AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2012.06.16 00:31 "[Tiff] Libtiff 4.0.2 Released", by Frank Warmerdam
2012.06.19 19:39 "Re: [Tiff] Libtiff 4.0.2 Released", by Charles Auer

2012.06.16 00:31 "[Tiff] Libtiff 4.0.2 Released", by Frank Warmerdam

Folks,

I have pushed out a 4.0.2 release. It includes a few minor new features,
and a variety of bug fixes, mostly of interest to those paranoid about
security issues in libtiff. If you use libtiff with untrusted input files you
might want to update. From the version page:

CHANGES IN LIBTIFF:

tif_getimage.c: added support for _SEPARATED CMYK images.

tif_getimage.c: Added support for greyscale + alpha. Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory() functions. tif_print.c: Lots of fixes around printing corrupt or hostile input. Improve handling of corrupt ycbcrsubsampling values. tif_unix.c: use strerror to get meaningful error messages. tif_jpeg.c: fix serious bugs in JPEGDecodeRaw().

tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).

CHANGES IN THE TOOLS:

    tiff2pdf: Defend against integer overflows while calculating
required buffer sizes (CVE-2012-2113).

Hopefully I haven't botched things badly - I tried to follow the
instructions instead of just asking Bob to do it for me this time.

Best regards,

--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | Geospatial Software Developer