Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-5315
Vulnerability from cvelistv5
Published
2017-03-07 15:00
Modified
2024-08-06 01:01
Severity ?
EPSS score ?
Summary
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:01:00.074Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "91204", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91204", }, { name: "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { name: "GLSA-201701-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201701-16", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", }, { name: "DSA-3762", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3762", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-15T00:00:00", descriptions: [ { lang: "en", value: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-07T12:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "91204", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91204", }, { name: "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { name: "GLSA-201701-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201701-16", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", }, { name: "DSA-3762", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3762", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5315", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "91204", refsource: "BID", url: "http://www.securityfocus.com/bid/91204", }, { name: "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { name: "GLSA-201701-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-16", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", }, { name: "DSA-3762", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3762", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5315", datePublished: "2017-03-07T15:00:00", dateReserved: "2016-06-06T00:00:00", dateUpdated: "2024-08-06T01:01:00.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2016-5315\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-03-07T15:59:00.283\",\"lastModified\":\"2024-11-21T02:54:05.157\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.\"},{\"lang\":\"es\",\"value\":\"La función setByteArray en tif_dir.c en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de una imagen tiff manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.6\",\"matchCriteriaId\":\"7DBB051D-E94D-4553-88A6-750BE80B7617\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3762\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/15/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91204\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1346694\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-16\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3762\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/15/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1346694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}", }, }
ghsa-7vx7-8m24-fqv4
Vulnerability from github
Published
2022-05-17 02:56
Modified
2022-05-17 02:56
Severity ?
Details
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
{ affected: [], aliases: [ "CVE-2016-5315", ], database_specific: { cwe_ids: [ "CWE-125", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-03-07T15:59:00Z", severity: "MODERATE", }, details: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", id: "GHSA-7vx7-8m24-fqv4", modified: "2022-05-17T02:56:21Z", published: "2022-05-17T02:56:21Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5315", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201701-16", }, { type: "WEB", url: "http://www.debian.org/security/2017/dsa-3762", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { type: "WEB", url: "http://www.securityfocus.com/bid/91204", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
WID-SEC-W-2023-2409
Vulnerability from csaf_certbund
Published
2016-06-14 22:00
Modified
2023-10-08 22:00
Summary
libTIFF: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libTIFF ist ein Softwarepaket für die Verarbeitung von Bilddateien in Tag Image File Format (TIFF).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libTIFF ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder um einen Denial of Service Zustand hervorzurufen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "libTIFF ist ein Softwarepaket für die Verarbeitung von Bilddateien in Tag Image File Format (TIFF).", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libTIFF ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder um einen Denial of Service Zustand hervorzurufen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2409 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2023-2409.json", }, { category: "self", summary: "WID-SEC-2023-2409 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2409", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1855 vom 2023-10-06", url: "https://alas.aws.amazon.com/ALAS-2023-1855.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2263 vom 2023-09-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2263.html", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/1", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/3", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/5", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/6", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/7", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/8", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/9", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2016:1546 vom 2016-08-03", url: "https://rhn.redhat.com/errata/RHSA-2016-1546.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2016:1547 vom 2016-08-03", url: "https://rhn.redhat.com/errata/RHSA-2016-1547.