Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7602
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:04:12.014Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", }, { name: "97500", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97500", }, { name: "DSA-3844", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3844", }, { name: "GLSA-201709-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201709-27", }, { name: "USN-3602-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3602-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-04-09T00:00:00", descriptions: [ { lang: "en", value: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-21T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", }, { name: "97500", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97500", }, { name: "DSA-3844", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3844", }, { name: "GLSA-201709-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201709-27", }, { name: "USN-3602-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3602-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-7602", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", refsource: "MISC", url: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", }, { name: "97500", refsource: "BID", url: "http://www.securityfocus.com/bid/97500", }, { name: "DSA-3844", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3844", }, { name: "GLSA-201709-27", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201709-27", }, { name: "USN-3602-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3602-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-7602", datePublished: "2017-04-09T14:00:00", dateReserved: "2017-04-09T00:00:00", dateUpdated: "2024-08-05T16:04:12.014Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2017-7602\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-04-09T14:59:00.467\",\"lastModified\":\"2024-11-21T03:32:15.517\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.\"},{\"lang\":\"es\",\"value\":\"LibTIFF 4.0.7 tiene un desbordamiento de enteros con signo, lo que podría permitir a atacantes remotos provocar una denegación de servicio (fallo de la aplicación) o posiblemente tener otro impacto no especificado a través de una imagen manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE968DD2-24BE-4417-A6DF-D79E40E07766\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3844\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/97500\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201709-27\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3602-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/97500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201709-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3602-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
fkie_cve-2017-7602
Vulnerability from fkie_nvd
Published
2017-04-09 14:59
Modified
2024-11-21 03:32
Severity ?
Summary
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "FE968DD2-24BE-4417-A6DF-D79E40E07766", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", }, { lang: "es", value: "LibTIFF 4.0.7 tiene un desbordamiento de enteros con signo, lo que podría permitir a atacantes remotos provocar una denegación de servicio (fallo de la aplicación) o posiblemente tener otro impacto no especificado a través de una imagen manipulada.", }, ], id: "CVE-2017-7602", lastModified: "2024-11-21T03:32:15.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-09T14:59:00.467", references: [ { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3844", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97500", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201709-27", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3602-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97500", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201709-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3602-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2017-7602
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
Aliases
Aliases
{ GSD: { alias: "CVE-2017-7602", description: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", id: "GSD-2017-7602", references: [ "https://www.suse.com/security/cve/CVE-2017-7602.html", "https://www.debian.org/security/2017/dsa-3844", "https://ubuntu.com/security/CVE-2017-7602", "https://advisories.mageia.org/CVE-2017-7602.html", "https://security.archlinux.org/CVE-2017-7602", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2017-7602", ], details: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", id: "GSD-2017-7602", modified: "2023-12-13T01:21:06.292997Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-7602", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", refsource: "MISC", url: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", }, { name: "97500", refsource: "BID", url: "http://www.securityfocus.com/bid/97500", }, { name: "DSA-3844", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3844", }, { name: "GLSA-201709-27", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201709-27", }, { name: "USN-3602-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3602-1/", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-7602", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-190", }, ], }, ], }, references: { reference_data: [ { name: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", refsource: "MISC", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", }, { name: "97500", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97500", }, { name: "GLSA-201709-27", refsource: "GENTOO", tags: [], url: "https://security.gentoo.org/glsa/201709-27", }, { name: "DSA-3844", refsource: "DEBIAN", tags: [], url: "http://www.debian.org/security/2017/dsa-3844", }, { name: "USN-3602-1", refsource: "UBUNTU", tags: [], url: "https://usn.ubuntu.com/3602-1/", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, }, }, lastModifiedDate: "2018-03-22T01:29Z", publishedDate: "2017-04-09T14:59Z", }, }, }
ghsa-7xh9-cpwq-c77x
Vulnerability from github
Published
2022-05-14 03:36
Modified
2022-05-14 03:36
Severity ?
Details
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
{ affected: [], aliases: [ "CVE-2017-7602", ], database_specific: { cwe_ids: [ "CWE-190", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-04-09T14:59:00Z", severity: "HIGH", }, details: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", id: "GHSA-7xh9-cpwq-c77x", modified: "2022-05-14T03:36:18Z", published: "2022-05-14T03:36:18Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7602", }, { type: "WEB", url: "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201709-27", }, { type: "WEB", url: "https://usn.ubuntu.com/3602-1", }, { type: "WEB", url: "http://www.debian.org/security/2017/dsa-3844", }, { type: "WEB", url: "http://www.securityfocus.com/bid/97500", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
suse-su-2018:1472-1
Vulnerability from csaf_suse
Published
2018-05-30 07:08
Modified
2018-05-30 07:08
Summary
Security update for tiff
Notes
Title of the patch
Security update for tiff
Description of the patch
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809)
- CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694)
- CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254)
- CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250)
- CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317)
- CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129)
- CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127)
- CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126)
- CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120)
- CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113)
- CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112)
- CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111)
- CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109)
- Multiple divide by zero issues
- CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831)
Patchnames
sdksp4-tiff-13631,slessp4-tiff-13631
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tiff", title: "Title of the patch", }, { category: "description", text: "This update for tiff fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809)\n- CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694)\n- CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254)\n- CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250)\n- CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317)\n- CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129)\n- CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127)\n- CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126)\n- CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120)\n- CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113)\n- CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112)\n- CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111)\n- CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109)\n- Multiple divide by zero issues\n- CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831)\n", title: "Description of the patch", }, { category: "details", text: "sdksp4-tiff-13631,slessp4-tiff-13631", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1472-1.json", }, { category: "self", summary: "URL for SUSE-SU-2018:1472-1", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2018:1472-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004101.html", }, { category: "self", summary: "SUSE Bug 1017694", url: "https://bugzilla.suse.com/1017694", }, { category: "self", summary: "SUSE Bug 1031250", url: "https://bugzilla.suse.com/1031250", }, { category: "self", summary: "SUSE Bug 1031254", url: "https://bugzilla.suse.com/1031254", }, { category: "self", summary: "SUSE Bug 1033109", url: "https://bugzilla.suse.com/1033109", }, { category: "self", summary: "SUSE Bug 1033111", url: "https://bugzilla.suse.com/1033111", }, { category: "self", summary: "SUSE Bug 1033112", url: "https://bugzilla.suse.com/1033112", }, { category: "self", summary: "SUSE Bug 1033113", url: "https://bugzilla.suse.com/1033113", }, { category: "self", summary: "SUSE Bug 1033120", url: "https://bugzilla.suse.com/1033120", }, { category: "self", summary: "SUSE Bug 1033126", url: "https://bugzilla.suse.com/1033126", }, { category: "self", summary: "SUSE Bug 1033127", url: "https://bugzilla.suse.com/1033127", }, { category: "self", summary: "SUSE Bug 1033129", url: "https://bugzilla.suse.com/1033129", }, { category: "self", summary: "SUSE Bug 1074317", url: "https://bugzilla.suse.com/1074317", }, { category: "self", summary: "SUSE Bug 984808", url: "https://bugzilla.suse.com/984808", }, { category: "self", summary: "SUSE Bug 984809", url: "https://bugzilla.suse.com/984809", }, { category: "self", summary: "SUSE Bug 984831", url: "https://bugzilla.suse.com/984831", }, { category: "self", summary: "SUSE Bug 987351", url: "https://bugzilla.suse.com/987351", }, { category: "self", summary: "SUSE CVE CVE-2016-10267 page", url: "https://www.suse.com/security/cve/CVE-2016-10267/", }, { category: "self", summary: "SUSE CVE CVE-2016-10269 page", url: "https://www.suse.com/security/cve/CVE-2016-10269/", }, { category: "self", summary: "SUSE CVE CVE-2016-10270 page", url: "https://www.suse.com/security/cve/CVE-2016-10270/", }, { category: "self", summary: "SUSE CVE CVE-2016-5314 page", url: "https://www.suse.com/security/cve/CVE-2016-5314/", }, { category: "self", summary: "SUSE CVE CVE-2016-5315 page", url: "https://www.suse.com/security/cve/CVE-2016-5315/", }, { category: "self", summary: "SUSE CVE CVE-2017-18013 page", url: "https://www.suse.com/security/cve/CVE-2017-18013/", }, { category: "self", summary: "SUSE CVE CVE-2017-7593 page", url: "https://www.suse.com/security/cve/CVE-2017-7593/", }, { category: "self", summary: "SUSE CVE CVE-2017-7595 page", url: "https://www.suse.com/security/cve/CVE-2017-7595/", }, { category: "self", summary: "SUSE CVE CVE-2017-7596 page", url: "https://www.suse.com/security/cve/CVE-2017-7596/", }, { category: "self", summary: "SUSE CVE CVE-2017-7597 page", url: "https://www.suse.com/security/cve/CVE-2017-7597/", }, { category: "self", summary: "SUSE CVE CVE-2017-7599 page", url: "https://www.suse.com/security/cve/CVE-2017-7599/", }, { category: "self", summary: "SUSE CVE CVE-2017-7600 page", url: "https://www.suse.com/security/cve/CVE-2017-7600/", }, { category: "self", summary: "SUSE CVE CVE-2017-7601 page", url: "https://www.suse.com/security/cve/CVE-2017-7601/", }, { category: "self", summary: "SUSE CVE CVE-2017-7602 page", url: "https://www.suse.com/security/cve/CVE-2017-7602/", }, ], title: "Security update for tiff", tracking: { current_release_date: "2018-05-30T07:08:57Z", generator: { date: "2018-05-30T07:08:57Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2018:1472-1", initial_release_date: "2018-05-30T07:08:57Z", revision_history: [ { date: "2018-05-30T07:08:57Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.i586", product: { name: "libtiff-devel-3.8.2-141.169.6.1.i586", product_id: "libtiff-devel-3.8.2-141.169.6.1.i586", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.i586", product: { name: "libtiff3-3.8.2-141.169.6.1.i586", product_id: "libtiff3-3.8.2-141.169.6.1.i586", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.i586", product: { name: "tiff-3.8.2-141.169.6.1.i586", product_id: "tiff-3.8.2-141.169.6.