Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for tiff fixes the following issues: * Update to 4.7.1: Security: * CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) * CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) * CVE-2024-13978: libtiff: Fixed LibTIFF Null Pointer Dereference (bsc#1247581) * CVE-2025-8534: Fixed null pointer dereference in function PS_Lvl2page (bsc#1247582) * CVE-2025-8961: Fixed segmentation fault via main function of tiffcrop utility (bsc#1248117) * CVE-2025-9165: libtiff: Fixed local execution manipulation leading to memory leak (bsc#1248330) * CVE-2025-9900: libtiff: Fixed Write-What-Where via TIFFReadRGBAImageOriented (bsc#1250413) Software configuration changes:
* bsc#1219213
* bsc#1228924
* bsc#1236834
* bsc#1243503
* bsc#1247106
* bsc#1247108
* bsc#1247581
* bsc#1247582
* bsc#1248117
* bsc#1248330
* bsc#1250413
Cross-
* CVE-2023-52356
* CVE-2024-13978
* CVE-2024-7006
* CVE-2025-8176
* CVE-2025-8177
* CVE-2025-8534
* CVE-2025-8961
* CVE-2025-9165
* CVE-2025-9900
CVSS scores:
* CVE-2023-52356 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-52356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-13978 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-13978 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-13978 ( NVD ): 2.0
Get the latest Linux and open source security news straight to your inbox.