Dear all
I have been trying to fix the constant CVE issues at tiffcrop for several years. Today I can say "fixing is not possible". The endless combinable parameters and the grown implementation of the working buffer allocation for input, intermediate results and output make maintenance nearly impossible. Also the code often (partially) does something different than I would expect based on the parameter description. This is then often visible in the resulting image, which looks different than what the very brief parameter description would suggest. With this in mind, I would recommend removing tiffcrop from the LibTiff library to avoid endless CVE and buffer overrun issues that are not really part of LibTiff. Regards Su
_______________________________________________ Tiff mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/tiff
