Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for tiff fixes the following issues: Update to version 4.7.2. Security issues fixed: * CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog- compressed TIFF image (bsc#1269779). * CVE-2026-36849: denial of service when processing a a crafted TIFF file containing a large SamplesPerPixel tag value (bsc#1268434). Other updates and bugfixes: * Version 4.7.2: * Software configuration changes: * cmake: Fix bundle identifiers to use reverse-DNS format * cmake: Fix and improve Apple framework build support * cmake: Use TurboJPEG CONFIG by default (issue #767) * cmake: changes related to 8-/12-bit modes * cmake: Replace CMath::CMath with direct link to avoid export. * Support for iOS-derived builds * Simplify cmake byte order version check
* bsc#1268434
* bsc#1269779
Cross-
* CVE-2026-12912
* CVE-2026-36849
* CVE-2026-4775
CVSS scores:
* CVE-2026-12912 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12912 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12912 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-36849 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-4775 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4775 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-4775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP7
Get the latest Linux and open source security news straight to your inbox.