SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2770

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2770

Security update for tiff

Type: security

Severity: important

Issued: 2025-08-12

Description:

This update for tiff fixes the following issues:

- Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503)
- CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
- CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() 
  when processing malformed TIFF files (bsc#1247106)
- Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4
- Add %check section
- Remove Group: declarations, no longer used

References

CVE: CVE-2025-8177
CVE: CVE-2025-8176
Bugzilla: 1247108 VUL-0: CVE-2025-8176: tiff: heap use-after-free in tools/tiffmedian.c
Bugzilla: 1247106 VUL-0: CVE-2025-8177: tiff: possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files
Bugzilla: 1243503 magick: The value of field_readcount and field_writecount must be greater than or equal to -3 and not zero.. `TIFFMergeFieldInfo' @ error/tiff.c/TIFFErrors/599.

Packages

tiff-4.7.0-150600.3.13.1