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2016:2271-1 vom 2016-09-10", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20162271-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2016:2527-1 vom 2016-10-13", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20162527-1.html", }, { category: "external", summary: "F5 Security Advisory SOL89096577 vom 2016-11-08", url: "https://support.f5.com/kb/en-us/solutions/public/k/89/sol89096577.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2016:3301-1 vom 2016-12-30", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1.html", }, { category: "external", summary: "Debian Security Advisory DSA-3762 vom 2017-01-14", url: "https://www.debian.org/security/2017/dsa-3762", }, { category: "external", summary: "Ubuntu Security Notice USN-3212-1 vom 2017-02-27", url: "http://www.ubuntu.com/usn/usn-3212-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-3212-2 vom 2017-05-30", url: "http://www.ubuntu.com/usn/usn-3212-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-3212-3 vom 2017-07-19", url: "http://www.ubuntu.com/usn/usn-3212-3/", }, { category: "external", summary: "Ubuntu Security Notice USN-3212-4 vom 2017-08-07", url: "http://www.ubuntu.com/usn/usn-3212-4/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2018:1472-1 vom 2018-05-31", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1.html", }, { category: "external", summary: "Juniper Security Advisory JSA11023 vom 2020-07-08", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023", }, ], source_lang: "en-US", title: "libTIFF: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-08T22:00:00.000+00:00", generator: { date: "2024-08-15T17:58:41.982+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2409", initial_release_date: "2016-06-14T22:00:00.000+00:00", revision_history: [ { date: "2016-06-14T22:00:00.000+00:00", number: "1", summary: "Initial Release", }, { date: "2016-06-14T22:00:00.000+00:00", number: "2", summary: "Version nicht vorhanden", }, { date: "2016-06-14T22:00:00.000+00:00", number: "3", summary: "Version nicht vorhanden", }, { date: "2016-08-02T22:00:00.000+00:00", number: "4", summary: "New remediations available", }, { date: "2016-08-02T22:00:00.000+00:00", number: "5", summary: "Version nicht vorhanden", }, { date: "2016-08-02T22:00:00.000+00:00", number: "6", summary: "Version nicht vorhanden", }, { date: "2016-08-02T22:00:00.000+00:00", number: "7", summary: "Version nicht vorhanden", }, { date: "2016-09-11T22:00:00.000+00:00", number: "8", summary: "New remediations available", }, { date: "2016-10-13T22:00:00.000+00:00", number: "9", summary: "New remediations available", }, { date: "2016-11-08T23:00:00.000+00:00", number: "10", summary: "New remediations available", }, { date: "2016-11-08T23:00:00.000+00:00", number: "11", summary: "Version nicht vorhanden", }, { date: "2016-12-29T23:00:00.000+00:00", number: "12", summary: "New remediations available", }, { date: "2017-01-15T23:00:00.000+00:00", number: "13", summary: "New remediations available", }, { date: "2017-02-27T23:00:00.000+00:00", number: "14", summary: "New remediations available", }, { date: "2017-05-30T22:00:00.000+00:00", number: "15", summary: "New remediations available", }, { date: "2017-07-19T22:00:00.000+00:00", number: "16", summary: "New remediations available", }, { date: "2017-08-07T22:00:00.000+00:00", number: "17", summary: "New remediations available", }, { date: "2018-05-31T22:00:00.000+00:00", number: "18", summary: "New remediations available", }, { date: "2020-07-08T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Juniper aufgenommen", }, { date: "2023-09-20T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-08T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Amazon aufgenommen", }, ], status: "final", version: "21", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "F5 WebAccelerator", product: { name: "F5 WebAccelerator", product_id: "T001723", product_identification_helper: { cpe: "cpe:/h:f5:big-ip_webaccelerator:-", }, }, }, ], category: "vendor", name: "F5", }, { branches: [ { category: "product_name", name: "Juniper Junos Space < 20.1R1", product: { name: "Juniper Junos Space < 20.1R1", product_id: "T016874", product_identification_helper: { cpe: "cpe:/a:juniper:junos_space:20.1r1", }, }, }, ], category: "vendor", name: "Juniper", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { category: "product_name", name: "Open Source libTIFF <= 4.0.6", product: { name: "Open Source libTIFF <= 4.0.6", product_id: "T006693", product_identification_helper: { cpe: "cpe:/a:libtiff:libtiff:4.0.6", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2016-5314", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5314", }, { cve: "CVE-2016-5315", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5315", }, { cve: "CVE-2016-5316", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5316", }, { cve: "CVE-2016-5317", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5317", }, { cve: "CVE-2016-5320", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5320", }, { cve: "CVE-2016-5321", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5321", }, { cve: "CVE-2016-5322", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5322", }, { cve: "CVE-2016-5323", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5323", }, ], }
wid-sec-w-2023-2409
Vulnerability from csaf_certbund
Published
2016-06-14 22:00
Modified
2023-10-08 22:00
Summary
