SUSE-SU-2025:21032-1: important: Security update for tiff
SLE-SECURITY-UPDATES
null at suse.de
Thu Nov 27 13:24:28 UTC 2025
# Security update for tiff
Announcement ID: SUSE-SU-2025:21032-1
Release Date: 2025-11-19T10:29:41Z
Rating: important
References:
* bsc#1243503
* bsc#1247106
* bsc#1247108
* bsc#1247581
* bsc#1247582
* bsc#1248117
* bsc#1248330
* bsc#1250413
Cross-References:
* CVE-2024-13978
* CVE-2025-8176
* CVE-2025-8177
* CVE-2025-8534
* CVE-2025-8961
* CVE-2025-9165
* CVE-2025-9900
CVSS scores:
* CVE-2024-13978 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-13978 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-13978 ( NVD ): 2.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-13978 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8176 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8176 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2025-8176 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-8176 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8177 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( NVD ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8177 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-8177 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-8534 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8534 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8534 ( NVD ): 1.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8534 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-8961 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-8961 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-8961 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-8961 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-9165 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-9165 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-9165 ( NVD ): 1.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-9165 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-9900 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-9900 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-9900 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Micro 6.2
An update that solves seven vulnerabilities and has one fix can now be
installed.
## Description:
This update for tiff fixes the following issues:
tiff was updated to 4.7.1:
* Software configuration changes:
* Define HAVE_JPEGTURBO_DUAL_MODE_8_12 and LERC_STATIC in tif_config.h.
* CMake: define WORDS_BIGENDIAN via tif_config.h
* doc/CMakeLists.txt: remove useless cmake_minimum_required()
* CMake: fix build with LLVM/Clang 17 (fixes issue #651)
* CMake: set CMP0074 new policy
* Set LINKER_LANGUAGE for C targets with C deps
* Export tiffxx cmake target (fixes issue #674)
* autogen.sh: Enable verbose wget.
* configure.ac: Syntax updates for Autoconf 2.71
* autogen.sh: Re-implement based on autoreconf. Failure to update
config.guess/config.sub does not return error (fixes issue #672)
* CMake: fix CMake 4.0 warning when minimum required version is < 3.10.
* CMake: Add build option tiff-static (fixes issue #709) Library changes:
* Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control about
emitting warnings for unknown tags. No longer emit warnings about unknown
tags by default
* tif_predict.c: speed-up decompression in some cases.
* Bug fixes:
* tif_fax3: For fax group 3 data if no EOL is detected, reading is retried
without synchronisation for EOLs. (fixes issue #54)
* Updating TIFFMergeFieldInfo() with read_count=write_count=0 for
FIELD_IGNORE. Updating TIFFMergeFieldInfo() with read_count=write_count=0
for FIELD_IGNORE. Improving handling when field_name = NULL. (fixes issue
#532)
* tiff.h: add COMPRESSION_JXL_DNG_1_7=52546 as used for JPEGXL compression in
the DNG 1.7 specification
* TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags
defined with FIELD_xxx bits, as it is done for FIELD_CUSTOM tags. (fixes
issue #648)
* Do not error out on a tag whose tag count value is zero, just issue a
warning. Fix parsing a private tag 0x80a6 (fixes issue #647)
* TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24 Fixes
https://github.com/OSGeo/gdal/issues/10875)
* tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue
#175)
* Fix writing a Predictor=3 file with non-native endianness
* _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds
* read / nullptr dereference) in case of out-of-memory situation when dealing
with custom tags (fixes issue #663)
* tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal
1 and PlanarConfiguration = Contiguous (fixes issue #26)
* tif_fax3.c: error out after a number of times end-of-line or unexpected bad
code words have been reached. (fixes issue #670)
* Fix memory leak in TIFFSetupStrips() (fixes issue #665)
* tif_zip.c: Provide zlib allocation functions. Otherwise for zlib built with
-DZ_SOLO inflating will fail.
* Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676)
* tif_predict.c: Don’t overwrite input buffer of TIFFWriteScanline() if
"prediction" is enabled. Use extra working buffer in PredictorEncodeRow().
(fixes issue #5)
* tif_getimage.c: update some integer overflow checks (fixes issue #79)
* tif_getimage.c: Fix buffer underflow crash for less raster rows at
TIFFReadRGBAImageOriented() (fixes issue #704, bsc#1250413, CVE-2025-9900)
* TIFFReadRGBAImage(): several fixes to avoid buffer overflows.
* Correct passing arguments to TIFFCvtIEEEFloatToNative() and
TIFFCvtIEEEDoubleToNative() if HAVE_IEEEFP is not defined. (fixes issue
#699)
* LZWDecode(): avoid nullptr dereference when trying to read again after EOI
marker has been found with remaining output bytes (fixes issue #698)
* TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return.
* TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tif_rawcp when
clearing tif_rawdata (fixes issue #711)
* JPEGEncodeRaw(): error out if a previous scanline failed to be written, to
avoid out-of-bounds access (fixes issue #714)
* tif_jpeg: Fix bug in JPEGDecodeRaw() if JPEG_LIB_MK1_OR_12BIT is defined for
8/12bit dual mode, introduced in libjpeg-turbo 2.2, which was actually
released as 3.0. Fixes issue #717
* add assert for TIFFReadCustomDirectory infoarray check.
* ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each
line were written wrongly. (fixes issue #467)
* fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d
where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes
issue #649)
* tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650)
* tiff2pdf: check h_samp and v_samp for range 1 to 4 to avoid division by
zero. Fixes issue #654
* tiff2pdf: avoid null pointer dereference. (fixes issue #741)
* Improve non-secure integer overflow check (comparison of division result
with multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and
tiff2rgba. Fixes issue #546
* tiff2rgba: fix some "a partial expression can generate an overflow before it
is assigned to a broader type" warnings. (fixes issue #682)
* tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes
issue #703)
* tiffdither: avoid out-of-bounds read identified in issue #733
* tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707)
* tiffmedian: close input file. (fixes issue #735)
* thumbail: avoid potential out of bounds access (fixes issue #715)
* tiffcrop: close open TIFF files and release allocated buffers before exiting
in case of error to avoid memory leaks. (fixes issue #716)
* tiffcrop: fix double-free and memory leak exposed by issue #721
* tiffcrop: avoid buffer overflow. (fixes issue #740)
* tiffcrop: avoid nullptr dereference. (fixes issue #734)
* tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression
*datamem to PrintData, which uses it as a divisor or modulus.
* tiff2ps: check return of TIFFGetFiled() for TIFFTAG_STRIPBYTECOUNTS and
TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718)
* tiffcmp: fix memory leak when second file cannot be opened. (fixes issue
#718 and issue #729)
* tiffcp: fix setting compression level for lossless codecs. (fixes issue
#730)
* raw2tiff: close input file before exit (fixes issue #742) Tools changes:
* tiffinfo: add a -W switch to warn about unknown tags.
* tiffdither: process all pages in input TIFF file.
* Documentation:
* TIFFRGBAImage.rst note added for incorrect saving of images with TIFF
orientation from 5 (LeftTop) to 8 (LeftBottom) in the raster.
* TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue
#67)
* Update "Defining New TIFF Tags" description. (fixes issue #642)
* Fix return type of TIFFReadEncodedTile()
* Update the documentation to reflect deprecated typedefs.
* TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for
image data and not for IFD data.
* Update documentation on re-entrancy and thread safety.
* Remove dead links to no more existing Awaresystems web-site.
* Updating BigTIFF specification and some miscelaneous editions.
* Replace some last links and remove last todos.
* Added hints for correct allocation of TIFFYCbCrtoRGB structure and its
associated buffers. (fixes issue #681)
* Added chapter to "Using the TIFF Library" with links to handling multi-page
TIFF and custom directories. (fixes issue #43)
* update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes
issue #12)
Security issues fixed:
* CVE-2025-8961: Fix segmentation fault via main function of tiffcrop utility
[bsc#1248117]
* CVE-2025-8534: Fix null pointer dereference in function PS_Lvl2page
[bsc#1247582]
* CVE-2025-9165: Fix local execution manipulation can lead to memory leak
[bsc#1248330]
* CVE-2024-13978: Fix null pointer dereference in tiff2pdf [bsc#1247581]
* CVE-2025-8176: Fix heap use-after-free in tools/tiffmedian.c [bsc#1247108]
* CVE-2025-8177: Fix possible buffer overflow in tools/thumbnail.c:setrow()
[bsc#1247106]
* Fix TIFFMergeFieldInfo() read_count=write_count=0 (bsc#1243503)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.2
zypper in -t patch SUSE-SL-Micro-6.2-23=1
## Package List:
* SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.7.1-160000.1.1
* libtiff6-4.7.1-160000.1.1
* tiff-debugsource-4.7.1-160000.1.1
* libtiff6-debuginfo-4.7.1-160000.1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-13978.html
* https://www.suse.com/security/cve/CVE-2025-8176.html
* https://www.suse.com/security/cve/CVE-2025-8177.html
* https://www.suse.com/security/cve/CVE-2025-8534.html
* https://www.suse.com/security/cve/CVE-2025-8961.html
* https://www.suse.com/security/cve/CVE-2025-9165.html
* https://www.suse.com/security/cve/CVE-2025-9900.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243503
* https://bugzilla.suse.com/show_bug.cgi?id=1247106
* https://bugzilla.suse.com/show_bug.cgi?id=1247108
* https://bugzilla.suse.com/show_bug.cgi?id=1247581
* https://bugzilla.suse.com/show_bug.cgi?id=1247582
* https://bugzilla.suse.com/show_bug.cgi?id=1248117
* https://bugzilla.suse.com/show_bug.cgi?id=1248330
* https://bugzilla.suse.com/show_bug.cgi?id=1250413
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20251127/8b9140e8/attachment.htm>
More information about the sle-security-updates
mailing list