libtiff-devel-32bit-4.3.0-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11461 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libtiff-devel-32bit-4.3.0-1.3 on GA media These are all security issues fixed in the libtiff-devel-32bit-4.3.0-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11461 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11461 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-0405/ SUSE CVE CVE-2006-0405 page https://www.suse.com/security/cve/CVE-2006-2656/ SUSE CVE CVE-2006-2656 page https://www.suse.com/security/cve/CVE-2008-1586/ SUSE CVE CVE-2008-1586 page https://www.suse.com/security/cve/CVE-2008-2327/ SUSE CVE CVE-2008-2327 page https://www.suse.com/security/cve/CVE-2016-10095/ SUSE CVE CVE-2016-10095 page https://www.suse.com/security/cve/CVE-2016-10266/ SUSE CVE CVE-2016-10266 page https://www.suse.com/security/cve/CVE-2016-10267/ SUSE CVE CVE-2016-10267 page https://www.suse.com/security/cve/CVE-2016-10268/ SUSE CVE CVE-2016-10268 page https://www.suse.com/security/cve/CVE-2016-10269/ SUSE CVE CVE-2016-10269 page https://www.suse.com/security/cve/CVE-2016-10270/ SUSE CVE CVE-2016-10270 page https://www.suse.com/security/cve/CVE-2016-10271/ SUSE CVE CVE-2016-10271 page https://www.suse.com/security/cve/CVE-2016-10272/ SUSE CVE CVE-2016-10272 page https://www.suse.com/security/cve/CVE-2016-10371/ SUSE CVE CVE-2016-10371 page https://www.suse.com/security/cve/CVE-2016-5318/ SUSE CVE CVE-2016-5318 page https://www.suse.com/security/cve/CVE-2016-9538/ SUSE CVE CVE-2016-9538 page https://www.suse.com/security/cve/CVE-2017-11613/ SUSE CVE CVE-2017-11613 page https://www.suse.com/security/cve/CVE-2017-16232/ SUSE CVE CVE-2017-16232 page https://www.suse.com/security/cve/CVE-2017-18013/ SUSE CVE CVE-2017-18013 page https://www.suse.com/security/cve/CVE-2017-5225/ SUSE CVE CVE-2017-5225 page https://www.suse.com/security/cve/CVE-2017-7592/ SUSE CVE CVE-2017-7592 page https://www.suse.com/security/cve/CVE-2017-7593/ SUSE CVE CVE-2017-7593 page https://www.suse.com/security/cve/CVE-2017-7594/ SUSE CVE CVE-2017-7594 page https://www.suse.com/security/cve/CVE-2017-7595/ SUSE CVE CVE-2017-7595 page https://www.suse.com/security/cve/CVE-2017-7596/ SUSE CVE CVE-2017-7596 page https://www.suse.com/security/cve/CVE-2017-7598/ SUSE CVE CVE-2017-7598 page https://www.suse.com/security/cve/CVE-2017-7599/ SUSE CVE CVE-2017-7599 page https://www.suse.com/security/cve/CVE-2017-7601/ SUSE CVE CVE-2017-7601 page https://www.suse.com/security/cve/CVE-2017-7602/ SUSE CVE CVE-2017-7602 page https://www.suse.com/security/cve/CVE-2017-9403/ SUSE CVE CVE-2017-9403 page https://www.suse.com/security/cve/CVE-2017-9404/ SUSE CVE CVE-2017-9404 page https://www.suse.com/security/cve/CVE-2017-9935/ SUSE CVE CVE-2017-9935 page https://www.suse.com/security/cve/CVE-2017-9936/ SUSE CVE CVE-2017-9936 page https://www.suse.com/security/cve/CVE-2018-10779/ SUSE CVE CVE-2018-10779 page https://www.suse.com/security/cve/CVE-2018-10963/ SUSE CVE CVE-2018-10963 page https://www.suse.com/security/cve/CVE-2018-12900/ SUSE CVE CVE-2018-12900 page https://www.suse.com/security/cve/CVE-2018-16335/ SUSE CVE CVE-2018-16335 page https://www.suse.com/security/cve/CVE-2018-17000/ SUSE CVE CVE-2018-17000 page https://www.suse.com/security/cve/CVE-2018-17100/ SUSE CVE CVE-2018-17100 page https://www.suse.com/security/cve/CVE-2018-17101/ SUSE CVE CVE-2018-17101 page https://www.suse.com/security/cve/CVE-2018-17795/ SUSE CVE CVE-2018-17795 page https://www.suse.com/security/cve/CVE-2018-18557/ SUSE CVE CVE-2018-18557 page https://www.suse.com/security/cve/CVE-2018-18661/ SUSE CVE CVE-2018-18661 page https://www.suse.com/security/cve/CVE-2018-19210/ SUSE CVE CVE-2018-19210 page https://www.suse.com/security/cve/CVE-2018-5784/ SUSE CVE CVE-2018-5784 page https://www.suse.com/security/cve/CVE-2018-7456/ SUSE CVE CVE-2018-7456 page https://www.suse.com/security/cve/CVE-2018-8905/ SUSE CVE CVE-2018-8905 page https://www.suse.com/security/cve/CVE-2019-6128/ SUSE CVE CVE-2019-6128 page https://www.suse.com/security/cve/CVE-2019-7663/ SUSE CVE CVE-2019-7663 page openSUSE Tumbleweed libtiff-devel-4.3.0-1.3 libtiff-devel-32bit-4.3.0-1.3 libtiff5-4.3.0-1.3 libtiff5-32bit-4.3.0-1.3 tiff-4.3.0-1.3 libtiff-devel-4.3.0-1.3 as a component of openSUSE Tumbleweed libtiff-devel-32bit-4.3.0-1.3 as a component of openSUSE Tumbleweed libtiff5-4.3.0-1.3 as a component of openSUSE Tumbleweed libtiff5-32bit-4.3.0-1.3 as a component of openSUSE Tumbleweed tiff-4.3.0-1.3 as a component of openSUSE Tumbleweed The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. CVE-2006-0405 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0405.html CVE-2006-0405 https://bugzilla.suse.com/145757 SUSE Bug 145757 https://bugzilla.suse.com/165237 SUSE Bug 165237 Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. CVE-2006-2656 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-2656.html CVE-2006-2656 https://bugzilla.suse.com/179051 SUSE Bug 179051 ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. CVE-2008-1586 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1586.html CVE-2008-1586 https://bugzilla.suse.com/444079 SUSE Bug 444079 Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. CVE-2008-2327 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2327.html