libTIFF: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libTIFF ist ein Softwarepaket für die Verarbeitung von Bilddateien in Tag Image File Format (TIFF).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libTIFF ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder um einen Denial of Service Zustand hervorzurufen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "libTIFF ist ein Softwarepaket für die Verarbeitung von Bilddateien in Tag Image File Format (TIFF).", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libTIFF ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen oder um einen Denial of Service Zustand hervorzurufen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2409 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2023-2409.json", }, { category: "self", summary: "WID-SEC-2023-2409 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2409", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1855 vom 2023-10-06", url: "https://alas.aws.amazon.com/ALAS-2023-1855.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2263 vom 2023-09-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2263.html", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/1", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/3", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/5", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/6", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/7", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/8", }, { category: "external", summary: "OSS Security Mailing List vom 2016-06-14", url: "http://www.openwall.com/lists/oss-security/2016/06/15/9", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2016:1546 vom 2016-08-03", url: "https://rhn.redhat.com/errata/RHSA-2016-1546.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2016:1547 vom 2016-08-03", url: "https://rhn.redhat.com/errata/RHSA-2016-1547.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2016:2271-1 vom 2016-09-10", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20162271-1.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2016:2527-1 vom 2016-10-13", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20162527-1.html", }, { category: "external", summary: "F5 Security Advisory SOL89096577 vom 2016-11-08", url: "https://support.f5.com/kb/en-us/solutions/public/k/89/sol89096577.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2016:3301-1 vom 2016-12-30", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1.html", }, { category: "external", summary: "Debian Security Advisory DSA-3762 vom 2017-01-14", url: "https://www.debian.org/security/2017/dsa-3762", }, { category: "external", summary: "Ubuntu Security Notice USN-3212-1 vom 2017-02-27", url: "http://www.ubuntu.com/usn/usn-3212-1/", }, { category: "external", summary: "Ubuntu Security Notice USN-3212-2 vom 2017-05-30", url: "http://www.ubuntu.com/usn/usn-3212-2/", }, { category: "external", summary: "Ubuntu Security Notice USN-3212-3 vom 2017-07-19", url: "http://www.ubuntu.com/usn/usn-3212-3/", }, { category: "external", summary: "Ubuntu Security Notice USN-3212-4 vom 2017-08-07", url: "http://www.ubuntu.com/usn/usn-3212-4/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2018:1472-1 vom 2018-05-31", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1.html", }, { category: "external", summary: "Juniper Security Advisory JSA11023 vom 2020-07-08", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11023", }, ], source_lang: "en-US", title: "libTIFF: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-08T22:00:00.000+00:00", generator: { date: "2024-08-15T17:58:41.982+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2409", initial_release_date: "2016-06-14T22:00:00.000+00:00", revision_history: [ { date: "2016-06-14T22:00:00.000+00:00", number: "1", summary: "Initial Release", }, { date: "2016-06-14T22:00:00.000+00:00", number: "2", summary: "Version nicht vorhanden", }, { date: "2016-06-14T22:00:00.000+00:00", number: "3", summary: "Version nicht vorhanden", }, { date: "2016-08-02T22:00:00.000+00:00", number: "4", summary: "New remediations available", }, { date: "2016-08-02T22:00:00.000+00:00", number: "5", summary: "Version nicht vorhanden", }, { date: "2016-08-02T22:00:00.000+00:00", number: "6", summary: "Version nicht vorhanden", }, { date: "2016-08-02T22:00:00.000+00:00", number: "7", summary: "Version nicht vorhanden", }, { date: "2016-09-11T22:00:00.000+00:00", number: "8", summary: "New remediations available", }, { date: "2016-10-13T22:00:00.000+00:00", number: "9", summary: "New remediations available", }, { date: "2016-11-08T23:00:00.000+00:00", number: "10", summary: "New remediations available", }, { date: "2016-11-08T23:00:00.000+00:00", number: "11", summary: "Version nicht vorhanden", }, { date: "2016-12-29T23:00:00.000+00:00", number: "12", summary: "New remediations available", }, { date: "2017-01-15T23:00:00.000+00:00", number: "13", summary: "New remediations available", }, { date: "2017-02-27T23:00:00.000+00:00", number: "14", summary: "New remediations available", }, { date: "2017-05-30T22:00:00.000+00:00", number: "15", summary: "New remediations available", }, { date: "2017-07-19T22:00:00.000+00:00", number: "16", summary: "New remediations available", }, { date: "2017-08-07T22:00:00.000+00:00", number: "17", summary: "New remediations available", }, { date: "2018-05-31T22:00:00.000+00:00", number: "18", summary: "New remediations available", }, { date: "2020-07-08T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Juniper aufgenommen", }, { date: "2023-09-20T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-08T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Amazon aufgenommen", }, ], status: "final", version: "21", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "F5 WebAccelerator", product: { name: "F5 WebAccelerator", product_id: "T001723", product_identification_helper: { cpe: "cpe:/h:f5:big-ip_webaccelerator:-", }, }, }, ], category: "vendor", name: "F5", }, { branches: [ { category: "product_name", name: "Juniper Junos Space < 20.1R1", product: { name: "Juniper Junos Space < 20.1R1", product_id: "T016874", product_identification_helper: { cpe: "cpe:/a:juniper:junos_space:20.1r1", }, }, }, ], category: "vendor", name: "Juniper", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { category: "product_name", name: "Open Source libTIFF <= 4.0.6", product: { name: "Open Source libTIFF <= 4.0.6", product_id: "T006693", product_identification_helper: { cpe: "cpe:/a:libtiff:libtiff:4.0.6", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2016-5314", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5314", }, { cve: "CVE-2016-5315", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5315", }, { cve: "CVE-2016-5316", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5316", }, { cve: "CVE-2016-5317", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5317", }, { cve: "CVE-2016-5320", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5320", }, { cve: "CVE-2016-5321", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5321", }, { cve: "CVE-2016-5322", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5322", }, { cve: "CVE-2016-5323", notes: [ { category: "description", text: "In libTIFF existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand hervorzurufen oder um möglicherweise beliebigen Code mit den Privilegien der libTIFF-nutzenden Applikation auszuführen. Bei den Schwachstellen handelt es sich um out-of-bound Lesefehlern, ungültigen Lesezugriffen und divide-by-zero-Fehlern.", }, ], product_status: { known_affected: [ "2951", "T001723", "T002207", "67646", "T000126", "398363", "1727", ], last_affected: [ "T006693", ], }, release_date: "2016-06-14T22:00:00.000+00:00", title: "CVE-2016-5323", }, ], }
gsd-2016-5315
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
Aliases
Aliases
{ GSD: { alias: "CVE-2016-5315", description: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", id: "GSD-2016-5315", references: [ "https://www.suse.com/security/cve/CVE-2016-5315.html", "https://www.debian.org/security/2017/dsa-3762", "https://ubuntu.com/security/CVE-2016-5315", "https://advisories.mageia.org/CVE-2016-5315.html", "https://security.archlinux.org/CVE-2016-5315", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2016-5315", ], details: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", id: "GSD-2016-5315", modified: "2023-12-13T01:21:25.294535Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5315", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "91204", refsource: "BID", url: "http://www.securityfocus.com/bid/91204", }, { name: "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { name: "GLSA-201701-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-16", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", }, { name: "DSA-3762", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3762", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.0.6", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5315", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201701-16", refsource: "GENTOO", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://security.gentoo.org/glsa/201701-16", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", refsource: "CONFIRM", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", }, { name: "91204", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91204", }, { name: "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { name: "DSA-3762", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3762", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, }, }, lastModifiedDate: "2017-03-08T16:52Z", publishedDate: "2017-03-07T15:59Z", }, }, }
suse-su-2018:1472-1
Vulnerability from csaf_suse
Published
2018-05-30 07:08
Modified
2018-05-30 07:08
Summary
Security update for tiff
Notes
Title of the patch
Security update for tiff
Description of the patch
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809)
- CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694)
- CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254)
- CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250)
- CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317)
- CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129)
- CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127)
- CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126)
- CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120)
- CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113)
- CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112)
- CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111)
- CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109)
- Multiple divide by zero issues
- CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831)
Patchnames
sdksp4-tiff-13631,slessp4-tiff-13631
