-
2023.04.04 12:59 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
- 2023.04.04 13:49 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Bob Friesenhahn
- 2023.04.04 15:40 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Miguel Medalha
- 2023.04.05 19:11 "Re: [Tiff] Remove TIFFCROP from LibTiff", by Sulau
2023.04.04 12:59 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault
Hi,
I admire Su's tenacity in trying to fix tiffcrop issues over the past years, and I certainly share his point of view. The vast majority of recent libtiff related CVEs in recent years are not in libtiff itself, but in its utilities. Personally I don't care about libtiff utilities (perhaps except tiffinfo and tiffdump for debugging purposes), just the lib.
I guess tiffcrop could receive the same treatment as a few past utilities that have been migrated to archive/tools/ where only the source code is there without any build system support.
tiff2ps and tiff2pdf seem to be also good candidates for moving into archive as they have a number of reported security related issues and a significant code size. Their functionality is (at least mostly) covered by the convert utility of ImageMagick.
Even
http://www.spatialys.com
My software is free, but my time generally not.