2023.04.04 12:59 "Re: [Tiff] Remove TIFFCROP from LibTiff + tiff2ps & tiff2pdf ?", by Even Rouault

Hi,

I admire Su's tenacity in trying to fix tiffcrop issues over the past years, and I certainly share his point of view. The vast majority of recent libtiff related CVEs in recent years are not in libtiff itself, but in its utilities. Personally I don't care about libtiff utilities (perhaps except tiffinfo and tiffdump for debugging purposes), just the lib.

I guess tiffcrop could receive the same treatment as a few past utilities that have been migrated to archive/tools/ where only the source code is there without any build system support.

tiff2ps and tiff2pdf seem to be also good candidates for moving into archive as they have a number of reported security related issues and a significant code size. Their functionality is (at least mostly) covered by the convert utility of ImageMagick.

Even

http://www.spatialys.com
My software is free, but my time generally not.