On Sat, Dec 02, 2023 at 08:35:38PM +0200, Niko Tyni wrote: > >From > >https://sources.debian.org/src/libimager-perl/1.020%2Bdfsg-1/TIFF/imtiff.c/#L302 > > static toff_t sizeproc(thandle_t x) { > return 0; > } > > which is used as the TIFFClientOpen() argument in i_readtiff_wiol(): > > > https://sources.debian.org/src/libimager-perl/1.020%2Bdfsg-1/TIFF/imtiff.c/#L710 > > So it looks like libimager-perl is always saying the file size is 0, > and this hasn't hurt earlier but now does with the src:tiff CVE-2023-6277 > patch. > > Not sure where this leaves us, but I've just reported it at > > https://github.com/tonycoz/imager/issues/522
Fixed in 1.022, please let me know if you have any more problems. d54ea521f63ec1ed7d8c0fd11c23507600d51143 should be safe to cherry pick back to 1.020 if you don't want all of the 1.021 TIFF changes in the debian stable libimager-perl. Thanks, Tony
