libtiff-devel-32bit-4.0.7-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10554-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libtiff-devel-32bit-4.0.7-1.1 on GA media These are all security issues fixed in the libtiff-devel-32bit-4.0.7-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10554 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-2285/ SUSE CVE CVE-2009-2285 page https://www.suse.com/security/cve/CVE-2009-2347/ SUSE CVE CVE-2009-2347 page https://www.suse.com/security/cve/CVE-2010-2065/ SUSE CVE CVE-2010-2065 page https://www.suse.com/security/cve/CVE-2010-2067/ SUSE CVE CVE-2010-2067 page https://www.suse.com/security/cve/CVE-2010-2233/ SUSE CVE CVE-2010-2233 page https://www.suse.com/security/cve/CVE-2010-4665/ SUSE CVE CVE-2010-4665 page https://www.suse.com/security/cve/CVE-2011-0192/ SUSE CVE CVE-2011-0192 page https://www.suse.com/security/cve/CVE-2011-1167/ SUSE CVE CVE-2011-1167 page https://www.suse.com/security/cve/CVE-2012-1173/ SUSE CVE CVE-2012-1173 page https://www.suse.com/security/cve/CVE-2012-2113/ SUSE CVE CVE-2012-2113 page https://www.suse.com/security/cve/CVE-2012-3401/ SUSE CVE CVE-2012-3401 page https://www.suse.com/security/cve/CVE-2012-4564/ SUSE CVE CVE-2012-4564 page https://www.suse.com/security/cve/CVE-2013-1960/ SUSE CVE CVE-2013-1960 page https://www.suse.com/security/cve/CVE-2013-1961/ SUSE CVE CVE-2013-1961 page https://www.suse.com/security/cve/CVE-2013-4231/ SUSE CVE CVE-2013-4231 page https://www.suse.com/security/cve/CVE-2013-4232/ SUSE CVE CVE-2013-4232 page https://www.suse.com/security/cve/CVE-2013-4243/ SUSE CVE CVE-2013-4243 page https://www.suse.com/security/cve/CVE-2013-4244/ SUSE CVE CVE-2013-4244 page https://www.suse.com/security/cve/CVE-2014-8127/ SUSE CVE CVE-2014-8127 page https://www.suse.com/security/cve/CVE-2014-8128/ SUSE CVE CVE-2014-8128 page https://www.suse.com/security/cve/CVE-2014-8129/ SUSE CVE CVE-2014-8129 page https://www.suse.com/security/cve/CVE-2014-8130/ SUSE CVE CVE-2014-8130 page https://www.suse.com/security/cve/CVE-2014-9655/ SUSE CVE CVE-2014-9655 page https://www.suse.com/security/cve/CVE-2015-1547/ SUSE CVE CVE-2015-1547 page https://www.suse.com/security/cve/CVE-2015-7554/ SUSE CVE CVE-2015-7554 page https://www.suse.com/security/cve/CVE-2015-8665/ SUSE CVE CVE-2015-8665 page https://www.suse.com/security/cve/CVE-2015-8683/ SUSE CVE CVE-2015-8683 page https://www.suse.com/security/cve/CVE-2015-8781/ SUSE CVE CVE-2015-8781 page https://www.suse.com/security/cve/CVE-2015-8782/ SUSE CVE CVE-2015-8782 page https://www.suse.com/security/cve/CVE-2015-8783/ SUSE CVE CVE-2015-8783 page https://www.suse.com/security/cve/CVE-2016-3186/ SUSE CVE CVE-2016-3186 page https://www.suse.com/security/cve/CVE-2016-3622/ SUSE CVE CVE-2016-3622 page https://www.suse.com/security/cve/CVE-2016-3623/ SUSE CVE CVE-2016-3623 page https://www.suse.com/security/cve/CVE-2016-3658/ SUSE CVE CVE-2016-3658 page https://www.suse.com/security/cve/CVE-2016-3945/ SUSE CVE CVE-2016-3945 page https://www.suse.com/security/cve/CVE-2016-3990/ SUSE CVE CVE-2016-3990 page https://www.suse.com/security/cve/CVE-2016-3991/ SUSE CVE CVE-2016-3991 page https://www.suse.com/security/cve/CVE-2016-5314/ SUSE CVE CVE-2016-5314 page https://www.suse.com/security/cve/CVE-2016-5316/ SUSE CVE CVE-2016-5316 page https://www.suse.com/security/cve/CVE-2016-5317/ SUSE CVE CVE-2016-5317 page https://www.suse.com/security/cve/CVE-2016-5320/ SUSE CVE CVE-2016-5320 page https://www.suse.com/security/cve/CVE-2016-5321/ SUSE CVE CVE-2016-5321 page https://www.suse.com/security/cve/CVE-2016-5323/ SUSE CVE CVE-2016-5323 page https://www.suse.com/security/cve/CVE-2016-5652/ SUSE CVE CVE-2016-5652 page https://www.suse.com/security/cve/CVE-2016-5875/ SUSE CVE CVE-2016-5875 page https://www.suse.com/security/cve/CVE-2016-9273/ SUSE CVE CVE-2016-9273 page https://www.suse.com/security/cve/CVE-2016-9297/ SUSE CVE CVE-2016-9297 page https://www.suse.com/security/cve/CVE-2016-9448/ SUSE CVE CVE-2016-9448 page https://www.suse.com/security/cve/CVE-2016-9453/ SUSE CVE CVE-2016-9453 page openSUSE Tumbleweed libtiff-devel-4.0.7-1.1 libtiff-devel-32bit-4.0.7-1.1 libtiff5-4.0.7-1.1 libtiff5-32bit-4.0.7-1.1 tiff-4.0.7-1.1 libtiff-devel-4.0.7-1.1 as a component of openSUSE Tumbleweed libtiff-devel-32bit-4.0.7-1.1 as a component of openSUSE Tumbleweed libtiff5-4.0.7-1.1 as a component of openSUSE Tumbleweed libtiff5-32bit-4.0.7-1.1 as a component of openSUSE Tumbleweed tiff-4.0.7-1.1 as a component of openSUSE Tumbleweed Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. CVE-2009-2285 