Surf Wiki
Save to docs
general/graphics-libraries

From Surf Wiki (app.surf) — the open knowledge base

LibTIFF

FieldValue
nameLibTIFF
collapsibleyes
authorSam Leffler,
Silicon Graphics
released
latest release version
latest release date
programming languageC
licenseBSD-like licence
website

Silicon Graphics LibTIFF is a library for reading and writing Tag Image File Format (abbreviated TIFF) files. The set also contains command line tools for processing TIFFs. It is distributed in source code and can be found as binary builds for all kinds of platforms. The LibTIFF software was originally written by Sam Leffler while working for Silicon Graphics.

Features

Support for BigTIFF, files larger than 4 GiB, was included for LibTIFF 4.0 in 2011.

Tiff tools

As of version 4.6.0 several tools are no longer built by default, as they suffered from lack of maintenance. These tools are still available as source code. The only remaining tools supported are: tiffinfo, tiffdump, tiffcp, tiffset and tiffsplit.

With the release of 4.7.0 all removed tools are restored and built by default again.

Exploits

A TIFF file is composed of small descriptor blocks containing offsets into the file which point to a variety of data types. Incorrect offset values can cause programs to attempt to read erroneous portions of the file or attempt to read past the physical end of file. Improperly encoded packet or line lengths within the file can cause rendering programs which lack appropriate boundary checks to overflow their internal buffers.

Multiple buffer overflows have been found in LibTIFF. Some of these have also been used to execute unsigned code on the PlayStation Portable, as well as run third-party applications on the iPhone and iPod Touch firmware.

References

References

  1. [http://secunia.com/advisories/15320/ libTIFF BitsPerSample Tag Buffer Overflow Vulnerability] {{Webarchive. link. (2010-08-19 Release Date:2005-05-11 - Secunia Advisories)
  2. [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544 Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.] - CVE - CVE-2005-1544 (under review) Assigned (20050514)
  3. [http://secunia.com/advisories/21304/ libTIFF Multiple Vulnerabilities] {{Webarchive. link. (2010-03-22 Release Date: 2006-08-02 - Secunia Advisories)
  4. [http://secunia.com/advisories/21672/ Sony PSP TIFF Image Viewing Code Execution Vulnerability] {{Webarchive. link. (2006-09-04 Release Date: 2006-08-31 - Secunia Advisories)
  5. [http://www.macnn.com/articles/07/10/17/iphone.tiff.exploit.detail/ Details of iPhone TIFF exploit posted] MacNN & MNM Media, 2007/10/17 [https://web.archive.org/web/20071018043110/http://macnn.com/articles/07/10/17/iphone.tiff.exploit.detail/ Archived version]
Info: Wikipedia Source

This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.

graphics-libraries software-using-the-bsd-license
Want to explore this topic further?

Ask Mako anything about LibTIFF — get instant answers, deeper analysis, and related topics.

Research with Mako

Free with your Surf account

Content sourced from Wikipedia, available under CC BY-SA 4.0.

This content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.

Report