Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

SUSE tiff Important DoS Buffer Overflow Fix SUSE-SU-2026-2853-1

suse
Calendar Grey July 13, 2026
Dist Suse Esm H88
An important security update for tiff addresses multiple vulnerabilities, enhancing system safety for SUSE users.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for tiff fixes the following issues: Update to version 4.7.2. Security issues fixed: * CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog- compressed TIFF image (bsc#1269779). * CVE-2026-36849: denial of service when processing a a crafted TIFF file containing a large SamplesPerPixel tag value (bsc#1268434). Other updates and bugfixes: * Version 4.7.2: * Software configuration changes: * cmake: Fix bundle identifiers to use reverse-DNS format * cmake: Fix and improve Apple framework build support * cmake: Use TurboJPEG CONFIG by default (issue #767) * cmake: changes related to 8-/12-bit modes * cmake: Replace CMath::CMath with direct link to avoid export. * Support for iOS-derived builds * Simplify cmake byte order version check

References

* bsc#1268434

* bsc#1269779

Cross-

* CVE-2026-12912

* CVE-2026-36849

* CVE-2026-4775

CVSS scores:

* CVE-2026-12912 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

* CVE-2026-12912 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

* CVE-2026-12912 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

* CVE-2026-36849 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2026-4775 ( SUSE ): 8.8

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2026-4775 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2026-4775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2026-4775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2853-1
Release Date: 2026-07-10T17:54:45Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.