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-2285.html CVE-2009-2285 https://bugzilla.suse.com/518698 SUSE Bug 518698 Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. CVE-2009-2347 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-2347.html CVE-2009-2347 https://bugzilla.suse.com/519796 SUSE Bug 519796 https://bugzilla.suse.com/616827 SUSE Bug 616827 Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. CVE-2010-2065 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2065.html CVE-2010-2065 https://bugzilla.suse.com/612787 SUSE Bug 612787 https://bugzilla.suse.com/612879 SUSE Bug 612879 Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. CVE-2010-2067 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2067.html CVE-2010-2067 https://bugzilla.suse.com/612787 SUSE Bug 612787 https://bugzilla.suse.com/612879 SUSE Bug 612879 tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." CVE-2010-2233 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2233.html CVE-2010-2233 https://bugzilla.suse.com/612879 SUSE Bug 612879 Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. CVE-2010-4665 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4665.html CVE-2010-4665 https://bugzilla.suse.com/687442 SUSE Bug 687442 https://bugzilla.suse.com/854393 SUSE Bug 854393 Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. CVE-2011-0192 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0192.html CVE-2011-0192 https://bugzilla.suse.com/672510 SUSE Bug 672510 https://bugzilla.suse.com/682053 SUSE Bug 682053 https://bugzilla.suse.com/682871 SUSE Bug 682871 https://bugzilla.suse.com/854393 SUSE Bug 854393 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. CVE-2011-1167 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1167.html CVE-2011-1167 https://bugzilla.suse.com/683337 SUSE Bug 683337 https://bugzilla.suse.com/854393 SUSE Bug 854393 Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. CVE-2012-1173 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1173.html CVE-2012-1173 https://bugzilla.suse.com/753362 SUSE Bug 753362 https://bugzilla.suse.com/767852 SUSE Bug 767852 https://bugzilla.suse.com/854393 SUSE Bug 854393 Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. CVE-2012-2113 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2113.html CVE-2012-2113 https://bugzilla.suse.com/767852 SUSE Bug 767852 https://bugzilla.suse.com/854393 SUSE Bug 854393 The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. CVE-2012-3401 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3401.html CVE-2012-3401 https://bugzilla.suse.com/770816 SUSE Bug 770816 https://bugzilla.suse.com/854393 SUSE Bug 854393 ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. CVE-2012-4564 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4564.html CVE-2012-4564 https://bugzilla.suse.com/781995 SUSE Bug 781995 https://bugzilla.suse.com/787892 SUSE Bug 787892 https://bugzilla.suse.com/791607 SUSE Bug 791607 https://bugzilla.suse.com/854393 SUSE Bug 854393 Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. CVE-2013-1960 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1960.html CVE-2013-1960 https://bugzilla.suse.com/817573 SUSE Bug 817573 https://bugzilla.suse.com/854393 SUSE Bug 854393 Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. CVE-2013-1961 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1961.html CVE-2013-1961 https://bugzilla.suse.com/817573 SUSE Bug 817573 https://bugzilla.suse.com/818117 SUSE Bug 818117 https://bugzilla.suse.com/854393 SUSE Bug 854393 Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. CVE-2013-4231 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4231.html CVE-2013-4231 https://bugzilla.suse.com/834477 SUSE Bug 834477 https://bugzilla.suse.com/854393 SUSE Bug 854393 https://bugzilla.suse.com/969783 SUSE Bug 969783 Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. CVE-2013-4232 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4232.html CVE-2013-4232 https://bugzilla.suse.com/834477 SUSE Bug 834477 https://bugzilla.suse.com/854393 SUSE Bug 854393 https://bugzilla.suse.com/969783 SUSE Bug 969783 Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. CVE-2013-4243 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4243.html CVE-2013-4243 https://bugzilla.suse.com/834779 SUSE Bug 834779 https://bugzilla.suse.com/854393 SUSE Bug 854393 https://bugzilla.suse.com/969783 SUSE Bug 969783 The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. CVE-2013-4244 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4244.html