Revisions of tiff
Marco Strigl (mstrigl)
committed
(revision 2)
jsc#PED-6641
The following patches are dropped because the CVEs are fixed in version upgrades
tiff-CVE-2018-18557.patch
tiff-CVE-2018-18661.patch
tiff-CVE-2019-14973.patch
tiff-CVE-2019-17546.patch
tiff-CVE-2020-19131.patch
tiff-CVE-2020-35521,CVE-2020-35522.patch
tiff-CVE-2020-35523.patch
tiff-CVE-2020-35524.patch
tiff-CVE-2022-0561,CVE-2022-34266.patch
tiff-CVE-2022-22844.patch
The CVE names are mentioned in the corrsponding version upgrades changelog.
- Update to version 4.6.0:
* API/ABI breaks: none
* WebP decoder: validate WebP blob width, height, band count against
TIFF parameters to avoid use of uninitialized variable, or decoding
corrupted content without explicit error (fixes issue #581, issue #582).
* WebP codec: turn exact mode when creating lossless files to avoid
altering R,G,B values in areas where alpha=0
* Fix TransferFunction writing of only two transfer functions.
* TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs,
it should be harmless in practice though
* tiffcp: remove -i option (ignore errors)
* This version removes a big number of utilities that have suffered from
lack of maintenance over the years and were the source of various
reported security issues:
+ fax2ps
+ fax2tiff
+ pal2rgb
+ ppm2tiff
+ raw2tiff
+ rgb2ycbcr
+ thumbnail
+ tiff2bw
+ tiff2rgba
+ tiffcmp
+ tiffcrop
+ tiffdither
+ tiffgt
+ tiffmedian
+ tiff2ps
+ tiff2pdf
Displaying all 2 revisions
