Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

openSUSE tiff Important Heap Overflow DoS Advisories 2026-2853-1

opensuse
Calendar Grey July 13, 2026
Dist Opensuse Esm H88
Discover critical updates addressing multiple vulnerabilities in the TIFF package for openSUSE with a focus on security enhancements.
An update that solves three vulnerabilities can now be installed.

Description

This update for tiff fixes the following issues:

Update to version 4.7.2.

Security issues fixed:

* CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-

compressed TIFF image (bsc#1269779).

* CVE-2026-36849: denial of service when processing a a crafted TIFF file

containing a large SamplesPerPixel tag value (bsc#1268434).

Other updates and bugfixes:

* Version 4.7.2:

* Software configuration changes:

* cmake: Fix bundle identifiers to use reverse-DNS format

* cmake: Fix and improve Apple framework build support

* cmake: Use TurboJPEG CONFIG by default (issue #767)

* cmake: changes related to 8-/12-bit modes

* cmake: Replace CMath::CMath with direct link to avoid export.

* Support for iOS-derived builds

* Simplify cmake byte order version check

* Add additional warnings, primarily floating precision conversions and integer arithmetic conversions

* configure.ac: Require bootstrap with at least Autoconf 2.71.

Read the Full Advisory

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7

zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2853=1

* Basesystem Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2853=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2853=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2853=1

* openSUSE Leap 15.6

zypper in -t patch SUSE-2026-2853=1

Package List

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)

* libtiff6-4.7.2-150600.3.29.1

* libtiff6-debuginfo-4.7.2-150600.3.29.1

* libtiff-devel-4.7.2-150600.3.29.1

* tiff-debugsource-4.7.2-150600.3.29.1

* tiff-debuginfo-4.7.2-150600.3.29.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)

* libtiff6-32bit-4.7.2-150600.3.29.1

* libtiff6-32bit-debuginfo-4.7.2-150600.3.29.1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)

* libtiff6-4.7.2-150600.3.29.1

* libtiff6-debuginfo-4.7.2-150600.3.29.1

* libtiff-devel-4.7.2-150600.3.29.1

* tiff-debugsource-4.7.2-150600.3.29.1

* tiff-debuginfo-4.7.2-150600.3.29.1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)

* libtiff6-32bit-4.7.2-150600.3.29.1

* libtiff6-32bit-debuginfo-4.7.2-150600.3.29.1

* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)

* libtiff6-4.7.2-150600.3.29.1

* libtiff6-debuginfo-4.7.2-150600.3.29.1

* libtiff-devel-4.7.2-150600.3.29.1

* tiff-debugsource-4.7.2-150600.3.29.1

*...

Read the Full Advisory

References

* bsc#1268434

* bsc#1269779

## References:

* https://www.suse.com/security/cve/CVE-2026-12912.html

* https://www.suse.com/security/cve/CVE-2026-36849.html

* https://www.suse.com/security/cve/CVE-2026-4775.html

* https://bugzilla.suse.com/show_bug.cgi?id=1268434

* https://bugzilla.suse.com/show_bug.cgi?id=1269779

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2853-1
Release Date: 2026-07-10T17:54:45Z
Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.