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tiff", title: "Title of the patch", }, { category: "description", text: "This update for tiff fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809)\n- CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694)\n- CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254)\n- CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250)\n- CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317)\n- CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129)\n- CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127)\n- CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126)\n- CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120)\n- CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113)\n- CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112)\n- CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111)\n- CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109)\n- Multiple divide by zero issues\n- CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831)\n", title: "Description of the patch", }, { category: "details", text: "sdksp4-tiff-13631,slessp4-tiff-13631", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1472-1.json", }, { category: "self", summary: "URL for SUSE-SU-2018:1472-1", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2018:1472-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004101.html", }, { category: "self", summary: "SUSE Bug 1017694", url: "https://bugzilla.suse.com/1017694", }, { category: "self", summary: "SUSE Bug 1031250", url: "https://bugzilla.suse.com/1031250", }, { category: "self", summary: "SUSE Bug 1031254", url: "https://bugzilla.suse.com/1031254", }, { category: "self", summary: "SUSE Bug 1033109", url: "https://bugzilla.suse.com/1033109", }, { category: "self", summary: "SUSE Bug 1033111", url: "https://bugzilla.suse.com/1033111", }, { category: "self", summary: "SUSE Bug 1033112", url: "https://bugzilla.suse.com/1033112", }, { category: "self", summary: "SUSE Bug 1033113", url: "https://bugzilla.suse.com/1033113", }, { category: "self", summary: "SUSE Bug 1033120", url: "https://bugzilla.suse.com/1033120", }, { category: "self", summary: "SUSE Bug 1033126", url: "https://bugzilla.suse.com/1033126", }, { category: "self", summary: "SUSE Bug 1033127", url: "https://bugzilla.suse.com/1033127", }, { category: "self", summary: "SUSE Bug 1033129", url: "https://bugzilla.suse.com/1033129", }, { category: "self", summary: "SUSE Bug 1074317", url: "https://bugzilla.suse.com/1074317", }, { category: "self", summary: "SUSE Bug 984808", url: "https://bugzilla.suse.com/984808", }, { category: "self", summary: "SUSE Bug 984809", url: "https://bugzilla.suse.com/984809", }, { category: "self", summary: "SUSE Bug 984831", url: "https://bugzilla.suse.com/984831", }, { category: "self", summary: "SUSE Bug 987351", url: "https://bugzilla.suse.com/987351", }, { category: "self", summary: "SUSE CVE CVE-2016-10267 page", url: "https://www.suse.com/security/cve/CVE-2016-10267/", }, { category: "self", summary: "SUSE CVE CVE-2016-10269 page", url: "https://www.suse.com/security/cve/CVE-2016-10269/", }, { category: "self", summary: "SUSE CVE CVE-2016-10270 page", url: "https://www.suse.com/security/cve/CVE-2016-10270/", }, { category: "self", summary: "SUSE CVE CVE-2016-5314 page", url: "https://www.suse.com/security/cve/CVE-2016-5314/", }, { category: "self", summary: "SUSE CVE CVE-2016-5315 page", url: "https://www.suse.com/security/cve/CVE-2016-5315/", }, { category: "self", summary: "SUSE CVE CVE-2017-18013 page", url: "https://www.suse.com/security/cve/CVE-2017-18013/", }, { category: "self", summary: "SUSE CVE CVE-2017-7593 page", url: "https://www.suse.com/security/cve/CVE-2017-7593/", }, { category: "self", summary: "SUSE CVE CVE-2017-7595 page", url: "https://www.suse.com/security/cve/CVE-2017-7595/", }, { category: "self", summary: "SUSE CVE CVE-2017-7596 page", url: "https://www.suse.com/security/cve/CVE-2017-7596/", }, { category: "self", summary: "SUSE CVE CVE-2017-7597 page", url: "https://www.suse.com/security/cve/CVE-2017-7597/", }, { category: "self", summary: "SUSE CVE CVE-2017-7599 page", url: "https://www.suse.com/security/cve/CVE-2017-7599/", }, { category: "self", summary: "SUSE CVE CVE-2017-7600 page", url: "https://www.suse.com/security/cve/CVE-2017-7600/", }, { category: "self", summary: "SUSE CVE CVE-2017-7601 page", url: "https://www.suse.com/security/cve/CVE-2017-7601/", }, { category: "self", summary: "SUSE CVE CVE-2017-7602 page", url: "https://www.suse.com/security/cve/CVE-2017-7602/", }, ], title: "Security update for tiff", tracking: { current_release_date: "2018-05-30T07:08:57Z", generator: { date: "2018-05-30T07:08:57Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2018:1472-1", initial_release_date: "2018-05-30T07:08:57Z", revision_history: [ { date: "2018-05-30T07:08:57Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.i586", product: { name: "libtiff-devel-3.8.2-141.169.6.1.i586", product_id: "libtiff-devel-3.8.2-141.169.6.1.i586", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.i586", product: { name: "libtiff3-3.8.2-141.169.6.1.i586", product_id: "libtiff3-3.8.2-141.169.6.1.i586", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.i586", product: { name: "tiff-3.8.2-141.169.6.1.i586", product_id: "tiff-3.8.2-141.169.6.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.ia64", product: { name: "libtiff-devel-3.8.2-141.169.6.1.ia64", product_id: "libtiff-devel-3.8.2-141.169.6.1.ia64", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.ia64", product: { name: "libtiff3-3.8.2-141.169.6.1.ia64", product_id: "libtiff3-3.8.2-141.169.6.1.ia64", }, }, { category: "product_version", name: "libtiff3-x86-3.8.2-141.169.6.1.ia64", product: { name: "libtiff3-x86-3.8.2-141.169.6.1.ia64", product_id: "libtiff3-x86-3.8.2-141.169.6.1.ia64", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.ia64", product: { name: "tiff-3.8.2-141.169.6.1.ia64", product_id: "tiff-3.8.2-141.169.6.