tkimg-2.1.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16618 Final 1 1 2025-09-16T00:00:00Z current 2025-09-16T00:00:00Z 2025-09-16T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z tkimg-2.1.0-1.1 on GA media These are all security issues fixed in the tkimg-2.1.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16618 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-8851/ SUSE CVE CVE-2025-8851 page https://www.suse.com/security/cve/CVE-2025-9165/ SUSE CVE CVE-2025-9165 page openSUSE Tumbleweed tkimg-2.1.0-1.1 tkimg-devel-2.1.0-1.1 tkimg-2.1.0-1.1 as a component of openSUSE Tumbleweed tkimg-devel-2.1.0-1.1 as a component of openSUSE Tumbleweed A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue. CVE-2025-8851 openSUSE Tumbleweed:tkimg-2.1.0-1.1 openSUSE Tumbleweed:tkimg-devel-2.1.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-8851.html CVE-2025-8851 https://bugzilla.suse.com/1248274 SUSE Bug 1248274 A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all". CVE-2025-9165 openSUSE Tumbleweed:tkimg-2.1.0-1.1 openSUSE Tumbleweed:tkimg-devel-2.1.0-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-9165.html CVE-2025-9165 https://bugzilla.suse.com/1248326 SUSE Bug 1248326