2023.04.05 19:11 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Sulau
2023.04.03 20:50 "[Tiff] Remove TIFFCROP from LibTiff", by Sulau
Dear all
I have been trying to fix the constant CVE issues at tiffcrop for several years.
Today I can say "fixing is not possible".
The endless combinable parameters and the grown implementation of the working buffer allocation for input, intermediate results and output make maintenance nearly impossible.
Also the code often (partially) does something different than I would expect based on the parameter description. This is then often visible in the resulting image, which looks different than what the very brief parameter description would suggest.
With this in mind, I would recommend removing tiffcrop from the LibTiff library to avoid endless CVE and buffer overrun issues that are not really part of LibTiff.
Regards
Su