CVE-2013-4244 https://bugzilla.suse.com/834788 SUSE Bug 834788 https://bugzilla.suse.com/854393 SUSE Bug 854393 https://bugzilla.suse.com/969783 SUSE Bug 969783 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. CVE-2014-8127 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8127.html CVE-2014-8127 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 https://bugzilla.suse.com/914890 SUSE Bug 914890 https://bugzilla.suse.com/916925 SUSE Bug 916925 https://bugzilla.suse.com/942690 SUSE Bug 942690 https://bugzilla.suse.com/969783 SUSE Bug 969783 LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. CVE-2014-8128 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8128.html CVE-2014-8128 https://bugzilla.suse.com/1007276 SUSE Bug 1007276 https://bugzilla.suse.com/1017690 SUSE Bug 1017690 https://bugzilla.suse.com/1040322 SUSE Bug 1040322 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 https://bugzilla.suse.com/914890 SUSE Bug 914890 https://bugzilla.suse.com/916925 SUSE Bug 916925 https://bugzilla.suse.com/942690 SUSE Bug 942690 https://bugzilla.suse.com/960341 SUSE Bug 960341 https://bugzilla.suse.com/969783 SUSE Bug 969783 https://bugzilla.suse.com/974621 SUSE Bug 974621 https://bugzilla.suse.com/983436 SUSE Bug 983436 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. CVE-2014-8129 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8129.html CVE-2014-8129 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 https://bugzilla.suse.com/914890 SUSE Bug 914890 https://bugzilla.suse.com/916925 SUSE Bug 916925 https://bugzilla.suse.com/942690 SUSE Bug 942690 https://bugzilla.suse.com/969783 SUSE Bug 969783 The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. CVE-2014-8130 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8130.html CVE-2014-8130 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 https://bugzilla.suse.com/914890 SUSE Bug 914890 https://bugzilla.suse.com/916925 SUSE Bug 916925 https://bugzilla.suse.com/942690 SUSE Bug 942690 https://bugzilla.suse.com/969783 SUSE Bug 969783 The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. CVE-2014-9655 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9655.html CVE-2014-9655 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 https://bugzilla.suse.com/914890 SUSE Bug 914890 https://bugzilla.suse.com/916925 SUSE Bug 916925 https://bugzilla.suse.com/916927 SUSE Bug 916927 https://bugzilla.suse.com/969783 SUSE Bug 969783 The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. CVE-2015-1547 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1547.html CVE-2015-1547 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 https://bugzilla.suse.com/914890 SUSE Bug 914890 https://bugzilla.suse.com/916925 SUSE Bug 916925 The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. CVE-2015-7554 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7554.html CVE-2015-7554 https://bugzilla.suse.com/1007276 SUSE Bug 1007276 https://bugzilla.suse.com/1017690 SUSE Bug 1017690 https://bugzilla.suse.com/1040322 SUSE Bug 1040322 https://bugzilla.suse.com/960341 SUSE Bug 960341 https://bugzilla.suse.com/974621 SUSE Bug 974621 https://bugzilla.suse.com/983436 SUSE Bug 983436 tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. CVE-2015-8665 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8665.html CVE-2015-8665 https://bugzilla.suse.com/1156749 SUSE Bug 1156749 https://bugzilla.suse.com/1156754 SUSE Bug 1156754 https://bugzilla.suse.com/1200195 SUSE Bug 1200195 The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. CVE-2015-8683 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8683.html CVE-2015-8683 https://bugzilla.suse.com/1156749 SUSE Bug 1156749 https://bugzilla.suse.com/1156754 SUSE Bug 1156754 https://bugzilla.suse.com/1200195 SUSE Bug 1200195 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. CVE-2015-8781 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8781.html CVE-2015-8781 https://bugzilla.suse.com/964213 SUSE Bug 964213 https://bugzilla.suse.com/964225 SUSE Bug 964225 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. CVE-2015-8782 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8782.html CVE-2015-8782 https://bugzilla.suse.com/964213 SUSE Bug 964213 https://bugzilla.suse.com/964225 SUSE Bug 964225 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. CVE-2015-8783 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8783.html CVE-2015-8783 https://bugzilla.suse.com/964213 SUSE Bug 964213 https://bugzilla.suse.com/964225 SUSE Bug 964225 Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. CVE-2016-3186 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3186.html CVE-2016-3186 https://bugzilla.suse.com/973340 SUSE Bug 973340 https://bugzilla.suse.com/983268 SUSE Bug 983268 The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. CVE-2016-3622 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3622.html CVE-2016-3622 https://bugzilla.suse.com/974449 SUSE Bug 974449 The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. CVE-2016-3623 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3623.html CVE-2016-3623 https://bugzilla.suse.com/974617 SUSE Bug 974617 https://bugzilla.suse.com/974618 SUSE Bug 974618 The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. CVE-2016-3658 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3658.html CVE-2016-3658 https://bugzilla.suse.com/974840 SUSE Bug 974840 Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. CVE-2016-3945 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3945.html CVE-2016-3945 https://bugzilla.suse.com/974614 SUSE Bug 974614 Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. CVE-2016-3990 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3990.html CVE-2016-3990 https://bugzilla.suse.com/975069 SUSE Bug 975069 Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. CVE-2016-3991 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3991.html CVE-2016-3991 https://bugzilla.suse.com/975070 SUSE Bug 975070 Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. CVE-2016-5314 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5314.html CVE-2016-5314 https://bugzilla.suse.com/984831 SUSE Bug 984831 https://bugzilla.suse.com/987351 SUSE Bug 987351 Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. CVE-2016-5316 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5316.html CVE-2016-5316 https://bugzilla.suse.com/984837 SUSE Bug 984837 Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. CVE-2016-5317 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5317.html CVE-2016-5317 https://bugzilla.suse.com/984842 SUSE Bug 984842 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-5320 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5320.html CVE-2016-5320 https://bugzilla.suse.com/1007284 SUSE Bug 1007284 https://bugzilla.suse.com/984808 SUSE Bug 984808 https://bugzilla.suse.com/987351 SUSE Bug 987351 The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. CVE-2016-5321 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5321.html CVE-2016-5321 https://bugzilla.suse.com/984813 SUSE Bug 984813 The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. CVE-2016-5323 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5323.html CVE-2016-5323 https://bugzilla.suse.com/984815 SUSE Bug 984815 An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. CVE-2016-5652 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5652.html CVE-2016-5652 https://bugzilla.suse.com/1007280 SUSE Bug 1007280 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2016-5875 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5875.html CVE-2016-5875 https://bugzilla.suse.com/1007284 SUSE Bug 1007284 https://bugzilla.suse.com/984809 SUSE Bug 984809 https://bugzilla.suse.com/984831 SUSE Bug 984831 https://bugzilla.suse.com/987351 SUSE Bug 987351 tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. CVE-2016-9273 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9273.html CVE-2016-9273 https://bugzilla.suse.com/1010163 SUSE Bug 1010163 https://bugzilla.suse.com/1017693 SUSE Bug 1017693 https://bugzilla.suse.com/1150480 SUSE Bug 1150480 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. CVE-2016-9297 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9297.html CVE-2016-9297 https://bugzilla.suse.com/1010161 SUSE Bug 1010161 https://bugzilla.suse.com/1011103 SUSE Bug 1011103 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. CVE-2016-9448 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9448.html CVE-2016-9448 https://bugzilla.suse.com/1010161 SUSE Bug 1010161 https://bugzilla.suse.com/1011103 SUSE Bug 1011103 The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. CVE-2016-9453 openSUSE Tumbleweed:libtiff-devel-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff-devel-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-32bit-4.0.7-1.1 openSUSE Tumbleweed:libtiff5-4.0.7-1.1 openSUSE Tumbleweed:tiff-4.0.7-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9453.html CVE-2016-9453 https://bugzilla.suse.com/1007280 SUSE Bug 1007280 https://bugzilla.suse.com/1011107 SUSE Bug 1011107