AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

2022.03.09 13:27 "[Tiff] Release date for the next version of LibTIFF", by Abhi Baruah

Hello,

I am a developer at MathWorks, Inc and currently I am looking into some CVEs which originate from the LibTIFF library. Here are the NIST links to the CVEs:

https://nvd.nist.gov/vuln/detail/CVE-2022-0562
https://nvd.nist.gov/vuln/detail/CVE-2022-0561

However, I see that the fixes for these CVEs have already been submitted to the master branch:

https://gitlab.com/libtiff/libtiff/-/issues/362

Are there plans of scheduling a LibTiff release with these fixes?

This information will help us to decide whether we want to patch the library on our end or wait for the release.

Thanks,
Abhi Baruah
The MathWorks, Inc.