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.ia64", product: { name: "libtiff-devel-3.8.2-141.169.6.1.ia64", product_id: "libtiff-devel-3.8.2-141.169.6.1.ia64", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.ia64", product: { name: "libtiff3-3.8.2-141.169.6.1.ia64", product_id: "libtiff3-3.8.2-141.169.6.1.ia64", }, }, { category: "product_version", name: "libtiff3-x86-3.8.2-141.169.6.1.ia64", product: { name: "libtiff3-x86-3.8.2-141.169.6.1.ia64", product_id: "libtiff3-x86-3.8.2-141.169.6.1.ia64", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.ia64", product: { name: "tiff-3.8.2-141.169.6.1.ia64", product_id: "tiff-3.8.2-141.169.6.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.ppc64", product: { name: "libtiff-devel-3.8.2-141.169.6.1.ppc64", product_id: "libtiff-devel-3.8.2-141.169.6.1.ppc64", }, }, { category: "product_version", name: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", product: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", product_id: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.ppc64", product: { name: "libtiff3-3.8.2-141.169.6.1.ppc64", product_id: "libtiff3-3.8.2-141.169.6.1.ppc64", }, }, { category: "product_version", name: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", product: { name: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", product_id: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.ppc64", product: { name: "tiff-3.8.2-141.169.6.1.ppc64", product_id: "tiff-3.8.2-141.169.6.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.s390x", product: { name: "libtiff-devel-3.8.2-141.169.6.1.s390x", product_id: "libtiff-devel-3.8.2-141.169.6.1.s390x", }, }, { category: "product_version", name: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", product: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", product_id: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.s390x", product: { name: "libtiff3-3.8.2-141.169.6.1.s390x", product_id: "libtiff3-3.8.2-141.169.6.1.s390x", }, }, { category: "product_version", name: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", product: { name: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", product_id: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.s390x", product: { name: "tiff-3.8.2-141.169.6.1.s390x", product_id: "tiff-3.8.2-141.169.6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libtiff-devel-3.8.2-141.169.6.1.x86_64", product: { name: "libtiff-devel-3.8.2-141.169.6.1.x86_64", product_id: "libtiff-devel-3.8.2-141.169.6.1.x86_64", }, }, { category: "product_version", name: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", product: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", product_id: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", }, }, { category: "product_version", name: "libtiff3-3.8.2-141.169.6.1.x86_64", product: { name: "libtiff3-3.8.2-141.169.6.1.x86_64", product_id: "libtiff3-3.8.2-141.169.6.1.x86_64", }, }, { category: "product_version", name: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", product: { name: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", product_id: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", }, }, { category: "product_version", name: "tiff-3.8.2-141.169.6.1.x86_64", product: { name: "tiff-3.8.2-141.169.6.1.x86_64", product_id: "tiff-3.8.2-141.169.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product: { name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_identification_helper: { cpe: "cpe:/a:suse:sle-sdk:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4", product: { name: "SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff-devel-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", }, product_reference: "libtiff3-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff3-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-x86-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff3-x86-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", }, product_reference: "tiff-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", }, product_reference: "tiff-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", }, product_reference: "tiff-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", }, product_reference: "tiff-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", }, product_reference: "tiff-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", }, product_reference: "libtiff3-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff3-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff3-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", }, product_reference: "libtiff3-32bit-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libtiff3-x86-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", }, product_reference: "libtiff3-x86-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", }, product_reference: "tiff-3.8.2-141.169.6.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", }, product_reference: "tiff-3.8.2-141.169.6.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", }, product_reference: "tiff-3.8.2-141.169.6.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", }, product_reference: "tiff-3.8.2-141.169.6.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "tiff-3.8.2-141.169.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", }, product_reference: "tiff-3.8.2-141.169.6.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10267", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10267", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10267", url: "https://www.suse.com/security/cve/CVE-2016-10267", }, { category: "external", summary: "SUSE Bug 1017694 for CVE-2016-10267", url: "https://bugzilla.suse.com/1017694", }, { category: "external", summary: "SUSE Bug 1031262 for CVE-2016-10267", url: "https://bugzilla.suse.com/1031262", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-10267", }, { cve: "CVE-2016-10269", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10269", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 512\" and libtiff/tif_unix.c:340:2.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10269", url: "https://www.suse.com/security/cve/CVE-2016-10269", }, { category: "external", summary: "SUSE Bug 1017693 for CVE-2016-10269", url: "https://bugzilla.suse.com/1017693", }, { category: "external", summary: "SUSE Bug 1031254 for CVE-2016-10269", url: "https://bugzilla.suse.com/1031254", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-10269", }, { cve: "CVE-2016-10270", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10270", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 8\" and libtiff/tif_read.c:523:22.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10270", url: "https://www.suse.com/security/cve/CVE-2016-10270", }, { category: "external", summary: "SUSE Bug 1031250 for CVE-2016-10270", url: "https://bugzilla.suse.com/1031250", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-10270", }, { cve: "CVE-2016-5314", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5314", }, ], notes: [ { category: "general", text: "Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5314", url: "https://www.suse.com/security/cve/CVE-2016-5314", }, { category: "external", summary: "SUSE Bug 984831 for CVE-2016-5314", url: "https://bugzilla.suse.com/984831", }, { category: "external", summary: "SUSE Bug 987351 for CVE-2016-5314", url: "https://bugzilla.suse.com/987351", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-5314", }, { cve: "CVE-2016-5315", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5315", }, ], notes: [ { category: "general", text: "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5315", url: "https://www.suse.com/security/cve/CVE-2016-5315", }, { category: "external", summary: "SUSE Bug 984809 for CVE-2016-5315", url: "https://bugzilla.suse.com/984809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2016-5315", }, { cve: "CVE-2017-18013", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-18013", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-18013", url: "https://www.suse.com/security/cve/CVE-2017-18013", }, { category: "external", summary: "SUSE Bug 1074317 for CVE-2017-18013", url: "https://bugzilla.suse.com/1074317", }, { category: "external", summary: "SUSE Bug 1082825 for CVE-2017-18013", url: "https://bugzilla.suse.com/1082825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "important", }, ], title: "CVE-2017-18013", }, { cve: "CVE-2017-7593", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7593", }, ], notes: [ { category: "general", text: "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7593", url: "https://www.suse.com/security/cve/CVE-2017-7593", }, { category: "external", summary: "SUSE Bug 1033129 for CVE-2017-7593", url: "https://bugzilla.suse.com/1033129", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7593", }, { cve: "CVE-2017-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7595", }, ], notes: [ { category: "general", text: "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7595", url: "https://www.suse.com/security/cve/CVE-2017-7595", }, { category: "external", summary: "SUSE Bug 1033111 for CVE-2017-7595", url: "https://bugzilla.suse.com/1033111", }, { category: "external", summary: "SUSE Bug 1033127 for CVE-2017-7595", url: "https://bugzilla.suse.com/1033127", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7595", }, { cve: "CVE-2017-7596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7596", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7596", url: "https://www.suse.com/security/cve/CVE-2017-7596", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "important", }, ], title: "CVE-2017-7596", }, { cve: "CVE-2017-7597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7597", }, ], notes: [ { category: "general", text: "tif_dirread.c in LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7597", url: "https://www.suse.com/security/cve/CVE-2017-7597", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7597", }, { cve: "CVE-2017-7599", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7599", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7599", url: "https://www.suse.com/security/cve/CVE-2017-7599", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7599", }, { cve: "CVE-2017-7600", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7600", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7600", url: "https://www.suse.com/security/cve/CVE-2017-7600", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "low", }, ], title: "CVE-2017-7600", }, { cve: "CVE-2017-7601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7601", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7601", url: "https://www.suse.com/security/cve/CVE-2017-7601", }, { category: "external", summary: "SUSE Bug 1033111 for CVE-2017-7601", url: "https://bugzilla.suse.com/1033111", }, { category: "external", summary: "SUSE Bug 1033127 for CVE-2017-7601", url: "https://bugzilla.suse.com/1033127", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "low", }, ], title: "CVE-2017-7601", }, { cve: "CVE-2017-7602", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7602", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7602", url: "https://www.suse.com/security/cve/CVE-2017-7602", }, { category: "external", summary: "SUSE Bug 1033109 for CVE-2017-7602", url: "https://bugzilla.suse.com/1033109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-05-30T07:08:57Z", details: "moderate", }, ], title: "CVE-2017-7602", }, ], }
suse-su-2017:2569-1
Vulnerability from csaf_suse
Published
2017-09-26 07:59
Modified
2017-09-26 07:59
Summary
Security update for tiff
Notes
Title of the patch
Security update for tiff
Description of the patch
This update for tiff to version 4.0.8 fixes a several bugs and security issues:
These security issues were fixed:
- CVE-2017-7595: The JPEGSetupEncode function allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033127).
- CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file (bsc#1038438).
- CVE-2017-7598: Error in tif_dirread.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033118).
- CVE-2017-7596: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033126).
- CVE-2017-7597: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033120).
- CVE-2017-7599: Undefined behavior because of shorts outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033113).
- CVE-2017-7600: Undefined behavior because of chars outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033112).
- CVE-2017-7601: Because of a shift exponent too large for 64-bit type long undefined behavior was caused, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033111).
- CVE-2017-7602: Prevent signed integer overflow, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033109).
