Описание
Security update for tiff
This update for tiff fixes the following issues:
Update to 4.7.1:
- CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278).
- CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented (bsc#1250413).
Список пакетов
Container containers/open-webui:0
Container suse/kiosk/firefox-esr:latest
Container suse/kiosk/xorg:latest
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Basesystem 15 SP7
SUSE Linux Enterprise Module for Package Hub 15 SP6
SUSE Linux Enterprise Module for Package Hub 15 SP7
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:3957-1
- E-Mail link for SUSE-SU-2025:3957-1
- SUSE Security Ratings
- SUSE Bug 1248278
- SUSE Bug 1250413
- SUSE CVE CVE-2025-8851 page
- SUSE CVE CVE-2025-9900 page
Описание
A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.
Затронутые продукты
Ссылки
- CVE-2025-8851
- SUSE Bug 1248274
Описание
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Затронутые продукты
Ссылки
- CVE-2025-9900
- SUSE Bug 1250404