Security update for tiff SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02815-1 Final 1 1 2025-08-15T12:55:19Z current 2025-08-15T12:55:19Z 2025-08-15T12:55:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff This update for tiff fixes the following issues: - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/nginx:latest-2025-2815,SUSE-2025-2815,SUSE-SLE-Micro-5.3-2025-2815,SUSE-SLE-Micro-5.4-2025-2815,SUSE-SLE-Micro-5.5-2025-2815,SUSE-SLE-Module-Basesystem-15-SP6-2025-2815,SUSE-SLE-Module-Basesystem-15-SP7-2025-2815,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2815,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2815,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2815,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2815,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2815,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2815,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2815,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2815,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2815,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2815,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2815,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-2815,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-2815,SUSE-SUSE-MicroOS-5.2-2025-2815,SUSE-Storage-7.1-2025-2815 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502815-1/ Link for SUSE-SU-2025:02815-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041224.html E-Mail link for SUSE-SU-2025:02815-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1247106 SUSE Bug 1247106 https://bugzilla.suse.com/1247108 SUSE Bug 1247108 https://www.suse.com/security/cve/CVE-2025-8176/ SUSE CVE CVE-2025-8176 page https://www.suse.com/security/cve/CVE-2025-8177/ SUSE CVE CVE-2025-8177 page Container suse/nginx:latest SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Proxy LTS 4.3 SUSE Manager Server LTS 4.3 libtiff5-4.0.9-150000.45.50.1 libtiff-devel-4.0.9-150000.45.50.1 libtiff-devel-32bit-4.0.9-150000.45.50.1 libtiff-devel-64bit-4.0.9-150000.45.50.1 libtiff5-32bit-4.0.9-150000.45.50.1 libtiff5-64bit-4.0.9-150000.45.50.1 tiff-4.0.9-150000.45.50.1 libtiff5-4.0.9-150000.45.50.1 as a component of Container suse/nginx:latest libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Enterprise Storage 7.1 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Enterprise Storage 7.1 libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Enterprise Storage 7.1 libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Micro 5.2 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Micro 5.3 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Micro 5.4 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Micro 5.5 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Manager Proxy LTS 4.3 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Manager Proxy LTS 4.3 libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Manager Proxy LTS 4.3 libtiff-devel-4.0.9-150000.45.50.1 as a component of SUSE Manager Server LTS 4.3 libtiff5-4.0.9-150000.45.50.1 as a component of SUSE Manager Server LTS 4.3 libtiff5-32bit-4.0.9-150000.45.50.1 as a component of SUSE Manager Server LTS 4.3 A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue. CVE-2025-8176 Container suse/nginx:latest:libtiff5-4.0.9-150000.45.50.1 SUSE Enterprise Storage 7.1:libtiff-devel-4.0.9-150000.45.50.1 SUSE Enterprise Storage 7.1:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Enterprise Storage 7.1:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Micro 5.2:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Micro 5.3:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Micro 5.4:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Micro 5.5:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libtiff5-4.0.9-150000.45.50.1 SUSE Manager Proxy LTS 4.3:libtiff-devel-4.0.9-150000.45.50.1 SUSE Manager Proxy LTS 4.3:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Manager Proxy LTS 4.3:libtiff5-4.0.9-150000.45.50.1 SUSE Manager Server LTS 4.3:libtiff-devel-4.0.9-150000.45.50.1 SUSE Manager Server LTS 4.3:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Manager Server LTS 4.3:libtiff5-4.0.9-150000.45.50.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502815-1/ https://www.suse.com/security/cve/CVE-2025-8176.html CVE-2025-8176 https://bugzilla.suse.com/1247108 SUSE Bug 1247108 A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer. CVE-2025-8177 Container suse/nginx:latest:libtiff5-4.0.9-150000.45.50.1 SUSE Enterprise Storage 7.1:libtiff-devel-4.0.9-150000.45.50.1 SUSE Enterprise Storage 7.1:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Enterprise Storage 7.1:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Micro 5.2:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Micro 5.3:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Micro 5.4:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Micro 5.5:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libtiff5-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libtiff-devel-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libtiff5-4.0.9-150000.45.50.1 SUSE Manager Proxy LTS 4.3:libtiff-devel-4.0.9-150000.45.50.1 SUSE Manager Proxy LTS 4.3:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Manager Proxy LTS 4.3:libtiff5-4.0.9-150000.45.50.1 SUSE Manager Server LTS 4.3:libtiff-devel-4.0.9-150000.45.50.1 SUSE Manager Server LTS 4.3:libtiff5-32bit-4.0.9-150000.45.50.1 SUSE Manager Server LTS 4.3:libtiff5-4.0.9-150000.45.50.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502815-1/ https://www.suse.com/security/cve/CVE-2025-8177.html CVE-2025-8177 https://bugzilla.suse.com/1247106 SUSE Bug 1247106