- CVE-2017-7592: The putagreytile function had a left-shift undefined behavior issue, which might allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033131).
- CVE-2017-7593: Ensure that tif_rawdata is properly initialized, to prevent remote attackers to obtain sensitive information from process memory via a crafted image (bsc#1033129).
- CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function allowed remote attackers to cause a denial of service (memory leak) via a crafted image (bsc#1033128).
- CVE-2017-9403: Prevent memory leak in function TIFFReadDirEntryLong8Array, which allowed attackers to cause a denial of service via a crafted file (bsc#1042805).
- CVE-2017-9404: Fixed memory leak vulnerability in function OJPEGReadHeaderInfoSecTablesQTable, which allowed attackers to cause a denial of service via a crafted file (bsc#1042804).
These various other issues were fixed:
- Fix uint32 overflow in TIFFReadEncodedStrip() that caused an
integer division by zero. Reported by Agostino Sarubbo.
- fix heap-based buffer overflow on generation of PixarLog / LUV
compressed files, with ColorMap, TransferFunction attached and
nasty plays with bitspersample. The fix for LUV has not been
tested, but suffers from the same kind of issue of PixarLog.
- modify ChopUpSingleUncompressedStrip() to instanciate compute
ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip),
instead of a logic based on the total size of data. Which is
faulty is the total size of data is not sufficient to fill the
whole image, and thus results in reading outside of the
StripByCounts/StripOffsets arrays when using
TIFFReadScanline()
- make OJPEGDecode() early exit in case of failure in
OJPEGPreDecode(). This will avoid a divide by zero, and
potential other issues.
- fix misleading indentation as warned by GCC.
- revert change done on 2016-01-09 that made Param member of
TIFFFaxTabEnt structure a uint16 to reduce size of the
binary. It happens that the Hylafax software uses the tables
that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable,
TIFFFaxBlackTable), although they are not in a public libtiff
header.
- add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants
of the functions without ext, with an extra argument to control
the stop_on_error behaviour.
- fix potential memory leaks in error code path of
TIFFRGBAImageBegin().
- increase libjpeg max memory usable to 10 MB instead of libjpeg
1MB default. This helps when creating files with 'big' tile,
without using libjpeg temporary files.
- add _TIFFcalloc()
- return 0 in Encode functions instead of -1 when
TIFFFlushData1() fails.
- only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling
tag is not explicitly present. This helps a bit to reduce the
I/O amount when the tag is present (especially on cloud hosted
files).
- in LZWPostEncode(), increase, if necessary, the code bit-width
after flushing the remaining code and before emitting the EOI
code.
- fix memory leak in error code path of PixarLogSetupDecode().
- fix potential memory leak in
OJPEGReadHeaderInfoSecTablesQTable,
OJPEGReadHeaderInfoSecTablesDcTable and
OJPEGReadHeaderInfoSecTablesAcTable
- avoid crash in Fax3Close() on empty file.
- TIFFFillStrip(): add limitation to the number of bytes read
in case td_stripbytecount[strip] is bigger than reasonable,
so as to avoid excessive memory allocation.
- fix memory leak when the underlying codec (ZIP, PixarLog)
succeeds its setupdecode() method, but PredictorSetup fails.
- TIFFFillStrip() and TIFFFillTile(): avoid excessive memory
allocation in case of shorten files. Only effective on 64 bit
builds and non-mapped cases.
- TIFFFillStripPartial() / TIFFSeek(), avoid potential integer
overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode.
- avoid excessive memory allocation in case of shorten files.
Only effective on 64 bit builds.
- update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with
tif_rawdataloaded when calling TIFFStartStrip() or
TIFFFillStripPartial().
- avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes
- avoid potential int32 overflows in multiply_ms() and add_ms().
- fix out-of-buffer read in PackBitsDecode() Fixes
- LogL16InitState(): avoid excessive memory allocation when
RowsPerStrip tag is missing.
- update dec_bitsleft at beginning of LZWDecode(), and update
tif_rawcc at end of LZWDecode(). This is needed to properly
work with the latest chnges in tif_read.c in
CHUNKY_STRIP_READ_SUPPORT mode.
- PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc
with avail_in at beginning and end of function, similarly to
what is done in LZWDecode(). Likely needed so that it works
properly with latest chnges in tif_read.c in
CHUNKY_STRIP_READ_SUPPORT mode.
- initYCbCrConversion(): add basic validation of luma and
refBlackWhite coefficients (just check they are not NaN for
now), to avoid potential float to int overflows.
- _TIFFVSetField(): fix outside range cast of double to float.
- initYCbCrConversion(): check luma[1] is not zero to avoid division by zero
- _TIFFVSetField(): fix outside range cast of double to float.
- initYCbCrConversion(): check luma[1] is not zero to avoid
division by zero.
- initYCbCrConversion(): stricter validation for refBlackWhite
coefficients values.
- avoid uint32 underflow in cpDecodedStrips that can cause
various issues, such as buffer overflows in the library.
- fix readContigStripsIntoBuffer() in -i (ignore) mode so that
the output buffer is correctly incremented to avoid write
outside bounds.
- add 3 extra bytes at end of strip buffer in
readSeparateStripsIntoBuffer() to avoid read outside of heap
allocated buffer.
- fix integer division by zero when BitsPerSample is missing.
- fix null pointer dereference in -r mode when the image has no
StripByteCount tag.
- avoid potential division by zero is BitsPerSamples tag is
missing.
- when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit
the return number of inks to SamplesPerPixel, so that code
that parses ink names doesn't go past the end of the buffer.
- avoid potential division by zero is BitsPerSamples tag is
missing.
- fix uint32 underflow/overflow that can cause heap-based buffer
overflow.
- replace assert( (bps % 8) == 0 ) by a non assert check.
- fix 2 heap-based buffer overflows (in PSDataBW and
PSDataColorContig).
- prevent heap-based buffer overflow in -j mode on a paletted
image.
- fix wrong usage of memcpy() that can trigger unspecified behaviour.
- avoid potential invalid memory read in t2p_writeproc.
- avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile().
- remove extraneous TIFFClose() in error code path, that caused
double free.
- error out cleanly in cpContig2SeparateByRow and
cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap
based overflow.
- avoid integer division by zero.
- call TIFFClose() in error code paths.
- emit appropriate message if the input file is empty.
- close TIFF handle in error code path.
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2017-1589,SUSE-SLE-DESKTOP-12-SP3-2017-1589,SUSE-SLE-RPI-12-SP2-2017-1589,SUSE-SLE-SDK-12-SP2-2017-1589,SUSE-SLE-SDK-12-SP3-2017-1589,SUSE-SLE-SERVER-12-SP2-2017-1589,SUSE-SLE-SERVER-12-SP3-2017-1589
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tiff", title: "Title of the patch", }, { category: "description", text: "This update for tiff to version 4.0.8 fixes a several bugs and security issues:\n\nThese security issues were fixed:\n\n- CVE-2017-7595: The JPEGSetupEncode function allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033127).\n- CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file (bsc#1038438).\n- CVE-2017-7598: Error in tif_dirread.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033118).\n- CVE-2017-7596: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033126).\n- CVE-2017-7597: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033120).\n- CVE-2017-7599: Undefined behavior because of shorts outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033113).\n- CVE-2017-7600: Undefined behavior because of chars outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033112).\n- CVE-2017-7601: Because of a shift exponent too large for 64-bit type long undefined behavior was caused, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033111).\n- CVE-2017-7602: Prevent signed integer overflow, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033109).\n- CVE-2017-7592: The putagreytile function had a left-shift undefined behavior issue, which might allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033131).\n- CVE-2017-7593: Ensure that tif_rawdata is properly initialized, to prevent remote attackers to obtain sensitive information from process memory via a crafted image (bsc#1033129).\n- CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function allowed remote attackers to cause a denial of service (memory leak) via a crafted image (bsc#1033128).\n- CVE-2017-9403: Prevent memory leak in function TIFFReadDirEntryLong8Array, which allowed attackers to cause a denial of service via a crafted file (bsc#1042805).\n- CVE-2017-9404: Fixed memory leak vulnerability in function OJPEGReadHeaderInfoSecTablesQTable, which allowed attackers to cause a denial of service via a crafted file (bsc#1042804).\n\nThese various other issues were fixed:\n\n- Fix uint32 overflow in TIFFReadEncodedStrip() that caused an\n integer division by zero. Reported by Agostino Sarubbo.\n- fix heap-based buffer overflow on generation of PixarLog / LUV\n compressed files, with ColorMap, TransferFunction attached and\n nasty plays with bitspersample. The fix for LUV has not been\n tested, but suffers from the same kind of issue of PixarLog.\n- modify ChopUpSingleUncompressedStrip() to instanciate compute\n ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip),\n instead of a logic based on the total size of data. Which is\n faulty is the total size of data is not sufficient to fill the\n whole image, and thus results in reading outside of the\n StripByCounts/StripOffsets arrays when using\n TIFFReadScanline()\n- make OJPEGDecode() early exit in case of failure in\n OJPEGPreDecode(). This will avoid a divide by zero, and\n potential other issues.\n- fix misleading indentation as warned by GCC.\n- revert change done on 2016-01-09 that made Param member of\n TIFFFaxTabEnt structure a uint16 to reduce size of the\n binary. It happens that the Hylafax software uses the tables\n that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable,\n TIFFFaxBlackTable), although they are not in a public libtiff\n header.\n- add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants\n of the functions without ext, with an extra argument to control\n the stop_on_error behaviour.\n- fix potential memory leaks in error code path of\n TIFFRGBAImageBegin().\n- increase libjpeg max memory usable to 10 MB instead of libjpeg\n 1MB default. This helps when creating files with 'big' tile,\n without using libjpeg temporary files.\n- add _TIFFcalloc()\n- return 0 in Encode functions instead of -1 when\n TIFFFlushData1() fails.