☰LibTiff Mailing List Archive

2008.08.29 22:53 "[Tiff] Some security fixes from RHEL", by Even Rouault

2008.08.30 02:08 "Re: [Tiff] Some security fixes from RHEL", by Tom Lane
- 2008.09.01 22:18 "Re: [Tiff] libtiff security", by Dmitry V. Levin
2008.08.31 15:17 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
- 2008.08.31 15:38 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 08:03 "Re: [Tiff] Some security fixes from RHEL", by Andrey Kiselev
- 2008.09.04 20:48 "Re: [Tiff] beta2 release - lfind() problem on Win64", by Edward Lam
  - 2008.09.05 06:18 "Re: [Tiff] beta2 release - lfind() problem on Win64", by Andrey Kiselev
    - 2008.09.04 20:06 "[Tiff] tiffsplit.c broken on Windows in trunk", by Edward Lam
      - 2008.09.04 20:41 "Re: [Tiff] tiffsplit.c broken on Windows in trunk", by Toby Thain
        2008.09.04 21:13 "Re: [Tiff] tiffsplit.c broken on Windows in trunk", by Edward Lam
      - 2008.09.05 06:42 "[Tiff] Re: tiffsplit.c broken on Windows in trunk", by Andrey Kiselev
    - 2008.09.05 13:09 "Re: [Tiff] beta2 release - lfind() problem on Win64", by Edward Lam
2008.09.03 21:01 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.03 18:13 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
  - 2008.09.03 18:43 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
  - 2008.09.03 20:47 "Re: [Tiff] Some security fixes from RHEL", by Edward Lam
2008.09.03 21:59 "Re: [Tiff] Some security fixes from RHEL", by Even Rouault

2008.09.02 08:24 "Re: [Tiff] Some security fixes from RHEL", by Tom Lane

[ separate reply for a separate issue ]

As maintainer of Red Hat's libtiff package, I am now seriously wondering whether I must recommend that Red Hat disable TIFF support in any application that has any internet exposure.

There is not really any reason to single libtiff out. You can insert many application/library names here.

No, not really. Image processing libraries have a particularly bad name amongst the security community. I suppose that this isn't so much because their code was any worse than anyone else's, as that it's been an easy attack vector for both email and http hackers. Most web browsers and email clients will happily try to load any file that is presented to them as being an image. If they rely on an image library that is vulnerable, then it's game over. And do you really think it's the browser's responsibility to check the image before feeding it to libtiff?

Whether you like this responsibility or not, you have to accept it, or else you'll just be a footnote to history.

regards, tom lane