SUSE-SU-2025:3989-1

Опубликовано: 07 нояб. 2025

Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

CVE-2025-8851: Fixed stack-based buffer overflow vulnerability in tools/tiffcrop.c function readSeparateStripsIntoBuffer() by implementing additional error handling (bsc#1248278).

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

libtiff-devel-4.0.9-44.106.1

libtiff5-4.0.9-44.106.1

libtiff5-32bit-4.0.9-44.106.1

tiff-4.0.9-44.106.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20253989-1/
Link for SUSE-SU-2025:3989-1
https://lists.suse.com/pipermail/sle-security-updates/2025-November/023180.html
E-Mail link for SUSE-SU-2025:3989-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1248278
SUSE Bug 1248278
https://www.suse.com/security/cve/CVE-2025-8851/
SUSE CVE CVE-2025-8851 page

Описание

A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.

Затронутые продукты

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libtiff-devel-4.0.9-44.106.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libtiff5-32bit-4.0.9-44.106.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libtiff5-4.0.9-44.106.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tiff-4.0.9-44.106.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-8851.html
CVE-2025-8851
https://bugzilla.suse.com/1248274
SUSE Bug 1248274

SUSE-SU-2025:3989-1

Описание

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2025-8851

Описание

Затронутые продукты

Ссылки