SUSE-SU-2025:20971-1: important: Security update for tiff
SLE-SECURITY-UPDATES
null at suse.de
Tue Nov 11 12:31:32 UTC 2025
# Security update for tiff
Announcement ID: SUSE-SU-2025:20971-1
Release Date: 2025-11-06T11:06:35Z
Rating: important
References:
* bsc#1219213
* bsc#1228924
* bsc#1236834
* bsc#1243503
* bsc#1247106
* bsc#1247108
* bsc#1247581
* bsc#1247582
* bsc#1248117
* bsc#1248330
* bsc#1250413
Cross-References:
* CVE-2023-52356
* CVE-2024-13978
* CVE-2024-7006
* CVE-2025-8176
* CVE-2025-8177
* CVE-2025-8534
* CVE-2025-8961
* CVE-2025-9165
* CVE-2025-9900
CVSS scores:
* CVE-2023-52356 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-52356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-13978 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-13978 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-13978 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-13978 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-7006 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-7006 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-7006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-7006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8176 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8176 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2025-8176 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-8176 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8177 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8177 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-8534 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8534 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8534 ( NVD ): 1.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8534 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8961 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8961 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-8961 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8961 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-9165 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-9165 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-9165 ( NVD ): 1.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-9165 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-9900 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9900 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-9900 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Micro 6.1
An update that solves nine vulnerabilities and has two fixes can now be
installed.
## Description:
This update for tiff fixes the following issues:
* Update to 4.7.1: Security:
* CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()
when processing malformed TIFF files (bsc#1247106)
* CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
* CVE-2024-13978: libtiff: Fixed LibTIFF Null Pointer Dereference
(bsc#1247581)
* CVE-2025-8534: Fixed null pointer dereference in function PS_Lvl2page
(bsc#1247582)
* CVE-2025-8961: Fixed segmentation fault via main function of tiffcrop
utility (bsc#1248117)
* CVE-2025-9165: libtiff: Fixed local execution manipulation leading to memory
leak (bsc#1248330)
* CVE-2025-9900: libtiff: Fixed Write-What-Where via TIFFReadRGBAImageOriented
(bsc#1250413) Software configuration changes:
* Define HAVE_JPEGTURBO_DUAL_MODE_8_12 and LERC_STATIC in tif_config.h.
* CMake: define WORDS_BIGENDIAN via tif_config.h
* doc/CMakeLists.txt: remove useless cmake_minimum_required()
* CMake: fix build with LLVM/Clang 17 (fixes issue #651)
* CMake: set CMP0074 new policy
* Set LINKER_LANGUAGE for C targets with C deps
* Export tiffxx cmake target (fixes issue #674)
* autogen.sh: Enable verbose wget.
* configure.ac: Syntax updates for Autoconf 2.71
* autogen.sh: Re-implement based on autoreconf. Failure to update
config.guess/config.sub does not return error (fixes issue #672)
* CMake: fix CMake 4.0 warning when minimum required version is < 3.10.
* CMake: Add build option tiff-static (fixes issue #709) Library changes:
* Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control about
emitting warnings for unknown tags. No longer emit warnings about unknown
tags by default
* tif_predict.c: speed-up decompression in some cases. Bug fixes:
* tif_fax3: For fax group 3 data if no EOL is detected, reading is retried
without synchronisation for EOLs. (fixes issue #54)
* Updating TIFFMergeFieldInfo() with read_count=write_count=0 for
FIELD_IGNORE. Updating TIFFMergeFieldInfo() with read_count=write_count=0
for FIELD_IGNORE. Improving handling when field_name = NULL. (fixes issue
#532)
* tiff.h: add COMPRESSION_JXL_DNG_1_7=52546 as used for JPEGXL compression in
the DNG 1.7 specification
* TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags
defined with FIELD_xxx bits, as it is done for FIELD_CUSTOM tags. (fixes
issue #648)
* Do not error out on a tag whose tag count value is zero, just issue a
warning. Fix parsing a private tag 0x80a6 (fixes issue #647)
* TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24
* tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue
#175)
* Fix writing a Predictor=3 file with non-native endianness
* _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds
* read / nullptr dereference) in case of out-of-memory situation when dealing
with custom tags (fixes issue #663)
* tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal
1 and PlanarConfiguration = Contiguous (fixes issue #26)
* tif_fax3.c: error out after a number of times end-of-line or unexpected bad
code words have been reached. (fixes issue #670)
* Fix memory leak in TIFFSetupStrips() (fixes issue #665)
* tif_zip.c: Provide zlib allocation functions. Otherwise for zlib built with
-DZ_SOLO inflating will fail.
* Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676)
* tif_predict.c: Don’t overwrite input buffer of TIFFWriteScanline() if
"prediction" is enabled. Use extra working buffer in PredictorEncodeRow().
