{"affected":[{"ecosystem_specific":{"binaries":[{"libtiff6":"4.7.1-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.7.1-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tiff fixes the following issues:\n\n- Update to 4.7.1:\n  Security:\n  * CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106)\n  * CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)\n  * CVE-2024-13978: libtiff: Fixed LibTIFF Null Pointer Dereference (bsc#1247581)\n  * CVE-2025-8534: Fixed null pointer dereference in function PS_Lvl2page (bsc#1247582)\n  * CVE-2025-8961: Fixed segmentation fault via main function of tiffcrop utility (bsc#1248117)\n  * CVE-2025-9165: libtiff: Fixed local execution manipulation leading to memory leak (bsc#1248330)\n  * CVE-2025-9900: libtiff: Fixed Write-What-Where via TIFFReadRGBAImageOriented (bsc#1250413)\n  Software configuration changes:\n  * Define HAVE_JPEGTURBO_DUAL_MODE_8_12 and LERC_STATIC in tif_config.h.\n  * CMake: define WORDS_BIGENDIAN via tif_config.h\n  * doc/CMakeLists.txt: remove useless cmake_minimum_required()\n  * CMake: fix build with LLVM/Clang 17 (fixes issue #651)\n  * CMake: set CMP0074 new policy\n  * Set LINKER_LANGUAGE for C targets with C deps\n  * Export tiffxx cmake target (fixes issue #674)\n  * autogen.sh: Enable verbose wget.\n  * configure.ac: Syntax updates for Autoconf 2.71\n  * autogen.sh: Re-implement based on autoreconf. Failure to update\n    config.guess/config.sub does not return error (fixes issue #672)\n  * CMake: fix CMake 4.0 warning when minimum required version is < 3.10.\n  * CMake: Add build option tiff-static (fixes issue #709)\n  Library changes:\n  * Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control\n    about emitting warnings for unknown tags. No longer emit warnings\n    about unknown tags by default\n  * tif_predict.c: speed-up decompression in some cases.\n  Bug fixes:\n  * tif_fax3: For fax group 3 data if no EOL is detected, reading is\n    retried without synchronisation for EOLs. (fixes issue #54)\n  * Updating TIFFMergeFieldInfo() with read_count=write_count=0 for\n    FIELD_IGNORE. Updating TIFFMergeFieldInfo() with read_count=write_count=0 for\n    FIELD_IGNORE. Improving handling when field_name = NULL. (fixes issue #532)\n  * tiff.h: add COMPRESSION_JXL_DNG_1_7=52546 as used for JPEGXL compression in\n    the DNG 1.7 specification\n  * TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags\n    defined with FIELD_xxx bits, as it is done for FIELD_CUSTOM tags. (fixes issue #648)\n  * Do not error out on a tag whose tag count value is zero, just issue a warning.\n    Fix parsing a private tag 0x80a6 (fixes issue #647)\n  * TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24 \n  * tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue #175)\n  * Fix writing a Predictor=3 file with non-native endianness\n  * _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds\n  * read / nullptr dereference) in case of out-of-memory situation when dealing with\n    custom tags (fixes issue #663)\n  * tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal 1 and\n    PlanarConfiguration = Contiguous (fixes issue #26)\n  * tif_fax3.c: error out after a number of times end-of-line or unexpected bad code\n    words have been reached. (fixes issue #670)\n  * Fix memory leak in TIFFSetupStrips() (fixes issue #665)\n  * tif_zip.c: Provide zlib allocation functions. Otherwise for zlib built with\n    -DZ_SOLO inflating will fail.\n  * Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676)\n  * tif_predict.c: Don’t overwrite input buffer of TIFFWriteScanline() if \"prediction\"\n    is enabled. Use extra working buffer in PredictorEncodeRow(). (fixes issue #5)\n  * tif_getimage.c: update some integer overflow checks (fixes issue #79)\n  * TIFFReadRGBAImage(): several fixes to avoid buffer overflows.\n  * Correct passing arguments to TIFFCvtIEEEFloatToNative() and TIFFCvtIEEEDoubleToNative()\n    if HAVE_IEEEFP is not defined. (fixes issue #699)\n  * LZWDecode(): avoid nullptr dereference when trying to read again after EOI marker\n    has been found with remaining output bytes (fixes issue #698)\n  * TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return.\n  * TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tif_rawcp when clearing\n    tif_rawdata (fixes issue #711)\n  * JPEGEncodeRaw(): error out if a previous scanline failed to be written, to avoid\n    out-of-bounds access (fixes issue #714)\n  * tif_jpeg: Fix bug in JPEGDecodeRaw() if JPEG_LIB_MK1_OR_12BIT is defined for 8/12bit\n    dual mode, introduced in libjpeg-turbo 2.2, which was actually released as 3.0.\n    Fixes issue #717\n  * add assert for TIFFReadCustomDirectory infoarray check.\n  * ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each line\n    were written wrongly. (fixes issue #467)\n  * fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d where\n    TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes issue #649)\n  * tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650)\n  * tiff2pdf: check h_samp and v_samp for range 1 to 4 to avoid division by zero.\n    Fixes issue #654\n  * tiff2pdf: avoid null pointer dereference. (fixes issue #741)\n  * Improve non-secure integer overflow check (comparison of division result with\n    multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and tiff2rgba.