libtiff-devel-32bit-4.7.0-7.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15417-1 Final 1 1 2025-08-06T00:00:00Z current 2025-08-06T00:00:00Z 2025-08-06T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libtiff-devel-32bit-4.7.0-7.1 on GA media These are all security issues fixed in the libtiff-devel-32bit-4.7.0-7.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15417 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-8176/ SUSE CVE CVE-2025-8176 page https://www.suse.com/security/cve/CVE-2025-8177/ SUSE CVE CVE-2025-8177 page openSUSE Tumbleweed libtiff-devel-4.7.0-7.1 libtiff-devel-32bit-4.7.0-7.1 libtiff6-4.7.0-7.1 libtiff6-32bit-4.7.0-7.1 tiff-4.7.0-7.1 libtiff-devel-4.7.0-7.1 as a component of openSUSE Tumbleweed libtiff-devel-32bit-4.7.0-7.1 as a component of openSUSE Tumbleweed libtiff6-4.7.0-7.1 as a component of openSUSE Tumbleweed libtiff6-32bit-4.7.0-7.1 as a component of openSUSE Tumbleweed tiff-4.7.0-7.1 as a component of openSUSE Tumbleweed A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue. CVE-2025-8176 openSUSE Tumbleweed:libtiff-devel-32bit-4.7.0-7.1 openSUSE Tumbleweed:libtiff-devel-4.7.0-7.1 openSUSE Tumbleweed:libtiff6-32bit-4.7.0-7.1 openSUSE Tumbleweed:libtiff6-4.7.0-7.1 openSUSE Tumbleweed:tiff-4.7.0-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-8176.html CVE-2025-8176 https://bugzilla.suse.com/1247108 SUSE Bug 1247108 A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer. CVE-2025-8177 openSUSE Tumbleweed:libtiff-devel-32bit-4.7.0-7.1 openSUSE Tumbleweed:libtiff-devel-4.7.0-7.1 openSUSE Tumbleweed:libtiff6-32bit-4.7.0-7.1 openSUSE Tumbleweed:libtiff6-4.7.0-7.1 openSUSE Tumbleweed:tiff-4.7.0-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-8177.html CVE-2025-8177 https://bugzilla.suse.com/1247106 SUSE Bug 1247106