TIFF CHANGE INFORMATION
This document describes the changes made to the software between the
previous and current versions (see above). If you don't
find something listed here, then it was not done in this timeframe, or
it was not considered important enough to be mentioned. The following
information is located here:
MAJOR CHANGES:
- Complete the fixes for CVE-2009-2347.
- Tiffcrop now supports custom page sizes.
CHANGES IN THE SOFTWARE CONFIGURATION:
CHANGES IN LIBTIFF:
- Fixed inadequate validation of the SubjectDistance field.
- Fixed bad handling of out of order tags definated late by
a codec.
- Avoid re-preparing jpeg tables unnecessarily.
CHANGES IN THE TOOLS:
- tiffcrop: Added an option to allow the user to specify a
custom page size on the command line. Fix the case where a
page size specified with a fractional part was being coerced
to an integer by retyping the variables that define the paper
size. Corrected European page size dimensions.
- tiff2rgba: Completed fixes for "CVE-2009-2347 libtiff:
integer overflows in various inter-color space conversion
tools". http://bugzilla.maptools.org/show_bug.cgi?id=2079
- tiff2pdf: Fix assorted bugs in tiff2pdf: missing "return"
in t2p_read_tiff_size() causes t2p->tiff_datasize to be set entirely
wrong for COMPRESSION_JPEG case, resulting in memory stomp if actual
size is larger. Also, there are a bunch of places that try to
memset() a malloc'd buffer before checking for malloc failure, which
would result in core dump if there actually were a failure.
CHANGES IN THE CONTRIB AREA:
Last updated $Date: 2010-06-15 19:09:03 $.