SUSE-SU-2025:21037-1

This update for tiff fixes the following issues:

tiff was updated to 4.7.1:

Software configuration changes:

• Define HAVEJPEGTURBODUALMODE812 and LERCSTATIC in tif_config.h.
• CMake: define WORDSBIGENDIAN via tifconfig.h
• doc/CMakeLists.txt: remove useless cmakeminimumrequired()
• CMake: fix build with LLVM/Clang 17 (fixes issue #651)
• CMake: set CMP0074 new policy
• Set LINKER_LANGUAGE for C targets with C deps
• Export tiffxx cmake target (fixes issue #674)
• autogen.sh: Enable verbose wget.
• configure.ac: Syntax updates for Autoconf 2.71
• autogen.sh: Re-implement based on autoreconf. Failure to update config.guess/config.sub does not return error (fixes issue #672)
• CMake: fix CMake 4.0 warning when minimum required version is < 3.10.

• CMake: Add build option tiff-static (fixes issue #709)

  Library changes:

• Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control about emitting warnings for unknown tags. No longer emit warnings about unknown tags by default

• tif_predict.c: speed-up decompression in some cases.

  Bug fixes:

• tif_fax3: For fax group 3 data if no EOL is detected, reading is retried without synchronisation for EOLs. (fixes issue #54)

• Updating TIFFMergeFieldInfo() with readcount=writecount=0 for FIELDIGNORE. Updating TIFFMergeFieldInfo() with readcount=writecount=0 for FIELDIGNORE. Improving handling when field_name = NULL. (fixes issue #532)
• tiff.h: add COMPRESSIONJXLDNG17=52546 as used for JPEGXL compression in the DNG 1.7 specification
• TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags defined with FIELDxxx bits, as it is done for FIELDCUSTOM tags. (fixes issue #648)
• Do not error out on a tag whose tag count value is zero, just issue a warning. Fix parsing a private tag 0x80a6 (fixes issue #647)
• TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24 Fixes https://github.com/OSGeo/gdal/issues/10875)
• tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue #175)
• Fix writing a Predictor=3 file with non-native endianness
• _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds
• read / nullptr dereference) in case of out-of-memory situation when dealing with custom tags (fixes issue #663)
• tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal 1 and PlanarConfiguration = Contiguous (fixes issue #26)
• tif_fax3.c: error out after a number of times end-of-line or unexpected bad code words have been reached. (fixes issue #670)
• Fix memory leak in TIFFSetupStrips() (fixes issue #665)
• tifzip.c: Provide zlib allocation functions. Otherwise for zlib built with -DZSOLO inflating will fail.
• Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676)
• tif_predict.c: Don’t overwrite input buffer of TIFFWriteScanline() if "prediction" is enabled. Use extra working buffer in PredictorEncodeRow(). (fixes issue #5)
• tif_getimage.c: update some integer overflow checks (fixes issue #79)
• tif_getimage.c: Fix buffer underflow crash for less raster rows at TIFFReadRGBAImageOriented() (fixes issue #704, bsc#1250413, CVE-2025-9900)
• TIFFReadRGBAImage(): several fixes to avoid buffer overflows.
• Correct passing arguments to TIFFCvtIEEEFloatToNative() and TIFFCvtIEEEDoubleToNative() if HAVE_IEEEFP is not defined. (fixes issue #699)
• LZWDecode(): avoid nullptr dereference when trying to read again after EOI marker has been found with remaining output bytes (fixes issue #698)
• TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return.
• TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tifrawcp when clearing tifrawdata (fixes issue #711)
• JPEGEncodeRaw(): error out if a previous scanline failed to be written, to avoid out-of-bounds access (fixes issue #714)
• tifjpeg: Fix bug in JPEGDecodeRaw() if JPEGLIBMK1OR_12BIT is defined for 8/12bit dual mode, introduced in libjpeg-turbo 2.2, which was actually released as 3.0. Fixes issue #717
• add assert for TIFFReadCustomDirectory infoarray check.
• ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each line were written wrongly. (fixes issue #467)
• fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes issue #649)
• tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650)
• tiff2pdf: check hsamp and vsamp for range 1 to 4 to avoid division by zero. Fixes issue #654
• tiff2pdf: avoid null pointer dereference. (fixes issue #741)
• Improve non-secure integer overflow check (comparison of division result with multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and tiff2rgba. Fixes issue #546
• tiff2rgba: fix some "a partial expression can generate an overflow before it is assigned to a broader type" warnings. (fixes issue #682)
• tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes issue #703)
• tiffdither: avoid out-of-bounds read identified in issue #733
• tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707)
• tiffmedian: close input file. (fixes issue #735)
• thumbail: avoid potential out of bounds access (fixes issue #715)
• tiffcrop: close open TIFF files and release allocated buffers before exiting in case of error to avoid memory leaks. (fixes issue #716)
• tiffcrop: fix double-free and memory leak exposed by issue #721
• tiffcrop: avoid buffer overflow. (fixes issue #740)
• tiffcrop: avoid nullptr dereference. (fixes issue #734)
• tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression *datamem to PrintData, which uses it as a divisor or modulus.
• tiff2ps: check return of TIFFGetFiled() for TIFFTAGSTRIPBYTECOUNTS and TIFFTAGTILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718)
• tiffcmp: fix memory leak when second file cannot be opened. (fixes issue #718 and issue #729)
• tiffcp: fix setting compression level for lossless codecs. (fixes issue #730)