\n- only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling\n tag is not explicitly present. This helps a bit to reduce the\n I/O amount when the tag is present (especially on cloud hosted\n files).\n- in LZWPostEncode(), increase, if necessary, the code bit-width\n after flushing the remaining code and before emitting the EOI\n code.\n- fix memory leak in error code path of PixarLogSetupDecode().\n- fix potential memory leak in\n OJPEGReadHeaderInfoSecTablesQTable,\n OJPEGReadHeaderInfoSecTablesDcTable and\n OJPEGReadHeaderInfoSecTablesAcTable\n- avoid crash in Fax3Close() on empty file.\n- TIFFFillStrip(): add limitation to the number of bytes read\n in case td_stripbytecount[strip] is bigger than reasonable,\n so as to avoid excessive memory allocation.\n- fix memory leak when the underlying codec (ZIP, PixarLog)\n succeeds its setupdecode() method, but PredictorSetup fails.\n- TIFFFillStrip() and TIFFFillTile(): avoid excessive memory\n allocation in case of shorten files. Only effective on 64 bit\n builds and non-mapped cases.\n- TIFFFillStripPartial() / TIFFSeek(), avoid potential integer\n overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode.\n- avoid excessive memory allocation in case of shorten files.\n Only effective on 64 bit builds.\n- update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with\n tif_rawdataloaded when calling TIFFStartStrip() or\n TIFFFillStripPartial(). \n- avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes\n- avoid potential int32 overflows in multiply_ms() and add_ms().\n- fix out-of-buffer read in PackBitsDecode() Fixes\n- LogL16InitState(): avoid excessive memory allocation when\n RowsPerStrip tag is missing.\n- update dec_bitsleft at beginning of LZWDecode(), and update\n tif_rawcc at end of LZWDecode(). This is needed to properly\n work with the latest chnges in tif_read.c in\n CHUNKY_STRIP_READ_SUPPORT mode.\n- PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc\n with avail_in at beginning and end of function, similarly to\n what is done in LZWDecode(). Likely needed so that it works\n properly with latest chnges in tif_read.c in\n CHUNKY_STRIP_READ_SUPPORT mode.\n- initYCbCrConversion(): add basic validation of luma and\n refBlackWhite coefficients (just check they are not NaN for\n now), to avoid potential float to int overflows.\n- _TIFFVSetField(): fix outside range cast of double to float.\n- initYCbCrConversion(): check luma[1] is not zero to avoid division by zero\n- _TIFFVSetField(): fix outside range cast of double to float.\n- initYCbCrConversion(): check luma[1] is not zero to avoid\n division by zero.\n- initYCbCrConversion(): stricter validation for refBlackWhite\n coefficients values.\n- avoid uint32 underflow in cpDecodedStrips that can cause\n various issues, such as buffer overflows in the library.\n- fix readContigStripsIntoBuffer() in -i (ignore) mode so that\n the output buffer is correctly incremented to avoid write\n outside bounds.\n- add 3 extra bytes at end of strip buffer in\n readSeparateStripsIntoBuffer() to avoid read outside of heap\n allocated buffer.\n- fix integer division by zero when BitsPerSample is missing.\n- fix null pointer dereference in -r mode when the image has no\n StripByteCount tag.\n- avoid potential division by zero is BitsPerSamples tag is\n missing.\n- when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit\n the return number of inks to SamplesPerPixel, so that code\n that parses ink names doesn't go past the end of the buffer.\n- avoid potential division by zero is BitsPerSamples tag is\n missing.\n- fix uint32 underflow/overflow that can cause heap-based buffer\n overflow.\n- replace assert( (bps % 8) == 0 ) by a non assert check.\n- fix 2 heap-based buffer overflows (in PSDataBW and\n PSDataColorContig).\n- prevent heap-based buffer overflow in -j mode on a paletted\n image.\n- fix wrong usage of memcpy() that can trigger unspecified behaviour.\n- avoid potential invalid memory read in t2p_writeproc.\n- avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile().\n- remove extraneous TIFFClose() in error code path, that caused\n double free.\n- error out cleanly in cpContig2SeparateByRow and\n cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap\n based overflow.\n- avoid integer division by zero.\n- call TIFFClose() in error code paths.\n- emit appropriate message if the input file is empty.\n- close TIFF handle in error code path.\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-DESKTOP-12-SP2-2017-1589,SUSE-SLE-DESKTOP-12-SP3-2017-1589,SUSE-SLE-RPI-12-SP2-2017-1589,SUSE-SLE-SDK-12-SP2-2017-1589,SUSE-SLE-SDK-12-SP3-2017-1589,SUSE-SLE-SERVER-12-SP2-2017-1589,SUSE-SLE-SERVER-12-SP3-2017-1589", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2569-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:2569-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20172569-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:2569-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-September/003259.html", }, { category: "self", summary: "SUSE Bug 1033109", url: "https://bugzilla.suse.com/1033109", }, { category: "self", summary: "SUSE Bug 1033111", url: "https://bugzilla.suse.com/1033111", }, { category: "self", summary: "SUSE Bug 1033112", url: "https://bugzilla.suse.com/1033112", }, { category: "self", summary: "SUSE Bug 1033113", url: "https://bugzilla.suse.com/1033113", }, { category: "self", summary: "SUSE Bug 1033118", url: "https://bugzilla.suse.com/1033118", }, { category: "self", summary: "SUSE Bug 1033120", url: "https://bugzilla.suse.com/1033120", }, { category: "self", summary: "SUSE Bug 1033126", url: "https://bugzilla.suse.com/1033126", }, { category: "self", summary: "SUSE Bug 1033127", url: "https://bugzilla.suse.com/1033127", }, { category: "self", summary: "SUSE Bug 1033128", url: "https://bugzilla.suse.com/1033128", }, { category: "self", summary: "SUSE Bug 1033129", url: "https://bugzilla.suse.com/1033129", }, { category: "self", summary: "SUSE Bug 1033131", url: "https://bugzilla.suse.com/1033131", }, { category: "self", summary: "SUSE Bug 1038438", url: "https://bugzilla.suse.com/1038438", }, { category: "self", summary: "SUSE Bug 1042804", url: "https://bugzilla.suse.com/1042804", }, { category: "self", summary: "SUSE Bug 1042805", url: "https://bugzilla.suse.com/1042805", }, { category: "self", summary: "SUSE CVE CVE-2016-10371 page", url: "https://www.suse.com/security/cve/CVE-2016-10371/", }, { category: "self", summary: "SUSE CVE CVE-2017-7592 page", url: "https://www.suse.com/security/cve/CVE-2017-7592/", }, { category: "self", summary: "SUSE CVE CVE-2017-7593 page", url: "https://www.suse.com/security/cve/CVE-2017-7593/", }, { category: "self", summary: "SUSE CVE CVE-2017-7594 page", url: "https://www.suse.com/security/cve/CVE-2017-7594/", }, { category: "self", summary: "SUSE CVE CVE-2017-7595 page", url: "https://www.suse.com/security/cve/CVE-2017-7595/", }, { category: "self", summary: "SUSE CVE CVE-2017-7596 page", url: "https://www.suse.com/security/cve/CVE-2017-7596/", }, { category: "self", summary: "SUSE CVE CVE-2017-7597 page", url: "https://www.suse.com/security/cve/CVE-2017-7597/", }, { category: "self", summary: "SUSE CVE CVE-2017-7598 page", url: "https://www.suse.com/security/cve/CVE-2017-7598/", }, { category: "self", summary: "SUSE CVE CVE-2017-7599 page", url: "https://www.suse.com/security/cve/CVE-2017-7599/", }, { category: "self", summary: "SUSE CVE CVE-2017-7600 page", url: "https://www.suse.com/security/cve/CVE-2017-7600/", }, { category: "self", summary: "SUSE CVE CVE-2017-7601 page", url: "https://www.suse.com/security/cve/CVE-2017-7601/", }, { category: "self", summary: "SUSE CVE CVE-2017-7602 page", url: "https://www.suse.com/security/cve/CVE-2017-7602/", }, { category: "self", summary: "SUSE CVE CVE-2017-9403 page", url: "https://www.suse.com/security/cve/CVE-2017-9403/", }, { category: "self", summary: "SUSE CVE CVE-2017-9404 page", url: "https://www.suse.com/security/cve/CVE-2017-9404/", }, ], title: "Security update for tiff", tracking: { current_release_date: "2017-09-26T07:59:13Z", generator: { date: "2017-09-26T07:59:13Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:2569-1", initial_release_date: "2017-09-26T07:59:13Z", revision_history: [ { date: "2017-09-26T07:59:13Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libtiff5-4.0.8-44.3.1.aarch64", product: { name: "libtiff5-4.0.8-44.3.1.aarch64", product_id: "libtiff5-4.0.8-44.3.1.aarch64", }, }, { category: "product_version", name: "tiff-4.0.8-44.3.1.aarch64", product: { name: "tiff-4.0.8-44.3.1.aarch64", product_id: "tiff-4.0.8-44.3.1.aarch64", }, }, { category: "product_version", name: "libtiff-devel-4.0.8-44.3.1.aarch64", product: { name: "libtiff-devel-4.0.8-44.3.1.aarch64", product_id: "libtiff-devel-4.0.8-44.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libtiff-devel-4.0.8-44.3.1.ppc64le", product: { name: "libtiff-devel-4.0.8-44.3.1.ppc64le", product_id: "libtiff-devel-4.0.8-44.3.1.ppc64le", }, }, { category: "product_version", name: "libtiff5-4.0.8-44.3.1.ppc64le", product: { name: "libtiff5-4.0.8-44.3.1.ppc64le", product_id: "libtiff5-4.0.8-44.3.1.ppc64le", }, }, { category: "product_version", name: "tiff-4.0.8-44.3.1.ppc64le", product: { name: "tiff-4.0.8-44.3.1.ppc64le", product_id: "tiff-4.0.8-44.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libtiff-devel-4.0.8-44.3.1.s390x", product: { name: "libtiff-devel-4.0.8-44.3.1.s390x", product_id: "libtiff-devel-4.0.8-44.3.1.s390x", }, }, { category: "product_version", name: "libtiff5-4.0.8-44.3.1.s390x", product: { name: "libtiff5-4.0.8-44.3.1.s390x", product_id: "libtiff5-4.0.8-44.3.1.s390x", }, }, { category: "product_version", name: "libtiff5-32bit-4.0.8-44.3.1.s390x", product: { name: "libtiff5-32bit-4.0.8-44.3.1.s390x", product_id: "libtiff5-32bit-4.0.8-44.3.1.s390x", }, }, { category: "product_version", name: "tiff-4.0.8-44.3.1.s390x", product: { name: "tiff-4.0.8-44.3.1.s390x", product_id: "tiff-4.0.8-44.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libtiff5-4.0.8-44.3.1.x86_64", product: { name: "libtiff5-4.0.8-44.3.1.x86_64", product_id: "libtiff5-4.0.8-44.3.1.x86_64", }, }, { category: "product_version", name: "libtiff5-32bit-4.0.8-44.3.1.x86_64", product: { name: "libtiff5-32bit-4.0.8-44.3.1.x86_64", product_id: "libtiff5-32bit-4.0.8-44.3.1.x86_64", }, }, { category: "product_version", name: "libtiff-devel-4.0.8-44.3.1.x86_64", product: { name: "libtiff-devel-4.0.8-44.3.1.x86_64", product_id: "libtiff-devel-4.0.8-44.3.1.x86_64", }, }, { category: "product_version", name: "tiff-4.0.8-44.3.1.x86_64", product: { name: "tiff-4.0.8-44.3.1.x86_64", product_id: "tiff-4.0.8-44.