- 2020.08.16 14:27 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by John
- 2020.08.16 14:41 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Toby Thain
- 2020.08.16 15:02 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Leonard Rosenthol
- 2020.08.16 15:52 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Even Rouault
2020.08.16 15:44 "Re: [Tiff] Disable Old JPEG in libtiff by default!", by Bob Friesenhahn
The libtiff configure script enables support for reading old JPEG by default. I propose that the libtiff default should be to disable support for old JPEG.
I still come across old-style JPEG images occasionally, perhaps once a year. It would be annoying if I had to rebuild software to be able to process them.
You're right that there are security implications, though libtiff is fuzzed so heavily now that I think the risk is small.
To be clear, there are currently open oss-fuzz issues pertaining to libtiff's OJPEG support, although they may be attributed to other projects which themselves depend on libitff.
Bob
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt