2005.09.28 00:49 "[Tiff] PSP libtiff hack?", by Frank Warmerdam

2005.09.28 04:20 "Re: [Tiff] PSP libtiff hack?", by Chris Cox

It also crashes Safari and Preview on MacOS 10.2.x, and tiffutil on MacOS 10.4.x

The good news is that Photoshop 7, CS, CS2 and Bridge recognize it as corrupt. And Windows XP explorer doesn't crash on this one.


According to Slashdot a recent Sony PSP hack was accomplished using a vulnerability in libtiff (who knew libtiff was on the PSP?). I tried the file in question with TIFFOpen() and it seems to have no problem. That is TIFFOpen() properly identifies it as corrupt and gives up. So I think the vulnerability has already been corrected in the current libtiff.

The file is available at:


In case anyone wants to test TIFF applications with it.

BTW, it does crash tiffdump but I'm not too concerned about that.

What would be ideal is if one or more of these hardware makers using libtiff actually provided some funding for a detailed vulnerability analysis. Then they (and we) wouldn't have egg on our faces.