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP2", product: { name: "SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP3", product: { name: "SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product: { name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP2", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2", product: { name: "SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3", product: { name: "SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3", product_id: "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", }, product_reference: "libtiff5-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", }, product_reference: "tiff-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", }, product_reference: "libtiff-devel-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", }, product_reference: "libtiff-devel-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", }, product_reference: "libtiff-devel-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff-devel-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", }, product_reference: "libtiff-devel-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", }, product_reference: "libtiff-devel-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", }, product_reference: "libtiff-devel-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff-devel-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", }, product_reference: "libtiff5-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", }, product_reference: "libtiff5-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", }, product_reference: "libtiff5-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", }, product_reference: "tiff-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", }, product_reference: "tiff-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", }, product_reference: "tiff-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", }, product_reference: "tiff-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", }, product_reference: "libtiff5-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", }, product_reference: "libtiff5-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", }, product_reference: "libtiff5-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", }, product_reference: "tiff-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", }, product_reference: "tiff-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", }, product_reference: "tiff-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", }, product_reference: "tiff-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", }, product_reference: "libtiff5-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", }, product_reference: "libtiff5-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", }, product_reference: "libtiff5-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", }, product_reference: "tiff-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", }, product_reference: "tiff-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", }, product_reference: "tiff-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", }, product_reference: "tiff-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", }, product_reference: "libtiff5-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", }, product_reference: "libtiff5-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", }, product_reference: "libtiff5-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", }, product_reference: "libtiff5-32bit-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", }, product_reference: "tiff-4.0.8-44.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", }, product_reference: "tiff-4.0.8-44.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", }, product_reference: "tiff-4.0.8-44.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tiff-4.0.8-44.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", }, product_reference: "tiff-4.0.8-44.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10371", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10371", }, ], notes: [ { category: "general", text: "The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10371", url: "https://www.suse.com/security/cve/CVE-2016-10371", }, { category: "external", summary: "SUSE Bug 1038438 for CVE-2016-10371", url: "https://bugzilla.suse.com/1038438", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "low", }, ], title: "CVE-2016-10371", }, { cve: "CVE-2017-7592", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7592", }, ], notes: [ { category: "general", text: "The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7592", url: "https://www.suse.com/security/cve/CVE-2017-7592", }, { category: "external", summary: "SUSE Bug 1033131 for CVE-2017-7592", url: "https://bugzilla.suse.com/1033131", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "important", }, ], title: "CVE-2017-7592", }, { cve: "CVE-2017-7593", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7593", }, ], notes: [ { category: "general", text: "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7593", url: "https://www.suse.com/security/cve/CVE-2017-7593", }, { category: "external", summary: "SUSE Bug 1033129 for CVE-2017-7593", url: "https://bugzilla.suse.com/1033129", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "moderate", }, ], title: "CVE-2017-7593", }, { cve: "CVE-2017-7594", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7594", }, ], notes: [ { category: "general", text: "The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7594", url: "https://www.suse.com/security/cve/CVE-2017-7594", }, { category: "external", summary: "SUSE Bug 1033128 for CVE-2017-7594", url: "https://bugzilla.suse.com/1033128", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "moderate", }, ], title: "CVE-2017-7594", }, { cve: "CVE-2017-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7595", }, ], notes: [ { category: "general", text: "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7595", url: "https://www.suse.com/security/cve/CVE-2017-7595", }, { category: "external", summary: "SUSE Bug 1033111 for CVE-2017-7595", url: "https://bugzilla.suse.com/1033111", }, { category: "external", summary: "SUSE Bug 1033127 for CVE-2017-7595", url: "https://bugzilla.suse.com/1033127", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "moderate", }, ], title: "CVE-2017-7595", }, { cve: "CVE-2017-7596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7596", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7596", url: "https://www.suse.com/security/cve/CVE-2017-7596", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "important", }, ], title: "CVE-2017-7596", }, { cve: "CVE-2017-7597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7597", }, ], notes: [ { category: "general", text: "tif_dirread.c in LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7597", url: "https://www.suse.com/security/cve/CVE-2017-7597", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7597", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "moderate", }, ], title: "CVE-2017-7597", }, { cve: "CVE-2017-7598", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7598", }, ], notes: [ { category: "general", text: "tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7598", url: "https://www.suse.com/security/cve/CVE-2017-7598", }, { category: "external", summary: "SUSE Bug 1033118 for CVE-2017-7598", url: "https://bugzilla.suse.com/1033118", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "moderate", }, ], title: "CVE-2017-7598", }, { cve: "CVE-2017-7599", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7599", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7599", url: "https://www.suse.com/security/cve/CVE-2017-7599", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "moderate", }, ], title: "CVE-2017-7599", }, { cve: "CVE-2017-7600", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7600", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7600", url: "https://www.suse.com/security/cve/CVE-2017-7600", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7600", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "low", }, ], title: "CVE-2017-7600", }, { cve: "CVE-2017-7601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7601", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7601", url: "https://www.suse.com/security/cve/CVE-2017-7601", }, { category: "external", summary: "SUSE Bug 1033111 for CVE-2017-7601", url: "https://bugzilla.suse.com/1033111", }, { category: "external", summary: "SUSE Bug 1033127 for CVE-2017-7601", url: "https://bugzilla.suse.com/1033127", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "low", }, ], title: "CVE-2017-7601", }, { cve: "CVE-2017-7602", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7602", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7602", url: "https://www.suse.com/security/cve/CVE-2017-7602", }, { category: "external", summary: "SUSE Bug 1033109 for CVE-2017-7602", url: "https://bugzilla.suse.com/1033109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "moderate", }, ], title: "CVE-2017-7602", }, { cve: "CVE-2017-9403", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9403", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9403", url: "https://www.suse.com/security/cve/CVE-2017-9403", }, { category: "external", summary: "SUSE Bug 1042805 for CVE-2017-9403", url: "https://bugzilla.suse.com/1042805", }, { category: "external", summary: "SUSE Bug 1045688 for CVE-2017-9403", url: "https://bugzilla.suse.com/1045688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "low", }, ], title: "CVE-2017-9403", }, { cve: "CVE-2017-9404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9404", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9404", url: "https://www.suse.com/security/cve/CVE-2017-9404", }, { category: "external", summary: "SUSE Bug 1042804 for CVE-2017-9404", url: "https://bugzilla.suse.com/1042804", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.8-44.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.8-44.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-26T07:59:13Z", details: "low", }, ], title: "CVE-2017-9404", }, ], }
opensuse-su-2024:11461-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libtiff-devel-32bit-4.3.0-1.3 on GA media
Notes
Title of the patch
libtiff-devel-32bit-4.3.0-1.3 on GA media
Description of the patch
These are all security issues fixed in the libtiff-devel-32bit-4.3.0-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11461
