- 2005.09.28 02:21 "Re: [Tiff] PSP libtiff hack?", by Joris Van Damme
- 2005.09.28 04:04 "Re: [Tiff] PSP libtiff hack?", by
- 2005.09.28 04:20 "Re: [Tiff] PSP libtiff hack?", by Chris Cox
- 2005.09.28 13:39 "Re: [Tiff] PSP libtiff hack?", by Dmitry V. Levin
- 2005.10.15 12:43 "[Tiff] Small bug report, and error handler parameter issue", by Joris Van Damme
- 2005.10.20 22:52 "Re: [Tiff] Read EXIF Tag", by Chris Losinger
2005.09.28 04:20 "Re: [Tiff] PSP libtiff hack?", by Chris Cox
It also crashes Safari and Preview on MacOS 10.2.x, and tiffutil on MacOS 10.4.x
The good news is that Photoshop 7, CS, CS2 and Bridge recognize it as corrupt. And Windows XP explorer doesn't crash on this one.
Chris
According to Slashdot a recent Sony PSP hack was accomplished using a vulnerability in libtiff (who knew libtiff was on the PSP?). I tried the file in question with TIFFOpen() and it seems to have no problem. That is TIFFOpen() properly identifies it as corrupt and gives up. So I think the vulnerability has already been corrected in the current libtiff.
The file is available at:
http://home.gdal.org/~warmerda/overflow.tif
In case anyone wants to test TIFF applications with it.
BTW, it does crash tiffdump but I'm not too concerned about that.
What would be ideal is if one or more of these hardware makers using libtiff actually provided some funding for a detailed vulnerability analysis. Then they (and we) wouldn't have egg on our faces.