(fixes issue #5)
* tif_getimage.c: update some integer overflow checks (fixes issue #79)
* TIFFReadRGBAImage(): several fixes to avoid buffer overflows.
* Correct passing arguments to TIFFCvtIEEEFloatToNative() and
TIFFCvtIEEEDoubleToNative() if HAVE_IEEEFP is not defined. (fixes issue
#699)
* LZWDecode(): avoid nullptr dereference when trying to read again after EOI
marker has been found with remaining output bytes (fixes issue #698)
* TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return.
* TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tif_rawcp when
clearing tif_rawdata (fixes issue #711)
* JPEGEncodeRaw(): error out if a previous scanline failed to be written, to
avoid out-of-bounds access (fixes issue #714)
* tif_jpeg: Fix bug in JPEGDecodeRaw() if JPEG_LIB_MK1_OR_12BIT is defined for
8/12bit dual mode, introduced in libjpeg-turbo 2.2, which was actually
released as 3.0. Fixes issue #717
* add assert for TIFFReadCustomDirectory infoarray check.
* ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each
line were written wrongly. (fixes issue #467)
* fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d
where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes
issue #649)
* tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650)
* tiff2pdf: check h_samp and v_samp for range 1 to 4 to avoid division by
zero. Fixes issue #654
* tiff2pdf: avoid null pointer dereference. (fixes issue #741)
* Improve non-secure integer overflow check (comparison of division result
with multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and
tiff2rgba. Fixes issue #546
* tiff2rgba: fix some "a partial expression can generate an overflow before it
is assigned to a broader type" warnings. (fixes issue #682)
* tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes
issue #703)
* tiffdither: avoid out-of-bounds read identified in issue #733
* tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707)
* tiffmedian: close input file. (fixes issue #735)
* thumbail: avoid potential out of bounds access (fixes issue #715)
* tiffcrop: close open TIFF files and release allocated buffers before exiting
in case of error to avoid memory leaks. (fixes issue #716)
* tiffcrop: fix double-free and memory leak exposed by issue #721
* tiffcrop: avoid buffer overflow. (fixes issue #740)
* tiffcrop: avoid nullptr dereference. (fixes issue #734)
* tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression
*datamem to PrintData, which uses it as a divisor or modulus.
* tiff2ps: check return of TIFFGetFiled() for TIFFTAG_STRIPBYTECOUNTS and
TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718)
* tiffcmp: fix memory leak when second file cannot be opened. (fixes issue
#718 and issue #729)
* tiffcp: fix setting compression level for lossless codecs. (fixes issue
#730)
* raw2tiff: close input file before exit (fixes issue #742) Tools changes:
* tiffinfo: add a -W switch to warn about unknown tags.
* tiffdither: process all pages in input TIFF file. Documentation:
* TIFFRGBAImage.rst note added for incorrect saving of images with TIFF
orientation from 5 (LeftTop) to 8 (LeftBottom) in the raster.
* TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue
#67)
* Update "Defining New TIFF Tags" description. (fixes issue #642)
* Fix return type of TIFFReadEncodedTile()
* Update the documentation to reflect deprecated typedefs.
* TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for
image data and not for IFD data.
* Update documentation on re-entrancy and thread safety.
* Remove dead links to no more existing Awaresystems web-site.
* Updating BigTIFF specification and some miscelaneous editions.
* Replace some last links and remove last todos.
* Added hints for correct allocation of TIFFYCbCrtoRGB structure and its
associated buffers. (fixes issue #681)
* Added chapter to "Using the TIFF Library" with links to handling multi-page
TIFF and custom directories. (fixes issue #43)
* update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes
issue #12)
* Fix TIFFMergeFieldInfo() read_count=write_count=0 (bsc#1243503)
* Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4
* Add %check section
* Remove Group: declarations, no longer used
* Use python3-Sphinx instead of %{primary_python}-Sphinx based on
recommendation from python maintainers.
* Fixes build issue of man flavor on 15.6
* Update test/test_directory.c not to fail on big-endian machines
(bsc#1236834).
* Fix versioning of tiff-docs under Recommends
* Update to 4.7.0:
* This version restores in the default build the availability of the tools
that had been dropped in v4.6.0
* Software configuration changes:
* autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection
* autoconf build: fix error when running make clean (fixes issue #630)
* autoconf build: back off the minimum required automake version to 1.11
* autoconf.ac: fix detection of windows.h for mingw (fixes issue #605)
* libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4)
* CMake: Fix TIFF_INCLUDE_DIRS
* CMake: MinGW compilers don't need a .def file for shared library
* CMake: move libdeflate and Lerc to Requires.private
* CMake: enable resource compilation on all Windows.
* Library changes:
* Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory allocations in byte, for a given TIFF handle, that libtiff internal memory allocation functions are allowed.
* TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged.
* TIFFXYZToRGB: avoid integer overflow (fixes issue #644)
* uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645)
* Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir) is set inconsistently or incorrectly, depending on the previous history.
* TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ; most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375)
* OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183)
* ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL
* LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values
* tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583)
* LZW: avoid warning about misaligned address with UBSAN (fixes issue #616)
* CVE-2023-52356: Fixed segment fault in TIFFReadRGBATileExt() leading to denial of service (bsc#1219213)
* tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests
* Avoid FPEs (division by zero) in tif_getimage.c.
* Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for denominator not zero before macros are executed. (fixes issue #628)
* Add non-zero check before division in TIFFComputeStrip()
* Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active
* Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount
* Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure.
* For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to avoid deleting the last character. (fixes issue #579)
* CVE-2024-7006: Fixed NULL pointer dereference in tif_dirinfo.c (bsc#1228924)
* Prevent some out-of-memory attacks (fixes issue #614)
* Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618)
* tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes issue #608)
* Fix warnings with GCC 14
* tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627)
* Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type.
* tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups
* Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble()
* Remove support for _MSC_VER < 1500.
* Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of **WIN32**
* Documentation:
* Amend manpages for changes in current directory index behaviour
* Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506)
* Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes
* Re-added tools:
* fax2ps
* fax2tiff
* pal2rgb
* ppm2tiff
* raw2tiff
* rgb2ycbcr (not installed)
* thumbnail (not installed)
* tiff2bw
* tiff2rgba
* tiffcmp
* tiffcrop
* tiffdither
* tiffgt
* tiffmedian
* tiff2ps
* tiff2pdf
* New/improved functionality:
* tiff2rgba: Add background gradient option for alpha compositing
* tiffcp: -i flag restored
* Bug fixes for tools:
* tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054
* tiffcrop: Apply "Fix heap-buffer-overflow in function extractImageSection"
* tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552)
* tiff2pdf: address Coverity scan issues
* tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF
* tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539)
* tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253)
* tiff2pdf: fixes issue #596
* thumbnail: address Coverity scan issues
* tiffcp: Add check for limitMalloc return to fix Coverity 1603334
* tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG
* tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs issue #571)
* tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG
* tiffcp: Check also codec of input image, not only from output image (fixes issue #606)
* Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions.
* fax2ps and fax2tiff: memory leak fixes (fixes issue #476)
* tiffmedian: memory leak fixes (fixes issue #599)
* fax2tiff: fix EOFB interpretation (fixes issue #191)
* fax2tiff: fix issue with unreasonable width input (fixes issue #249)
* tiffcp and tiffcrop: fixes issue #228
* tiff2rgba: fixes issue #469
* tiffdither: fixes issue #473
* tiffdump: fix wrong printf formatter in error message (Coverity 1472932)
* tiffset: avoid false positive Coverity Scan warning on 64-bit builds (Coverity 1518997)
* tifcp/tiffset: use correct format specifiers
* Changes to contributed and unsupported tools
* contrib/addtiffo: validate return of TIFFWriteEncodedXXXX() calls (Coverity 1024680)
* Tools are not built for now due to test failure: `FAIL: tiffcp-32bpp-None-
jpeg.sh`
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.1
zypper in -t patch SUSE-SLE-Micro-6.1-332=1
## Package List:
* SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
* libtiff6-debuginfo-4.7.1-slfo.1.1_1.1
* libtiff6-4.7.1-slfo.1.1_1.1
* tiff-debugsource-4.7.1-slfo.1.1_1.1
## References:
* https://www.suse.com/security/cve/CVE-2023-52356.html
* https://www.suse.com/security/cve/CVE-2024-13978.html
* https://www.suse.com/security/cve/CVE-2024-7006.html
* https://www.suse.com/security/cve/CVE-2025-8176.html
* https://www.suse.com/security/cve/CVE-2025-8177.html
* https://www.suse.com/security/cve/CVE-2025-8534.html
* https://www.suse.com/security/cve/CVE-2025-8961.html
* https://www.suse.com/security/cve/CVE-2025-9165.html
* https://www.suse.com/security/cve/CVE-2025-9900.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219213
* https://bugzilla.suse.com/show_bug.cgi?id=1228924
* https://bugzilla.suse.com/show_bug.cgi?id=1236834
* https://bugzilla.suse.com/show_bug.cgi?id=1243503
* https://bugzilla.suse.com/show_bug.cgi?id=1247106
* https://bugzilla.suse.com/show_bug.cgi?id=1247108
* https://bugzilla.suse.com/show_bug.cgi?id=1247581
* https://bugzilla.suse.com/show_bug.cgi?id=1247582
* https://bugzilla.suse.com/show_bug.cgi?id=1248117
* https://bugzilla.suse.com/show_bug.cgi?id=1248330
* https://bugzilla.suse.com/show_bug.cgi?id=1250413
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20251111/afac3c4d/attachment.htm>
More information about the sle-security-updates
mailing list