Explore top 10 tips to secure your open-source projects now. Read More
×
This update for tiff fixes the following issues
- CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF image (bsc#1269779).
- CVE-2026-36849: denial of service when processing a a crafted TIFF file containing a large SamplesPerPixel tag value
(bsc#1268434).
Changes for tiff:
- Update to 4.7.2:
Software configuration changes:
* cmake: Fix bundle identifiers to use reverse-DNS format
* cmake: Fix and improve Apple framework build support
* cmake: Use TurboJPEG CONFIG by default (issue #767)
* cmake: changes related to 8-/12-bit modes
* cmake: Replace CMath::CMath with direct link to avoid export.
* Support for iOS-derived builds
* Simplify cmake byte order version check
* Add additional warnings, primarily floating precision conversions and integer arithmetic conversions
* configure.ac: Require bootstrap with at least Autoconf 2.71.
Bug fixes:
* Handle negative TIFFReadFile results before state updates (issue #854)
*...
Read the Full Advisory- openSUSE Leap 16.0:
libtiff-devel-4.7.2-160000.1.1
libtiff-devel-docs-4.7.2-160000.1.1
libtiff6-4.7.2-160000.1.1
tiff-4.7.2-160000.1.1
tiff-docs-4.7.2-160000.1.1
* bsc#1268434
* bsc#1269779
References:
* https://www.suse.com/security/cve/CVE-2026-12912.html
* https://www.suse.com/security/cve/CVE-2026-36849.html
* https://www.suse.com/security/cve/CVE-2026-4775.html
Get the latest Linux and open source security news straight to your inbox.