CVE-2008-2327 https://bugzilla.suse.com/414946 SUSE Bug 414946 https://bugzilla.suse.com/518698 SUSE Bug 518698 Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. CVE-2016-10095 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10095.html CVE-2016-10095 https://bugzilla.suse.com/1017690 SUSE Bug 1017690 https://bugzilla.suse.com/960341 SUSE Bug 960341 https://bugzilla.suse.com/983436 SUSE Bug 983436 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. CVE-2016-10266 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10266.html CVE-2016-10266 https://bugzilla.suse.com/1017694 SUSE Bug 1017694 https://bugzilla.suse.com/1031263 SUSE Bug 1031263 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. CVE-2016-10267 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10267.html CVE-2016-10267 https://bugzilla.suse.com/1017694 SUSE Bug 1017694 https://bugzilla.suse.com/1031262 SUSE Bug 1031262 tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. CVE-2016-10268 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10268.html CVE-2016-10268 https://bugzilla.suse.com/1017693 SUSE Bug 1017693 https://bugzilla.suse.com/1031255 SUSE Bug 1031255 LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. CVE-2016-10269 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10269.html CVE-2016-10269 https://bugzilla.suse.com/1017693 SUSE Bug 1017693 https://bugzilla.suse.com/1031254 SUSE Bug 1031254 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. CVE-2016-10270 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10270.html CVE-2016-10270 https://bugzilla.suse.com/1031250 SUSE Bug 1031250 tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. CVE-2016-10271 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10271.html CVE-2016-10271 https://bugzilla.suse.com/1031249 SUSE Bug 1031249 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. CVE-2016-10272 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10272.html CVE-2016-10272 https://bugzilla.suse.com/1031247 SUSE Bug 1031247 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. CVE-2016-10371 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10371.html CVE-2016-10371 https://bugzilla.suse.com/1038438 SUSE Bug 1038438 Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. CVE-2016-5318 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5318.html CVE-2016-5318 https://bugzilla.suse.com/1007276 SUSE Bug 1007276 https://bugzilla.suse.com/1017690 SUSE Bug 1017690 https://bugzilla.suse.com/1040322 SUSE Bug 1040322 https://bugzilla.suse.com/960341 SUSE Bug 960341 https://bugzilla.suse.com/974621 SUSE Bug 974621 https://bugzilla.suse.com/983436 SUSE Bug 983436 tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. CVE-2016-9538 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9538.html CVE-2016-9538 https://bugzilla.suse.com/1004519 SUSE Bug 1004519 https://bugzilla.suse.com/1011841 SUSE Bug 1011841 In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. CVE-2017-11613 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11613.html CVE-2017-11613 https://bugzilla.suse.com/1082332 SUSE Bug 1082332 https://bugzilla.suse.com/1106853 SUSE Bug 1106853 ** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue. CVE-2017-16232 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-16232.html CVE-2017-16232 https://bugzilla.suse.com/1069213 SUSE Bug 1069213 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. CVE-2017-18013 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-18013.html CVE-2017-18013 https://bugzilla.suse.com/1074317 SUSE Bug 1074317 https://bugzilla.suse.com/1082825 SUSE Bug 1082825 LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. CVE-2017-5225 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5225.html CVE-2017-5225 https://bugzilla.suse.com/1019611 SUSE Bug 1019611 The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7592 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7592.html CVE-2017-7592 https://bugzilla.suse.com/1033131 SUSE Bug 1033131 tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. CVE-2017-7593 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7593.html CVE-2017-7593 https://bugzilla.suse.com/1033129 SUSE Bug 1033129 The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. CVE-2017-7594 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7594.html CVE-2017-7594 https://bugzilla.suse.com/1033128 SUSE Bug 1033128 The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. CVE-2017-7595 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7595.html CVE-2017-7595 https://bugzilla.suse.com/1033111 SUSE Bug 1033111 https://bugzilla.suse.com/1033127 SUSE Bug 1033127 LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7596 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7596.html CVE-2017-7596 https://bugzilla.suse.com/1033112 SUSE Bug 1033112 https://bugzilla.suse.com/1033113 SUSE Bug 1033113 https://bugzilla.suse.com/1033120 SUSE Bug 1033120 https://bugzilla.suse.com/1033126 SUSE Bug 1033126 tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. CVE-2017-7598 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7598.html CVE-2017-7598 https://bugzilla.suse.com/1033118 SUSE Bug 1033118 LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7599 