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.ppc64", product: { name: "libtiff-devel-3.8.2-141.169.6.1.ppc64", product_id: "libtiff-devel-3.8.2-141.169.6.1.ppc64", }, }, { category: "product_version", name: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", product: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", product_id: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.ppc64", product: { name: "libtiff3-3.8.2-141.169.6.1.ppc64", product_id: "libtiff3-3.8.2-141.169.6.1.ppc64", }, }, { category: "product_version", name: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", product: { name: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", product_id: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.ppc64", product: { name: "tiff-3.8.2-141.169.6.1.ppc64", product_id: "tiff-3.8.2-141.169.6.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.s390x", product: { name: "libtiff-devel-3.8.2-141.169.6.1.s390x", product_id: "libtiff-devel-3.8.2-141.169.6.1.s390x", }, }, { category: "product_version", name: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", product: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", product_id: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.s390x", product: { name: "libtiff3-3.8.2-141.169.6.1.s390x", product_id: "libtiff3-3.8.2-141.169.6.1.s390x", }, }, { category: "product_version", name: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", product: { name: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", product_id: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.s390x", product: { name: "tiff-3.8.2-141.169.6.1.s390x", product_id: "tiff-3.8.2-141.169.6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.x86_64", product: { name: "libtiff-devel-3.8.2-141.169.6.1.x86_64", product_id: "libtiff-devel-3.8.2-141.169.6.1.x86_64", }, }, { category: "product_version", name: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", product: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", product_id: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.x86_64", product: { name: "libtiff3-3.8.2-141.169.6.1.x86_64", product_id: "libtiff3-3.8.2-141.169.6.1.x86_64", }, }, { category: "product_version", name: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", product: { name: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", product_id: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.x86_64", product: { name: "tiff-3.8.2-141.169.6.1.x86_64", product_id: "tiff-3.8.2-141.169.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product: { name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_identification_helper: { cpe: "cpe:/a:suse:sle-sdk:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4", product: { name: "SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", }, product_reference: "libtiff3-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff3-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-x86-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff3-x86-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", }, product_reference: "tiff-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", }, product_reference: "tiff-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", }, product_reference: "tiff-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", }, product_reference: "tiff-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", }, product_reference: "tiff-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", }, product_reference: "libtiff3-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff3-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-x86-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff3-x86-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", }, product_reference: "tiff-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", }, product_reference: "tiff-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", }, product_reference: "tiff-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", }, product_reference: "tiff-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", }, product_reference: "tiff-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10267", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10267", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10267", url: "https://www.suse.com/security/cve/CVE-2016-10267", }, { category: "external", summary: "SUSE Bug 1017694 for CVE-2016-10267", url: "https://bugzilla.suse.com/1017694", }, { category: "external", summary: "SUSE Bug 1031262 for CVE-2016-10267", url: "https://bugzilla.suse.com/1031262", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-10267", }, { cve: "CVE-2016-10269", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10269", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 512\" and libtiff/tif_unix.c:340:2.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10269", url: "https://www.suse.com/security/cve/CVE-2016-10269", }, { category: "external", summary: "SUSE Bug 1017693 for CVE-2016-10269", url: "https://bugzilla.suse.com/1017693", }, { category: "external", summary: "SUSE Bug 1031254 for CVE-2016-10269", url: "https://bugzilla.suse.com/1031254", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-10269", }, { cve: "CVE-2016-10270", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10270", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 8\" and libtiff/tif_read.c:523:22.