Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 735
Alerts This Week
Warning Icon 1 735

SUSE: TIFF Important Buffer Overflow Memory Leak Advisory 2025:20971-1

suse
Calendar Grey November 11, 2025
Dist Suse Esm H88
SUSE issued an important security update for TIFF addressing multiple vulnerabilities including buffer overflow and memory leaks. Upgrade recommended.
* bsc#1219213 * bsc#1228924 * bsc#1236834 * bsc#1243503 * bsc#1247106

Summary

## This update for tiff fixes the following issues: * Update to 4.7.1: Security: * CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) * CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) * CVE-2024-13978: libtiff: Fixed LibTIFF Null Pointer Dereference (bsc#1247581) * CVE-2025-8534: Fixed null pointer dereference in function PS_Lvl2page (bsc#1247582) * CVE-2025-8961: Fixed segmentation fault via main function of tiffcrop utility (bsc#1248117) * CVE-2025-9165: libtiff: Fixed local execution manipulation leading to memory leak (bsc#1248330) * CVE-2025-9900: libtiff: Fixed Write-What-Where via TIFFReadRGBAImageOriented (bsc#1250413) Software configuration changes:

References

* bsc#1219213

* bsc#1228924

* bsc#1236834

* bsc#1243503

* bsc#1247106

* bsc#1247108

* bsc#1247581

* bsc#1247582

* bsc#1248117

* bsc#1248330

* bsc#1250413

Cross-

* CVE-2023-52356

* CVE-2024-13978

* CVE-2024-7006

* CVE-2025-8176

* CVE-2025-8177

* CVE-2025-8534

* CVE-2025-8961

* CVE-2025-9165

* CVE-2025-9900

CVSS scores:

* CVE-2023-52356 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-52356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-13978 ( SUSE ): 5.7

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-13978 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-13978 ( NVD ): 2.0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20971-1
Release Date: 2025-11-06T11:06:35Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.