• raw2tiff: close input file before exit (fixes issue #742)

  Tools changes:

• tiffinfo: add a -W switch to warn about unknown tags.

• tiffdither: process all pages in input TIFF file.

  Documentation:

• TIFFRGBAImage.rst note added for incorrect saving of images with TIFF orientation from 5 (LeftTop) to 8 (LeftBottom) in the raster.

• TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue #67)
• Update "Defining New TIFF Tags" description. (fixes issue #642)
• Fix return type of TIFFReadEncodedTile()
• Update the documentation to reflect deprecated typedefs.
• TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for image data and not for IFD data.
• Update documentation on re-entrancy and thread safety.
• Remove dead links to no more existing Awaresystems web-site.
• Updating BigTIFF specification and some miscelaneous editions.
• Replace some last links and remove last todos.
• Added hints for correct allocation of TIFFYCbCrtoRGB structure and its associated buffers. (fixes issue #681)
• Added chapter to "Using the TIFF Library" with links to handling multi-page TIFF and custom directories. (fixes issue #43)

• update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes issue #12)

  • CVE-2025-8961: Fix segmentation fault via main function of tiffcrop utility [bsc#1248117]
  • CVE-2025-8534: Fix null pointer dereference in function PS_Lvl2page [bsc#1247582]
  • CVE-2025-9165: Fix local execution manipulation can lead to memory leak [bsc#1248330]
  • CVE-2024-13978: Fix null pointer dereference in tiff2pdf [bsc#1247581]

  Fix TIFFMergeFieldInfo() readcount=writecount=0 (bsc#1243503)

  • CVE-2025-8176: Fix heap use-after-free in tools/tiffmedian.c [bsc#1247108]
  • CVE-2025-8177: Fix possible buffer overflow in tools/thumbnail.c:setrow() [bsc#1247106]

*Fix memory leaks (bsc#1236834)

Update to 4.7.0:

• This version restores in the default build the availability of the tools that had been dropped in v4.6.0 See https://libtiff.gitlab.io/libtiff/rfcs/rfc2restoringneeded_tools.html#rfc2-restoring-needed-tools

• Software configuration changes:

  • autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection
  • autoconf build: fix error when running make clean (fixes issue #630)
  • autoconf build: back off the minimum required automake version to 1.11
  • autoconf.ac: fix detection of windows.h for mingw (fixes issue #605)
  • libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4)
  • CMake: Fix TIFFINCLUDEDIRS
  • CMake: MinGW compilers don't need a .def file for shared library
  • CMake: move libdeflate and Lerc to Requires.private
  • CMake: enable resource compilation on all Windows.