\n    Fixes issue #546\n  * tiff2rgba: fix some \"a partial expression can generate an overflow before it is\n    assigned to a broader type\" warnings. (fixes issue #682)\n  * tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes issue #703)\n  * tiffdither: avoid out-of-bounds read identified in issue #733\n  * tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707)\n  * tiffmedian: close input file. (fixes issue #735)\n  * thumbail: avoid potential out of bounds access (fixes issue #715)\n  * tiffcrop: close open TIFF files and release allocated buffers before exiting in case\n    of error to avoid memory leaks. (fixes issue #716)\n  * tiffcrop: fix double-free and memory leak exposed by issue #721\n  * tiffcrop: avoid buffer overflow. (fixes issue #740)\n  * tiffcrop: avoid nullptr dereference. (fixes issue #734)\n  * tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression *datamem\n    to PrintData, which uses it as a divisor or modulus.\n  * tiff2ps: check return of TIFFGetFiled() for TIFFTAG_STRIPBYTECOUNTS and\n    TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718)\n  * tiffcmp: fix memory leak when second file cannot be opened. (fixes issue #718 and issue #729)\n  * tiffcp: fix setting compression level for lossless codecs. (fixes issue #730)\n  * raw2tiff: close input file before exit (fixes issue #742)\n  Tools changes:\n  * tiffinfo: add a -W switch to warn about unknown tags.\n  * tiffdither: process all pages in input TIFF file.\n  Documentation:\n  * TIFFRGBAImage.rst note added for incorrect saving of images with TIFF orientation\n    from 5 (LeftTop) to 8 (LeftBottom) in the raster.\n  * TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue #67)\n  * Update \"Defining New TIFF Tags\" description. (fixes issue #642)\n  * Fix return type of TIFFReadEncodedTile()\n  * Update the documentation to reflect deprecated typedefs.\n  * TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for image\n    data and not for IFD data.\n  * Update documentation on re-entrancy and thread safety.\n  * Remove dead links to no more existing Awaresystems web-site.\n  * Updating BigTIFF specification and some miscelaneous editions.\n  * Replace some last links and remove last todos.\n  * Added hints for correct allocation of TIFFYCbCrtoRGB structure and its\n    associated buffers. (fixes issue #681)\n  * Added chapter to \"Using the TIFF Library\" with links to handling multi-page TIFF\n    and custom directories. (fixes issue #43)\n  * update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes issue #12)\n\n- Fix TIFFMergeFieldInfo() read_count=write_count=0 (bsc#1243503)\n- Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4\n- Add %check section\n- Remove Group: declarations, no longer used\n- Use python3-Sphinx instead of  %{primary_python}-Sphinx\n  based on recommendation from python maintainers.\n  * Fixes build issue of man flavor on 15.6\n- Update test/test_directory.c not to fail on big-endian machines (bsc#1236834).\n- Fix versioning of tiff-docs under Recommends\n\n- Update to 4.7.0:\n  * This version restores in the default build the availability of\n    the tools that had been dropped in v4.6.0\n  * Software configuration changes:\n    + autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection\n    + autoconf build: fix error when running make clean (fixes issue #630)\n    + autoconf build: back off the minimum required automake version to 1.11\n    + autoconf.ac: fix detection of windows.h for mingw (fixes issue #605)\n    + libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file\n      starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4)\n    + CMake: Fix TIFF_INCLUDE_DIRS\n    + CMake: MinGW compilers don't need a .def file for shared library\n    + CMake: move libdeflate and Lerc to Requires.private\n    + CMake: enable resource compilation on all Windows.\n  * Library changes:\n    + Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements\n      TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory\n      allocations in byte, for a given TIFF handle, that libtiff internal memory\n      allocation functions are allowed. \n    + TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged.\n    + TIFFXYZToRGB: avoid integer overflow (fixes issue #644)\n    + uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645)\n    + Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir)\n      is set inconsistently or incorrectly, depending on the previous history.\n    + TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ;\n      most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375)\n    + OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183)\n    + ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL\n    + LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values\n    + tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583)\n    + LZW: avoid warning about misaligned address with UBSAN (fixes issue #616)\n    + CVE-2023-52356: Fixed segment fault in TIFFReadRGBATileExt() leading to denial of service (bsc#1219213)\n    + tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests\n    + Avoid FPEs (division by zero) in tif_getimage.c.