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10270", url: "https://www.suse.com/security/cve/CVE-2016-10270", }, { category: "external", summary: "SUSE Bug 1031250 for CVE-2016-10270", url: "https://bugzilla.suse.com/1031250", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-10270", }, { cve: "CVE-2016-5314", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5314", }, ], notes: [ { category: "general", text: "Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5314", url: "https://www.suse.com/security/cve/CVE-2016-5314", }, { category: "external", summary: "SUSE Bug 984831 for CVE-2016-5314", url: "https://bugzilla.suse.com/984831", }, { category: "external", summary: "SUSE Bug 987351 for CVE-2016-5314", url: "https://bugzilla.suse.com/987351", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-5314", }, { cve: "CVE-2016-5315", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5315", }, ], notes: [ { category: "general", text: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5315", url: "https://www.suse.com/security/cve/CVE-2016-5315", }, { category: "external", summary: "SUSE Bug 984809 for CVE-2016-5315", url: "https://bugzilla.suse.com/984809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-5315", }, { cve: "CVE-2017-18013", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-18013", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-18013", url: "https://www.suse.com/security/cve/CVE-2017-18013", }, { category: "external", summary: "SUSE Bug 1074317 for CVE-2017-18013", url: "https://bugzilla.suse.com/1074317", }, { category: "external", summary: "SUSE Bug 1082825 for CVE-2017-18013", url: "https://bugzilla.suse.com/1082825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "important", }, ], title: "CVE-2017-18013", }, { cve: "CVE-2017-7593", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7593", }, ], notes: [ { category: "general", text: "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7593", url: "https://www.suse.com/security/cve/CVE-2017-7593", }, { category: "external", summary: "SUSE Bug 1033129 for CVE-2017-7593", url: "https://bugzilla.suse.com/1033129", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7593", }, { cve: "CVE-2017-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7595", }, ], notes: [ { category: "general", text: "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7595", url: "https://www.suse.com/security/cve/CVE-2017-7595", }, { category: "external", summary: "SUSE Bug 1033111 for CVE-2017-7595", url: "https://bugzilla.suse.com/1033111", }, { category: "external", summary: "SUSE Bug 1033127 for CVE-2017-7595", url: "https://bugzilla.suse.com/1033127", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7595", }, { cve: "CVE-2017-7596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7596", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7596", url: "https://www.suse.com/security/cve/CVE-2017-7596", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "important", }, ], title: "CVE-2017-7596", }, { cve: "CVE-2017-7597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7597", }, ], notes: [ { category: "general", text: "tif_dirread.c in LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7597", url: "https://www.suse.com/security/cve/CVE-2017-7597", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7597", }, { cve: "CVE-2017-7599", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7599", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7599", url: "https://www.suse.com/security/cve/CVE-2017-7599", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7599", }, { cve: "CVE-2017-7600", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7600", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7600", url: "https://www.suse.com/security/cve/CVE-2017-7600", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "low", }, ], title: "CVE-2017-7600", }, { cve: "CVE-2017-7601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7601", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7601", url: "https://www.suse.com/security/cve/CVE-2017-7601", }, { category: "external", summary: "SUSE Bug 1033111 for CVE-2017-7601", url: "https://bugzilla.suse.com/1033111", }, { category: "external", summary: "SUSE Bug 1033127 for CVE-2017-7601", url: "https://bugzilla.suse.com/1033127", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "low", }, ], title: "CVE-2017-7601", }, { cve: "CVE-2017-7602", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7602", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7602", url: "https://www.suse.com/security/cve/CVE-2017-7602", }, { category: "external", summary: "SUSE Bug 1033109 for CVE-2017-7602", url: "https://bugzilla.suse.com/1033109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7602", }, ], }
fkie_cve-2016-5315
Vulnerability from fkie_nvd
Published
2017-03-07 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libtiff | libtiff | * | |
| debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", matchCriteriaId: "7DBB051D-E94D-4553-88A6-750BE80B7617", versionEndIncluding: "4.0.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", }, { lang: "es", value: "La función setByteArray en tif_dir.c en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de una imagen tiff manipulada.", }, ], id: "CVE-2016-5315", lastModified: "2024-11-21T02:54:05.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-07T15:59:00.283", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3762", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91204", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://security.gentoo.org/glsa/201701-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3762", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/15/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1346694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://security.gentoo.org/glsa/201701-16", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.