☰LibTiff Mailing List Archive

2023.04.03 20:50 "[Tiff] Remove TIFFCROP from LibTiff", by Sulau

2023.04.04 12:59 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
- 2023.04.04 13:49 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Bob Friesenhahn
  - 2023.04.04 14:04 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
    - 2023.04.04 15:14 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Kurt Schwehr
      - 2023.04.04 15:23 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Rob Boehne
      - 2023.04.04 15:27 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
- 2023.04.04 15:40 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Miguel Medalha
  - 2023.04.04 16:46 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Daniel McCoy
    - 2023.04.04 22:47 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Kurt Schwehr
2023.04.05 19:11 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Sulau
- 2023.04.06 19:07 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Even Rouault
  - 2023.04.07 00:05 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Miguel Medalha
    - 2023.04.07 00:20 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Even Rouault
      - 2023.04.07 13:28 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Bob Friesenhahn

2023.04.04 15:14 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Kurt Schwehr

I personally exclude all the programs from my distribution of libtiff to run into fewer CVEs.

Another alternative to consider is putting a disclaimer on those tools saying that CVEs might not be fixed and use at your own risk. Many pipelines use only trusted data, so they are fine. And folks using untrusted data, should be running their pipelines in a security sandbox. Setting up sandboxes is definitely a user responsibility.