Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 461
Alerts This Week
Warning Icon 1 461

openSUSE tiff Critical Buffer Overflow Denial of Service Patch 2026-21289-1

opensuse
Calendar Grey July 13, 2026
Dist Opensuse Esm H88
This update addresses critical issues in tiff with 3 vulnerabilities fixed, enhancing security in openSUSE.
An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.

Description

This update for tiff fixes the following issues

- CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF image (bsc#1269779).

- CVE-2026-36849: denial of service when processing a a crafted TIFF file containing a large SamplesPerPixel tag value

(bsc#1268434).

Changes for tiff:

- Update to 4.7.2:

Software configuration changes:

* cmake: Fix bundle identifiers to use reverse-DNS format

* cmake: Fix and improve Apple framework build support

* cmake: Use TurboJPEG CONFIG by default (issue #767)

* cmake: changes related to 8-/12-bit modes

* cmake: Replace CMath::CMath with direct link to avoid export.

* Support for iOS-derived builds

* Simplify cmake byte order version check

* Add additional warnings, primarily floating precision conversions and integer arithmetic conversions

* configure.ac: Require bootstrap with at least Autoconf 2.71.

Bug fixes:

* Handle negative TIFFReadFile results before state updates (issue #854)

*...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

libtiff-devel-4.7.2-160000.1.1

libtiff-devel-docs-4.7.2-160000.1.1

libtiff6-4.7.2-160000.1.1

tiff-4.7.2-160000.1.1

tiff-docs-4.7.2-160000.1.1

References

* bsc#1268434

* bsc#1269779

References:

* https://www.suse.com/security/cve/CVE-2026-12912.html

* https://www.suse.com/security/cve/CVE-2026-36849.html

* https://www.suse.com/security/cve/CVE-2026-4775.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21289-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.