\n    + Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for\n      denominator not zero before macros are executed. (fixes issue #628)\n    + Add non-zero check before division in TIFFComputeStrip()\n    + Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active\n    + Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount\n    + Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure.\n    + For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to\n      avoid deleting the last character. (fixes issue #579)\n    + CVE-2024-7006: Fixed NULL pointer dereference in tif_dirinfo.c (bsc#1228924)\n    + Prevent some out-of-memory attacks (fixes issue #614)\n    + Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618)\n    + tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes issue #608)\n    + Fix warnings with GCC 14\n    + tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627)\n    + Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type.\n    + tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups\n    + Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble()\n    + Remove support for _MSC_VER < 1500.\n    + Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of __WIN32__\n  * Documentation:\n    + Amend manpages for changes in current directory index behaviour\n    + Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506)\n    + Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes\n  * Re-added tools:\n    + fax2ps\n    + fax2tiff\n    + pal2rgb\n    + ppm2tiff\n    + raw2tiff\n    + rgb2ycbcr (not installed)\n    + thumbnail (not installed)\n    + tiff2bw\n    + tiff2rgba\n    + tiffcmp\n    + tiffcrop\n    + tiffdither\n    + tiffgt\n    + tiffmedian\n    + tiff2ps\n    + tiff2pdf\n  * New/improved functionality:\n     + tiff2rgba: Add background gradient option for alpha compositing\n     + tiffcp: -i flag restored\n  * Bug fixes for tools:\n    + tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054\n    + tiffcrop: Apply \"Fix heap-buffer-overflow in function extractImageSection\"\n    + tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552)\n    + tiff2pdf: address Coverity scan issues\n    + tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF\n    + tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539)\n    + tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253)\n    + tiff2pdf: fixes issue #596\n    + thumbnail: address Coverity scan issues\n    + tiffcp: Add check for limitMalloc return to fix Coverity 1603334\n    + tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG\n    + tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs issue #571)\n    + tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG\n    + tiffcp: Check also codec of input image, not only from output image (fixes issue #606)\n    + Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions.\n    + fax2ps and fax2tiff: memory leak fixes (fixes issue #476)\n    + tiffmedian: memory leak fixes (fixes issue #599)\n    + fax2tiff: fix EOFB interpretation (fixes issue #191)\n    + fax2tiff: fix issue with unreasonable width input (fixes issue #249)\n    + tiffcp and tiffcrop: fixes issue #228\n    + tiff2rgba: fixes issue #469\n    + tiffdither: fixes issue #473\n    + tiffdump: fix wrong printf formatter in error message (Coverity 1472932)\n    + tiffset: avoid false positive Coverity Scan warning on 64-bit builds (Coverity 1518997)\n    + tifcp/tiffset: use correct format specifiers\n  * Changes to contributed and unsupported tools\n    + contrib/addtiffo: validate return of TIFFWriteEncodedXXXX() calls (Coverity 1024680)\n- Tools are not built for now due to test failure: `FAIL: tiffcp-32bpp-None-jpeg.sh`\n","id":"SUSE-SU-2025:20971-1","modified":"2025-11-06T11:07:55Z","published":"2025-11-06T11:07:55Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520971-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219213"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228924"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236834"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243503"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247106"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247108"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247581"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247582"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248117"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248330"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250413"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-52356"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-13978"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7006"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-8176"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-8177"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-8534"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-8961"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9165"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9900"}],"related":["CVE-2023-52356","CVE-2024-13978","CVE-2024-7006","CVE-2025-8176","CVE-2025-8177","CVE-2025-8534","CVE-2025-8961","CVE-2025-9165","CVE-2025-9900"],"summary":"Security update for tiff","upstream":["CVE-2023-52356","CVE-2024-13978","CVE-2024-7006","CVE-2025-8176","CVE-2025-8177","CVE-2025-8534","CVE-2025-8961","CVE-2025-9165","CVE-2025-9900"]}