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7599.html CVE-2017-7599 https://bugzilla.suse.com/1033112 SUSE Bug 1033112 https://bugzilla.suse.com/1033113 SUSE Bug 1033113 https://bugzilla.suse.com/1033120 SUSE Bug 1033120 https://bugzilla.suse.com/1033126 SUSE Bug 1033126 LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7601 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7601.html CVE-2017-7601 https://bugzilla.suse.com/1033111 SUSE Bug 1033111 https://bugzilla.suse.com/1033127 SUSE Bug 1033127 LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7602 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7602.html CVE-2017-7602 https://bugzilla.suse.com/1033109 SUSE Bug 1033109 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. CVE-2017-9403 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9403.html CVE-2017-9403 https://bugzilla.suse.com/1042805 SUSE Bug 1042805 https://bugzilla.suse.com/1045688 SUSE Bug 1045688 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. CVE-2017-9404 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9404.html CVE-2017-9404 https://bugzilla.suse.com/1042804 SUSE Bug 1042804 In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. CVE-2017-9935 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9935.html CVE-2017-9935 https://bugzilla.suse.com/1046077 SUSE Bug 1046077 https://bugzilla.suse.com/1074318 SUSE Bug 1074318 https://bugzilla.suse.com/1108606 SUSE Bug 1108606 https://bugzilla.suse.com/1110358 SUSE Bug 1110358 In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. CVE-2017-9936 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9936.html CVE-2017-9936 https://bugzilla.suse.com/1046073 SUSE Bug 1046073 TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. CVE-2018-10779 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-10779.html CVE-2018-10779 https://bugzilla.suse.com/1092480 SUSE Bug 1092480 The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. CVE-2018-10963 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-10963.html CVE-2018-10963 https://bugzilla.suse.com/1092949 SUSE Bug 1092949 Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. CVE-2018-12900 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12900.html CVE-2018-12900 https://bugzilla.suse.com/1099257 SUSE Bug 1099257 https://bugzilla.suse.com/1125113 SUSE Bug 1125113 https://bugzilla.suse.com/1150480 SUSE Bug 1150480 newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. CVE-2018-16335 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16335.html CVE-2018-16335 https://bugzilla.suse.com/1106853 SUSE Bug 1106853 A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. CVE-2018-17000 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17000.html CVE-2018-17000 https://bugzilla.suse.com/1108606 SUSE Bug 1108606 https://bugzilla.suse.com/1115717 SUSE Bug 1115717 https://bugzilla.suse.com/1125113 SUSE Bug 1125113 An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. CVE-2018-17100 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17100.html CVE-2018-17100 https://bugzilla.suse.com/1108637 SUSE Bug 1108637 An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. CVE-2018-17101 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17101.html CVE-2018-17101 https://bugzilla.suse.com/1108627 SUSE Bug 1108627 The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. CVE-2018-17795 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17795.html CVE-2018-17795 https://bugzilla.suse.com/1046077 SUSE Bug 1046077 https://bugzilla.suse.com/1110358 SUSE Bug 1110358 LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. CVE-2018-18557 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18557.html CVE-2018-18557 https://bugzilla.suse.com/1113094 SUSE Bug 1113094 An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. CVE-2018-18661 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18661.html CVE-2018-18661 https://bugzilla.suse.com/1113672 SUSE Bug 1113672 In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. CVE-2018-19210 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19210.html CVE-2018-19210 https://bugzilla.suse.com/1108606 SUSE Bug 1108606 https://bugzilla.suse.com/1115717 SUSE Bug 1115717 In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. CVE-2018-5784 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5784.html CVE-2018-5784 https://bugzilla.suse.com/1081690 SUSE Bug 1081690 A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) CVE-2018-7456 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7456.html CVE-2018-7456 https://bugzilla.suse.com/1074317 SUSE Bug 1074317 https://bugzilla.suse.com/1082825 SUSE Bug 1082825 In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. CVE-2018-8905 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-8905.html CVE-2018-8905 https://bugzilla.suse.com/1086408 SUSE Bug 1086408 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. CVE-2019-6128 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6128.html CVE-2019-6128 https://bugzilla.suse.com/1121626 SUSE Bug 1121626 https://bugzilla.suse.com/1153715 SUSE Bug 1153715 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. CVE-2019-7663 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7663.html CVE-2019-7663 https://bugzilla.suse.com/1125113 SUSE Bug 1125113