• Library changes:

  • Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory allocations in byte, for a given TIFF handle, that libtiff internal memory allocation functions are allowed.
  • TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged.
  • TIFFXYZToRGB: avoid integer overflow (fixes issue #644)
  • uvdecode() and uvencode(): avoid potential out-of-bounds array index (fixes issue #645)
  • Fix cases where tifcurdir is set incorrectly. Fix cases where the current directory number (tifcurdir) is set inconsistently or incorrectly, depending on the previous history.
  • TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ; most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375)
  • OJPEG: reset subsamplingconvertstate=0 in OJPEGPreDecode (fixes issue #183)
  • ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL
  • LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values
  • tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583)
  • LZW: avoid warning about misaligned address with UBSAN (fixes issue #616)
  • TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of col/row (fixes issue #622, CVE-2023-52356)
  • tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests
  • Avoid FPEs (division by zero) in tif_getimage.c.
  • Avoiding FPE (division by zero) for TIFFhowmany32() and TIFFhowmany64() macros by checking for denominator not zero before macros are executed. (fixes issue #628)
  • Add non-zero check before division in TIFFComputeStrip()
  • Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active
  • Setting the TIFFFieldInfo field setfieldtype should consider fieldwritecount not fieldreadcount
  • Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure.
  • For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to avoid deleting the last character. (fixes issue #579)
  • Check return value of _TIFFCreateAnonField(). (fixes issue #624, CVE-2024-7006)
  • Prevent some out-of-memory attacks (https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857)
  • Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618)
  • tifdirinfo.c: re-enable TIFFTAGEPCFAREPEATPATTERNDIM and TIFFTAGEP_CFAPATTERN tags (fixes issue #608)
  • Fix warnings with GCC 14
  • tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627)
  • Last usage of getfieldtype of TIFFField structure at TIFFWriteDirectorySec() changed to using setfieldtype.
  • tifjpeg.c/tifojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups
  • Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble()
  • Remove support for MSCVER < 1500.
  • Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of WIN32

• Documentation:

  • Amend manpages for changes in current directory index behaviour
  • Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506)
  • Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes (relates to CVE-2024-7006)

• Re-added tools:

  • fax2ps
  • fax2tiff
  • pal2rgb
  • ppm2tiff
  • raw2tiff
  • rgb2ycbcr (not installed)
  • thumbnail (not installed)
  • tiff2bw
  • tiff2rgba
  • tiffcmp
  • tiffcrop
  • tiffdither
  • tiffgt
  • tiffmedian
  • tiff2ps
  • tiff2pdf

• New/improved functionality:

  • tiff2rgba: Add background gradient option for alpha compositing
  • tiffcp: -i flag restored

• Bug fixes for tools:

  • tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054
  • tiffcrop: Apply "Fix heap-buffer-overflow in function extractImageSection"
  • tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552)
  • tiff2pdf: address Coverity scan issues
  • tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF
  • tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539)
  • tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253)
  • tiff2pdf: fixes issue #596
  • thumbnail: address Coverity scan issues
  • tiffcp: Add check for limitMalloc return to fix Coverity 1603334
  • tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG
  • tiffcp: replace PHOTOMETRICYCBCR with PHOTOMETRICRGB when outputing to compression != JPEG (refs issue #571)
  • tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG
  • tiffcp: Check also codec of input image, not only from output image (fixes issue #606)
  • Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions.
  • fax2ps and fax2tiff: memory leak fixes (fixes issue #476)
  • tiffmedian: memory leak fixes (fixes issue #599)
  • fax2tiff: fix EOFB interpretation (fixes issue #191)
  • fax2tiff: fix issue with unreasonable width input (fixes issue #249)
  • tiffcp and tiffcrop: fixes issue #228
  • tiff2rgba: fixes issue #469
  • tiffdither: fixes issue #473
  • tiffdump: fix wrong printf formatter in error message (Coverity 1472932)
  • tiffset: avoid false positive Coverity Scan warning on 64-bit builds (Coverity 1518997)
  • tifcp/tiffset: use correct format specifiers