Changes in TIFF v3.9.4


Current Version

v3.9.4 (tag Release-v3-9-4)

Previous Version


Master Download Site

Master HTTP Site

This document describes the changes made to the software between the previous and current versions (see above). If you don't find something listed here, then it was not done in this timeframe, or it was not considered important enough to be mentioned. The following information is located here:

Major changes

  • Complete the fixes for CVE-2009-2347.

  • tiffcrop now supports custom page sizes.

Software configuration changes

  • None.

Library changes

  • Fixed inadequate validation of the SubjectDistance field.

  • Fixed bad handling of out of order tags definated late by a codec.

  • Avoid re-preparing jpeg tables unnecessarily.

Tools changes

  • tiffcrop: Added an option to allow the user to specify a custom page size on the command line. Fix the case where a page size specified with a fractional part was being coerced to an integer by retyping the variables that define the paper size. Corrected European page size dimensions.

  • tiff2rgba: Completed fixes for "CVE-2009-2347 libtiff: integer overflows in various inter-color space conversion tools". MapTools bugzilla #2079

  • tiff2pdf: Fix assorted bugs in tiff2pdf: missing return in t2p_read_tiff_size() causes t2p->tiff_datasize to be set entirely wrong for COMPRESSION_JPEG case, resulting in memory stomp if actual size is larger. Also, there are a bunch of places that try to memset() a malloc'd buffer before checking for malloc failure, which would result in core dump if there actually were a failure.

Contributed software changes

  • None