From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Original author(s)Sam Leffler,
Silicon Graphics
Initial release1988; 34 years ago (1988)
Stable release
4.3.0[1] Edit this on Wikidata / 20 April 2021; 9 months ago (20 April 2021)
Written inC
LicenseBSD-like licence Edit this at Wikidata

Libtiff is a library for reading and writing Tagged Image File Format (abbreviated TIFF) files. The set also contains command line tools for processing TIFFs. It is distributed in source code and can be found as binary builds for all kinds of platforms. The libtiff software was originally written by Sam Leffler while working for Silicon Graphics.


Support for BigTIFF, files larger than 4 GiB, was included for Libtiff 4.0.


A TIFF file is composed of small descriptor blocks containing offsets into the file which point to a variety of data types. Incorrect offset values can cause programs to attempt to read erroneous portions of the file or attempt to read past the physical end of file. Improperly encoded packet or line lengths within the file can cause rendering programs which lack appropriate boundary checks to overflow their internal buffers.

Multiple buffer overflows have been found in Libtiff.[2][3][4] Some of these have also been used to execute unsigned code on the PlayStation Portable,[5] as well as run third-party applications on the iPhone and iPod Touch firmware.[6]

Website hijacking[edit]

Around January 2004, the original libtiff website has been hijacked, after it had disappeared in September 2003 due to ISP problems.[7][8] The libtiff dot org site contains a very outdated mirror of the real site, and much of the information contained therein is incorrect, including the current version number, authors, mailing list address, and the CVS information.

In September 2016, the libtiff maintainers lost control of,[9] which had been the main site since 2003.


  1. ^ "Libtiff 4.3.0 is released".
  2. ^ libTIFF BitsPerSample Tag Buffer Overflow Vulnerability Release Date:2005-05-11 - Secunia Advisories
  3. ^ Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. - CVE - CVE-2005-1544 (under review) Assigned (20050514)
  4. ^ libTIFF Multiple Vulnerabilities Release Date: 2006-08-02 - Secunia Advisories
  5. ^ Sony PSP TIFF Image Viewing Code Execution Vulnerability Release Date: 2006-08-31 - Secunia Advisories
  6. ^ Details of iPhone TIFF exploit posted MacNN & MNM Media, 2007/10/17 Archived version
  7. ^ 2004.01.14 17:14 "[Tiff", by Bob Friesenhahn], TIFF and LibTiff Mail List Archive, AWARE SYSTEMS
  8. ^ 2003.09.25 14:56 "[Tiff gone?", by Bob Friesenhahn], TIFF and LibTiff Mail List Archive, AWARE SYSTEMS
  9. ^ McGath, Gary (8 September 2016). "Libtiff goes offline". Mad File Format Science. Archived from the original on 13 April 2019. Retrieved 13 April 2019. It was located at, a domain whose owner apparently was willing to host it without having any close connection to the project. The domain fell into someone else’s hands, and the content changed completely, breaking all links to Libtiff material.

External links[edit]