Libtiff
Encyclopedia
Libtiff is a library for reading and writing Tagged Image File Format
(abbreviated TIFF) files. The set also contains command line tools for processing TIFFs. It is distributed in source code
and can be found as binary build
s for all kinds of platforms. The libtiff software was written by Sam Leffler while working for Silicon Graphics
.
(4,294,967,296 bytes) was included for Libtiff 4.0.
file is composed of small descriptor blocks containing offsets into the file which point to a variety of data types. Incorrect offset values can cause programs to attempt to read erroneous portions of the file or attempt to read past the physical end of file. Improperly encoded packet or line lengths within the file can cause rendering programs which lack appropriate boundary checks to overflow their internal buffers
.
Multiple buffer overflow
s have been found in Libtiff. Some of these have also been used to execute unsigned code
on the PlayStation Portable
, as well as run third-party applications on the iPhone
and iPod Touch
firmware.
. While it now contains a mirror of the real site for current development, the libtiff.org site has not been updated since version 3.6.1. Because of this, much of the information contained therein is incorrect, including the current version number, authors, mailing list address, and the CVS
information.
Tagged Image File Format
TIFF is a file format for storing images, popular among graphic artists, the publishing industry, and both amateur and professional photographers in general. As of 2009, it is under the control of Adobe Systems...
(abbreviated TIFF) files. The set also contains command line tools for processing TIFFs. It is distributed in source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
and can be found as binary build
Executable
In computing, an executable file causes a computer "to perform indicated tasks according to encoded instructions," as opposed to a data file that must be parsed by a program to be meaningful. These instructions are traditionally machine code instructions for a physical CPU...
s for all kinds of platforms. The libtiff software was written by Sam Leffler while working for Silicon Graphics
Silicon Graphics
Silicon Graphics, Inc. was a manufacturer of high-performance computing solutions, including computer hardware and software, founded in 1981 by Jim Clark...
.
Features
Support for BigTIFF files larger than 4 GiBGibibyte
The gibibyte is a standards-based binary multiple of the byte, a unit of digital information storage. The gibibyte unit symbol is GiB....
(4,294,967,296 bytes) was included for Libtiff 4.0.
Exploits
A TIFFTagged Image File Format
TIFF is a file format for storing images, popular among graphic artists, the publishing industry, and both amateur and professional photographers in general. As of 2009, it is under the control of Adobe Systems...
file is composed of small descriptor blocks containing offsets into the file which point to a variety of data types. Incorrect offset values can cause programs to attempt to read erroneous portions of the file or attempt to read past the physical end of file. Improperly encoded packet or line lengths within the file can cause rendering programs which lack appropriate boundary checks to overflow their internal buffers
Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
.
Multiple buffer overflow
Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
s have been found in Libtiff. Some of these have also been used to execute unsigned code
Unsigned code
Unsigned code refers to an application which has not been signed with the secret key required for it to load on a console.In the video game console business, most console games have to be signed with a secret key designed by the console maker or the game will not load on the console...
on the PlayStation Portable
PlayStation Portable homebrew
PlayStation Portable homebrew refers to the process of using exploits and hacks to execute unsigned code on the PlayStation Portable .-History of homebrew:...
, as well as run third-party applications on the iPhone
IPhone
The iPhone is a line of Internet and multimedia-enabled smartphones marketed by Apple Inc. The first iPhone was unveiled by Steve Jobs, then CEO of Apple, on January 9, 2007, and released on June 29, 2007...
and iPod Touch
IPod Touch
The iPod Touch is a portable media player, personal digital assistant, handheld game console, and Wi-Fi mobile device designed and marketed by Apple Inc. The iPod Touch adds the multi-touch graphical user interface to the iPod line...
firmware.
Website controversy
The primary libtiff website is considered hijackedDomain hijacking
Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant....
. While it now contains a mirror of the real site for current development, the libtiff.org site has not been updated since version 3.6.1. Because of this, much of the information contained therein is incorrect, including the current version number, authors, mailing list address, and the CVS
Concurrent Versions System
The Concurrent Versions System , also known as the Concurrent Versioning System, is a client-server free software revision control system in the field of software development. Version control system software keeps track of all work and all changes in a set of files, and allows several developers ...
information.