Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02770-1

Опубликовано: 12 авг. 2025
Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

  • Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503)
  • CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
  • CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106)
  • Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4
  • Add %check section
  • Remove Group: declarations, no longer used

Список пакетов

Container containers/open-webui:0
libtiff6-4.7.0-150600.3.13.1
Container suse/kiosk/firefox-esr:latest
libtiff6-4.7.0-150600.3.13.1
Container suse/kiosk/xorg:latest
libtiff6-4.7.0-150600.3.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libtiff-devel-4.7.0-150600.3.13.1
libtiff6-4.7.0-150600.3.13.1
libtiff6-32bit-4.7.0-150600.3.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libtiff-devel-4.7.0-150600.3.13.1
libtiff6-4.7.0-150600.3.13.1
libtiff6-32bit-4.7.0-150600.3.13.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
tiff-4.7.0-150600.3.13.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
tiff-4.7.0-150600.3.13.1
openSUSE Leap 15.6
libtiff-devel-4.7.0-150600.3.13.1
libtiff-devel-32bit-4.7.0-150600.3.13.1
libtiff6-4.7.0-150600.3.13.1
libtiff6-32bit-4.7.0-150600.3.13.1
tiff-4.7.0-150600.3.13.1

Ссылки

Описание

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

Затронутые продукты
Container containers/open-webui:0:libtiff6-4.7.0-150600.3.13.1
Container suse/kiosk/firefox-esr:latest:libtiff6-4.7.0-150600.3.13.1
Container suse/kiosk/xorg:latest:libtiff6-4.7.0-150600.3.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff-devel-4.7.0-150600.3.13.1
Ссылки

Описание

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

Затронутые продукты
Container containers/open-webui:0:libtiff6-4.7.0-150600.3.13.1
Container suse/kiosk/firefox-esr:latest:libtiff6-4.7.0-150600.3.13.1
Container suse/kiosk/xorg:latest:libtiff6-4.7.0-150600.3.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff-devel-4.7.0-150600.3.13.1
Ссылки
Уязвимость SUSE-SU-2025:02770-1