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libtiff-devel-32bit-4.3.0-1.3 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libtiff-devel-32bit-4.3.0-1.3 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11461", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11461-1.json", }, { category: "self", summary: "SUSE CVE CVE-2006-0405 page", url: "https://www.suse.com/security/cve/CVE-2006-0405/", }, { category: "self", summary: "SUSE CVE CVE-2006-2656 page", url: "https://www.suse.com/security/cve/CVE-2006-2656/", }, { category: "self", summary: "SUSE CVE CVE-2008-1586 page", url: "https://www.suse.com/security/cve/CVE-2008-1586/", }, { category: "self", summary: "SUSE CVE CVE-2008-2327 page", url: "https://www.suse.com/security/cve/CVE-2008-2327/", }, { category: "self", summary: "SUSE CVE CVE-2016-10095 page", url: "https://www.suse.com/security/cve/CVE-2016-10095/", }, { category: "self", summary: "SUSE CVE CVE-2016-10266 page", url: "https://www.suse.com/security/cve/CVE-2016-10266/", }, { category: "self", summary: "SUSE CVE CVE-2016-10267 page", url: "https://www.suse.com/security/cve/CVE-2016-10267/", }, { category: "self", summary: "SUSE CVE CVE-2016-10268 page", url: "https://www.suse.com/security/cve/CVE-2016-10268/", }, { category: "self", summary: "SUSE CVE CVE-2016-10269 page", url: "https://www.suse.com/security/cve/CVE-2016-10269/", }, { category: "self", summary: "SUSE CVE CVE-2016-10270 page", url: "https://www.suse.com/security/cve/CVE-2016-10270/", }, { category: "self", summary: "SUSE CVE CVE-2016-10271 page", url: "https://www.suse.com/security/cve/CVE-2016-10271/", }, { category: "self", summary: "SUSE CVE CVE-2016-10272 page", url: "https://www.suse.com/security/cve/CVE-2016-10272/", }, { category: "self", summary: "SUSE CVE CVE-2016-10371 page", url: "https://www.suse.com/security/cve/CVE-2016-10371/", }, { category: "self", summary: "SUSE CVE CVE-2016-5318 page", url: "https://www.suse.com/security/cve/CVE-2016-5318/", }, { category: "self", summary: "SUSE CVE CVE-2016-9538 page", url: "https://www.suse.com/security/cve/CVE-2016-9538/", }, { category: "self", summary: "SUSE CVE CVE-2017-11613 page", url: "https://www.suse.com/security/cve/CVE-2017-11613/", }, { category: "self", summary: "SUSE CVE CVE-2017-16232 page", url: "https://www.suse.com/security/cve/CVE-2017-16232/", }, { category: "self", summary: "SUSE CVE CVE-2017-18013 page", url: "https://www.suse.com/security/cve/CVE-2017-18013/", }, { category: "self", summary: "SUSE CVE CVE-2017-5225 page", url: "https://www.suse.com/security/cve/CVE-2017-5225/", }, { category: "self", summary: "SUSE CVE CVE-2017-7592 page", url: "https://www.suse.com/security/cve/CVE-2017-7592/", }, { category: "self", summary: "SUSE CVE CVE-2017-7593 page", url: "https://www.suse.com/security/cve/CVE-2017-7593/", }, { category: "self", summary: "SUSE CVE CVE-2017-7594 page", url: "https://www.suse.com/security/cve/CVE-2017-7594/", }, { category: "self", summary: "SUSE CVE CVE-2017-7595 page", url: "https://www.suse.com/security/cve/CVE-2017-7595/", }, { category: "self", summary: "SUSE CVE CVE-2017-7596 page", url: "https://www.suse.com/security/cve/CVE-2017-7596/", }, { category: "self", summary: "SUSE CVE CVE-2017-7598 page", url: "https://www.suse.com/security/cve/CVE-2017-7598/", }, { category: "self", summary: "SUSE CVE CVE-2017-7599 page", url: "https://www.suse.com/security/cve/CVE-2017-7599/", }, { category: "self", summary: "SUSE CVE CVE-2017-7601 page", url: "https://www.suse.com/security/cve/CVE-2017-7601/", }, { category: "self", summary: "SUSE CVE CVE-2017-7602 page", url: "https://www.suse.com/security/cve/CVE-2017-7602/", }, { category: "self", summary: "SUSE CVE CVE-2017-9403 page", url: "https://www.suse.com/security/cve/CVE-2017-9403/", }, { category: "self", summary: "SUSE CVE CVE-2017-9404 page", url: "https://www.suse.com/security/cve/CVE-2017-9404/", }, { category: "self", summary: "SUSE CVE CVE-2017-9935 page", url: "https://www.suse.com/security/cve/CVE-2017-9935/", }, { category: "self", summary: "SUSE CVE CVE-2017-9936 page", url: "https://www.suse.com/security/cve/CVE-2017-9936/", }, { category: "self", summary: "SUSE CVE CVE-2018-10779 page", url: "https://www.suse.com/security/cve/CVE-2018-10779/", }, { category: "self", summary: "SUSE CVE CVE-2018-10963 page", url: "https://www.suse.com/security/cve/CVE-2018-10963/", }, { category: "self", summary: "SUSE CVE CVE-2018-12900 page", url: "https://www.suse.com/security/cve/CVE-2018-12900/", }, { category: "self", summary: "SUSE CVE CVE-2018-16335 page", url: "https://www.suse.com/security/cve/CVE-2018-16335/", }, { category: "self", summary: "SUSE CVE CVE-2018-17000 page", url: "https://www.suse.com/security/cve/CVE-2018-17000/", }, { category: "self", summary: "SUSE CVE CVE-2018-17100 page", url: "https://www.suse.com/security/cve/CVE-2018-17100/", }, { category: "self", summary: "SUSE CVE CVE-2018-17101 page", url: "https://www.suse.com/security/cve/CVE-2018-17101/", }, { category: "self", summary: "SUSE CVE CVE-2018-17795 page", url: "https://www.suse.com/security/cve/CVE-2018-17795/", }, { category: "self", summary: "SUSE CVE CVE-2018-18557 page", url: "https://www.suse.com/security/cve/CVE-2018-18557/", }, { category: "self", summary: "SUSE CVE CVE-2018-18661 page", url: "https://www.suse.com/security/cve/CVE-2018-18661/", }, { category: "self", summary: "SUSE CVE CVE-2018-19210 page", url: "https://www.suse.com/security/cve/CVE-2018-19210/", }, { category: "self", summary: "SUSE CVE CVE-2018-5784 page", url: "https://www.suse.com/security/cve/CVE-2018-5784/", }, { category: "self", summary: "SUSE CVE CVE-2018-7456 page", url: "https://www.suse.com/security/cve/CVE-2018-7456/", }, { category: "self", summary: "SUSE CVE CVE-2018-8905 page", url: "https://www.suse.com/security/cve/CVE-2018-8905/", }, { category: "self", summary: "SUSE CVE CVE-2019-6128 page", url: "https://www.suse.com/security/cve/CVE-2019-6128/", }, { category: "self", summary: "SUSE CVE CVE-2019-7663 page", url: "https://www.suse.com/security/cve/CVE-2019-7663/", }, ], title: "libtiff-devel-32bit-4.3.0-1.3 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11461-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libtiff-devel-4.3.0-1.3.aarch64", product: { name: "libtiff-devel-4.3.0-1.3.aarch64", product_id: "libtiff-devel-4.3.0-1.3.aarch64", }, }, { category: "product_version", name: "libtiff-devel-32bit-4.3.0-1.3.aarch64", product: { name: "libtiff-devel-32bit-4.3.0-1.3.aarch64", product_id: "libtiff-devel-32bit-4.3.0-1.3.aarch64", }, }, { category: "product_version", name: "libtiff5-4.3.0-1.3.aarch64", product: { name: "libtiff5-4.3.0-1.3.aarch64", product_id: "libtiff5-4.3.0-1.3.aarch64", }, }, { category: "product_version", name: "libtiff5-32bit-4.3.0-1.3.aarch64", product: { name: "libtiff5-32bit-4.3.0-1.3.aarch64", product_id: "libtiff5-32bit-4.3.0-1.3.aarch64", }, }, { category: "product_version", name: "tiff-4.3.0-1.3.aarch64", product: { name: "tiff-4.3.0-1.3.aarch64", product_id: "tiff-4.3.0-1.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libtiff-devel-4.3.0-1.3.ppc64le", product: { name: "libtiff-devel-4.3.0-1.3.ppc64le", product_id: "libtiff-devel-4.3.0-1.3.ppc64le", }, }, { category: "product_version", name: "libtiff-devel-32bit-4.3.0-1.3.ppc64le", product: { name: "libtiff-devel-32bit-4.3.0-1.3.ppc64le", product_id: "libtiff-devel-32bit-4.3.0-1.3.ppc64le", }, }, { category: "product_version", name: "libtiff5-4.3.0-1.3.ppc64le", product: { name: "libtiff5-4.3.0-1.3.ppc64le", product_id: "libtiff5-4.3.0-1.3.ppc64le", }, }, { category: "product_version", name: "libtiff5-32bit-4.3.0-1.3.ppc64le", product: { name: "libtiff5-32bit-4.3.0-1.3.ppc64le", product_id: "libtiff5-32bit-4.3.0-1.3.ppc64le", }, }, { category: "product_version", name: "tiff-4.3.0-1.3.ppc64le", product: { name: "tiff-4.3.0-1.3.ppc64le", product_id: "tiff-4.3.0-1.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libtiff-devel-4.3.0-1.3.s390x", product: { name: "libtiff-devel-4.3.0-1.3.s390x", product_id: "libtiff-devel-4.3.0-1.3.s390x", }, }, { category: "product_version", name: "libtiff-devel-32bit-4.3.0-1.3.s390x", product: { name: "libtiff-devel-32bit-4.3.0-1.3.s390x", product_id: "libtiff-devel-32bit-4.3.0-1.3.s390x", }, }, { category: "product_version", name: "libtiff5-4.3.0-1.3.s390x", product: { name: "libtiff5-4.3.0-1.3.s390x", product_id: "libtiff5-4.3.0-1.3.s390x", }, }, { category: "product_version", name: "libtiff5-32bit-4.3.0-1.3.s390x", product: { name: "libtiff5-32bit-4.3.0-1.3.s390x", product_id: "libtiff5-32bit-4.3.0-1.3.s390x", }, }, { category: "product_version", name: "tiff-4.3.0-1.3.s390x", product: { name: "tiff-4.3.0-1.3.s390x", product_id: "tiff-4.3.0-1.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libtiff-devel-4.3.0-1.3.x86_64", product: { name: "libtiff-devel-4.3.0-1.3.x86_64", product_id: "libtiff-devel-4.3.0-1.3.x86_64", }, }, { category: "product_version", name: "libtiff-devel-32bit-4.3.0-1.3.x86_64", product: { name: "libtiff-devel-32bit-4.3.0-1.3.x86_64", product_id: "libtiff-devel-32bit-4.3.0-1.3.x86_64", }, }, { category: "product_version", name: "libtiff5-4.3.0-1.3.x86_64", product: { name: "libtiff5-4.3.0-1.3.x86_64", product_id: "libtiff5-4.3.0-1.3.x86_64", }, }, { category: "product_version", name: "libtiff5-32bit-4.3.0-1.3.x86_64", product: { name: "libtiff5-32bit-4.3.0-1.3.x86_64", product_id: "libtiff5-32bit-4.3.0-1.3.x86_64", }, }, { category: "product_version", name: "tiff-4.3.0-1.3.x86_64", product: { name: "tiff-4.3.0-1.3.x86_64", product_id: "tiff-4.3.0-1.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.3.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", }, product_reference: "libtiff-devel-4.3.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.3.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", }, product_reference: "libtiff-devel-4.3.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.3.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", }, product_reference: "libtiff-devel-4.3.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.3.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", }, product_reference: "libtiff-devel-4.3.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-4.3.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", }, product_reference: "libtiff-devel-32bit-4.3.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-4.3.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", }, product_reference: "libtiff-devel-32bit-4.3.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-4.3.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", }, product_reference: "libtiff-devel-32bit-4.3.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-4.3.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", }, product_reference: "libtiff-devel-32bit-4.3.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.3.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", }, product_reference: "libtiff5-4.3.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.3.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", }, product_reference: "libtiff5-4.3.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.3.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", }, product_reference: "libtiff5-4.3.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff5-4.3.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", }, product_reference: "libtiff5-4.3.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.3.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", }, product_reference: "libtiff5-32bit-4.3.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.3.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", }, product_reference: "libtiff5-32bit-4.3.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.3.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", }, product_reference: "libtiff5-32bit-4.3.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff5-32bit-4.3.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", }, product_reference: "libtiff5-32bit-4.3.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tiff-4.3.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", }, product_reference: "tiff-4.3.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tiff-4.3.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", }, product_reference: "tiff-4.3.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tiff-4.3.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", }, product_reference: "tiff-4.3.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tiff-4.3.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", }, product_reference: "tiff-4.3.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2006-0405", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2006-0405", }, ], notes: [ { category: "general", text: "The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2006-0405", url: "https://www.suse.com/security/cve/CVE-2006-0405", }, { category: "external", summary: "SUSE Bug 145757 for CVE-2006-0405", url: "https://bugzilla.suse.com/145757", }, { category: "external", summary: "SUSE Bug 165237 for CVE-2006-0405", url: "https://bugzilla.suse.com/165237", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2006-0405", }, { cve: "CVE-2006-2656", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2006-2656", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2006-2656", url: "https://www.suse.com/security/cve/CVE-2006-2656", }, { category: "external", summary: "SUSE Bug 179051 for CVE-2006-2656", url: "https://bugzilla.suse.com/179051", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2006-2656", }, { cve: "CVE-2008-1586", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-1586", }, ], notes: [ { category: "general", text: "ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-1586", url: "https://www.suse.com/security/cve/CVE-2008-1586", }, { category: "external", summary: "SUSE Bug 444079 for CVE-2008-1586", url: "https://bugzilla.suse.com/444079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2008-1586", }, { cve: "CVE-2008-2327", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2008-2327", }, ], notes: [ { category: "general", text: "Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2008-2327", url: "https://www.suse.com/security/cve/CVE-2008-2327", }, { category: "external", summary: "SUSE Bug 414946 for CVE-2008-2327", url: "https://bugzilla.suse.com/414946", }, { category: "external", summary: "SUSE Bug 518698 for CVE-2008-2327", url: "https://bugzilla.suse.com/518698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2008-2327", }, { cve: "CVE-2016-10095", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10095", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10095", url: "https://www.suse.com/security/cve/CVE-2016-10095", }, { category: "external", summary: "SUSE Bug 1017690 for CVE-2016-10095", url: "https://bugzilla.suse.com/1017690", }, { category: "external", summary: "SUSE Bug 960341 for CVE-2016-10095", url: "https://bugzilla.suse.com/960341", }, { category: "external", summary: "SUSE Bug 983436 for CVE-2016-10095", url: "https://bugzilla.suse.com/983436", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10095", }, { cve: "CVE-2016-10266", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10266", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10266", url: "https://www.suse.com/security/cve/CVE-2016-10266", }, { category: "external", summary: "SUSE Bug 1017694 for CVE-2016-10266", url: "https://bugzilla.suse.com/1017694", }, { category: "external", summary: "SUSE Bug 1031263 for CVE-2016-10266", url: "https://bugzilla.suse.com/1031263", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10266", }, { cve: "CVE-2016-10267", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10267", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10267", url: "https://www.suse.com/security/cve/CVE-2016-10267", }, { category: "external", summary: "SUSE Bug 1017694 for CVE-2016-10267", url: "https://bugzilla.suse.com/1017694", }, { category: "external", summary: "SUSE Bug 1031262 for CVE-2016-10267", url: "https://bugzilla.suse.com/1031262", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10267", }, { cve: "CVE-2016-10268", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10268", }, ], notes: [ { category: "general", text: "tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 78490\" and libtiff/tif_unix.c:115:23.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10268", url: "https://www.suse.com/security/cve/CVE-2016-10268", }, { category: "external", summary: "SUSE Bug 1017693 for CVE-2016-10268", url: "https://bugzilla.suse.com/1017693", }, { category: "external", summary: "SUSE Bug 1031255 for CVE-2016-10268", url: "https://bugzilla.suse.com/1031255", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10268", }, { cve: "CVE-2016-10269", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10269", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 512\" and libtiff/tif_unix.c:340:2.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10269", url: "https://www.suse.com/security/cve/CVE-2016-10269", }, { category: "external", summary: "SUSE Bug 1017693 for CVE-2016-10269", url: "https://bugzilla.suse.com/1017693", }, { category: "external", summary: "SUSE Bug 1031254 for CVE-2016-10269", url: "https://bugzilla.suse.com/1031254", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10269", }, { cve: "CVE-2016-10270", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10270", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 8\" and libtiff/tif_read.c:523:22.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10270", url: "https://www.suse.com/security/cve/CVE-2016-10270", }, { category: "external", summary: "SUSE Bug 1031250 for CVE-2016-10270", url: "https://bugzilla.suse.com/1031250", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10270", }, { cve: "CVE-2016-10271", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10271", }, ], notes: [ { category: "general", text: "tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 1\" and libtiff/tif_fax3.c:413:13.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10271", url: "https://www.suse.com/security/cve/CVE-2016-10271", }, { category: "external", summary: "SUSE Bug 1031249 for CVE-2016-10271", url: "https://bugzilla.suse.com/1031249", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10271", }, { cve: "CVE-2016-10272", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10272", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"WRITE of size 2048\" and libtiff/tif_next.c:64:9.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10272", url: "https://www.suse.com/security/cve/CVE-2016-10272", }, { category: "external", summary: "SUSE Bug 1031247 for CVE-2016-10272", url: "https://bugzilla.suse.com/1031247", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10272", }, { cve: "CVE-2016-10371", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10371", }, ], notes: [ { category: "general", text: "The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10371", url: "https://www.suse.com/security/cve/CVE-2016-10371", }, { category: "external", summary: "SUSE Bug 1038438 for CVE-2016-10371", url: "https://bugzilla.suse.com/1038438", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-10371", }, { cve: "CVE-2016-5318", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5318", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5318", url: "https://www.suse.com/security/cve/CVE-2016-5318", }, { category: "external", summary: "SUSE Bug 1007276 for CVE-2016-5318", url: "https://bugzilla.suse.com/1007276", }, { category: "external", summary: "SUSE Bug 1017690 for CVE-2016-5318", url: "https://bugzilla.suse.com/1017690", }, { category: "external", summary: "SUSE Bug 1040322 for CVE-2016-5318", url: "https://bugzilla.suse.com/1040322", }, { category: "external", summary: "SUSE Bug 960341 for CVE-2016-5318", url: "https://bugzilla.suse.com/960341", }, { category: "external", summary: "SUSE Bug 974621 for CVE-2016-5318", url: "https://bugzilla.suse.com/974621", }, { category: "external", summary: "SUSE Bug 983436 for CVE-2016-5318", url: "https://bugzilla.suse.com/983436", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-5318", }, { cve: "CVE-2016-9538", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9538", }, ], notes: [ { category: "general", text: "tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9538", url: "https://www.suse.com/security/cve/CVE-2016-9538", }, { category: "external", summary: "SUSE Bug 1004519 for CVE-2016-9538", url: "https://bugzilla.suse.com/1004519", }, { category: "external", summary: "SUSE Bug 1011841 for CVE-2016-9538", url: "https://bugzilla.suse.com/1011841", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-9538", }, { cve: "CVE-2017-11613", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-11613", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-11613", url: "https://www.suse.com/security/cve/CVE-2017-11613", }, { category: "external", summary: "SUSE Bug 1082332 for CVE-2017-11613", url: "https://bugzilla.suse.com/1082332", }, { category: "external", summary: "SUSE Bug 1106853 for CVE-2017-11613", url: "https://bugzilla.suse.com/1106853", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-11613", }, { cve: "CVE-2017-16232", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-16232", }, ], notes: [ { category: "general", text: "** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-16232", url: "https://www.suse.com/security/cve/CVE-2017-16232", }, { category: "external", summary: "SUSE Bug 1069213 for CVE-2017-16232", url: "https://bugzilla.suse.com/1069213", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.8, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-16232", }, { cve: "CVE-2017-18013", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-18013", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-18013", url: "https://www.suse.com/security/cve/CVE-2017-18013", }, { category: "external", summary: "SUSE Bug 1074317 for CVE-2017-18013", url: "https://bugzilla.suse.com/1074317", }, { category: "external", summary: "SUSE Bug 1082825 for CVE-2017-18013", url: "https://bugzilla.suse.com/1082825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-18013", }, { cve: "CVE-2017-5225", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5225", }, ], notes: [ { category: "general", text: "LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5225", url: "https://www.suse.com/security/cve/CVE-2017-5225", }, { category: "external", summary: "SUSE Bug 1019611 for CVE-2017-5225", url: "https://bugzilla.suse.com/1019611", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-5225", }, { cve: "CVE-2017-7592", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7592", }, ], notes: [ { category: "general", text: "The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7592", url: "https://www.suse.com/security/cve/CVE-2017-7592", }, { category: "external", summary: "SUSE Bug 1033131 for CVE-2017-7592", url: "https://bugzilla.suse.com/1033131", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-7592", }, { cve: "CVE-2017-7593", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7593", }, ], notes: [ { category: "general", text: "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7593", url: "https://www.suse.com/security/cve/CVE-2017-7593", }, { category: "external", summary: "SUSE Bug 1033129 for CVE-2017-7593", url: "https://bugzilla.suse.com/1033129", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7593", }, { cve: "CVE-2017-7594", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7594", }, ], notes: [ { category: "general", text: "The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7594", url: "https://www.suse.com/security/cve/CVE-2017-7594", }, { category: "external", summary: "SUSE Bug 1033128 for CVE-2017-7594", url: "https://bugzilla.suse.com/1033128", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7594", }, { cve: "CVE-2017-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7595", }, ], notes: [ { category: "general", text: "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7595", url: "https://www.suse.com/security/cve/CVE-2017-7595", }, { category: "external", summary: "SUSE Bug 1033111 for CVE-2017-7595", url: "https://bugzilla.suse.com/1033111", }, { category: "external", summary: "SUSE Bug 1033127 for CVE-2017-7595", url: "https://bugzilla.suse.com/1033127", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7595", }, { cve: "CVE-2017-7596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7596", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7596", url: "https://www.suse.com/security/cve/CVE-2017-7596", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7596", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-7596", }, { cve: "CVE-2017-7598", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7598", }, ], notes: [ { category: "general", text: "tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7598", url: "https://www.suse.com/security/cve/CVE-2017-7598", }, { category: "external", summary: "SUSE Bug 1033118 for CVE-2017-7598", url: "https://bugzilla.suse.com/1033118", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7598", }, { cve: "CVE-2017-7599", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7599", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7599", url: "https://www.suse.com/security/cve/CVE-2017-7599", }, { category: "external", summary: "SUSE Bug 1033112 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033112", }, { category: "external", summary: "SUSE Bug 1033113 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033113", }, { category: "external", summary: "SUSE Bug 1033120 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033120", }, { category: "external", summary: "SUSE Bug 1033126 for CVE-2017-7599", url: "https://bugzilla.suse.com/1033126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7599", }, { cve: "CVE-2017-7601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7601", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7601", url: "https://www.suse.com/security/cve/CVE-2017-7601", }, { category: "external", summary: "SUSE Bug 1033111 for CVE-2017-7601", url: "https://bugzilla.suse.com/1033111", }, { category: "external", summary: "SUSE Bug 1033127 for CVE-2017-7601", url: "https://bugzilla.suse.com/1033127", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-7601", }, { cve: "CVE-2017-7602", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7602", }, ], notes: [ { category: "general", text: "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7602", url: "https://www.suse.com/security/cve/CVE-2017-7602", }, { category: "external", summary: "SUSE Bug 1033109 for CVE-2017-7602", url: "https://bugzilla.suse.com/1033109", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-7602", }, { cve: "CVE-2017-9403", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9403", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9403", url: "https://www.suse.com/security/cve/CVE-2017-9403", }, { category: "external", summary: "SUSE Bug 1042805 for CVE-2017-9403", url: "https://bugzilla.suse.com/1042805", }, { category: "external", summary: "SUSE Bug 1045688 for CVE-2017-9403", url: "https://bugzilla.suse.com/1045688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-9403", }, { cve: "CVE-2017-9404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9404", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9404", url: "https://www.suse.com/security/cve/CVE-2017-9404", }, { category: "external", summary: "SUSE Bug 1042804 for CVE-2017-9404", url: "https://bugzilla.suse.com/1042804", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-9404", }, { cve: "CVE-2017-9935", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9935", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9935", url: "https://www.suse.com/security/cve/CVE-2017-9935", }, { category: "external", summary: "SUSE Bug 1046077 for CVE-2017-9935", url: "https://bugzilla.suse.com/1046077", }, { category: "external", summary: "SUSE Bug 1074318 for CVE-2017-9935", url: "https://bugzilla.suse.com/1074318", }, { category: "external", summary: "SUSE Bug 1108606 for CVE-2017-9935", url: "https://bugzilla.suse.com/1108606", }, { category: "external", summary: "SUSE Bug 1110358 for CVE-2017-9935", url: "https://bugzilla.suse.com/1110358", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-9935", }, { cve: "CVE-2017-9936", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9936", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9936", url: "https://www.suse.com/security/cve/CVE-2017-9936", }, { category: "external", summary: "SUSE Bug 1046073 for CVE-2017-9936", url: "https://bugzilla.suse.com/1046073", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-9936", }, { cve: "CVE-2018-10779", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10779", }, ], notes: [ { category: "general", text: "TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10779", url: "https://www.suse.com/security/cve/CVE-2018-10779", }, { category: "external", summary: "SUSE Bug 1092480 for CVE-2018-10779", url: "https://bugzilla.suse.com/1092480", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-10779", }, { cve: "CVE-2018-10963", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10963", }, ], notes: [ { category: "general", text: "The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10963", url: "https://www.suse.com/security/cve/CVE-2018-10963", }, { category: "external", summary: "SUSE Bug 1092949 for CVE-2018-10963", url: "https://bugzilla.suse.com/1092949", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-10963", }, { cve: "CVE-2018-12900", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-12900", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-12900", url: "https://www.suse.com/security/cve/CVE-2018-12900", }, { category: "external", summary: "SUSE Bug 1099257 for CVE-2018-12900", url: "https://bugzilla.suse.com/1099257", }, { category: "external", summary: "SUSE Bug 1125113 for CVE-2018-12900", url: "https://bugzilla.suse.com/1125113", }, { category: "external", summary: "SUSE Bug 1150480 for CVE-2018-12900", url: "https://bugzilla.suse.com/1150480", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-12900", }, { cve: "CVE-2018-16335", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16335", }, ], notes: [ { category: "general", text: "newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16335", url: "https://www.suse.com/security/cve/CVE-2018-16335", }, { category: "external", summary: "SUSE Bug 1106853 for CVE-2018-16335", url: "https://bugzilla.suse.com/1106853", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16335", }, { cve: "CVE-2018-17000", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-17000", }, ], notes: [ { category: "general", text: "A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-17000", url: "https://www.suse.com/security/cve/CVE-2018-17000", }, { category: "external", summary: "SUSE Bug 1108606 for CVE-2018-17000", url: "https://bugzilla.suse.com/1108606", }, { category: "external", summary: "SUSE Bug 1115717 for CVE-2018-17000", url: "https://bugzilla.suse.com/1115717", }, { category: "external", summary: "SUSE Bug 1125113 for CVE-2018-17000", url: "https://bugzilla.suse.com/1125113", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-17000", }, { cve: "CVE-2018-17100", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-17100", }, ], notes: [ { category: "general", text: "An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-17100", url: "https://www.suse.com/security/cve/CVE-2018-17100", }, { category: "external", summary: "SUSE Bug 1108637 for CVE-2018-17100", url: "https://bugzilla.suse.com/1108637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-17100", }, { cve: "CVE-2018-17101", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-17101", }, ], notes: [ { category: "general", text: "An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-17101", url: "https://www.suse.com/security/cve/CVE-2018-17101", }, { category: "external", summary: "SUSE Bug 1108627 for CVE-2018-17101", url: "https://bugzilla.suse.com/1108627", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-17101", }, { cve: "CVE-2018-17795", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-17795", }, ], notes: [ { category: "general", text: "The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-17795", url: "https://www.suse.com/security/cve/CVE-2018-17795", }, { category: "external", summary: "SUSE Bug 1046077 for CVE-2018-17795", url: "https://bugzilla.suse.com/1046077", }, { category: "external", summary: "SUSE Bug 1110358 for CVE-2018-17795", url: "https://bugzilla.suse.com/1110358", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-17795", }, { cve: "CVE-2018-18557", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-18557", }, ], notes: [ { category: "general", text: "LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-18557", url: "https://www.suse.com/security/cve/CVE-2018-18557", }, { category: "external", summary: "SUSE Bug 1113094 for CVE-2018-18557", url: "https://bugzilla.suse.com/1113094", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-18557", }, { cve: "CVE-2018-18661", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-18661", }, ], notes: [ { category: "general", text: "An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-18661", url: "https://www.suse.com/security/cve/CVE-2018-18661", }, { category: "external", summary: "SUSE Bug 1113672 for CVE-2018-18661", url: "https://bugzilla.suse.com/1113672", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-18661", }, { cve: "CVE-2018-19210", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-19210", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-19210", url: "https://www.suse.com/security/cve/CVE-2018-19210", }, { category: "external", summary: "SUSE Bug 1108606 for CVE-2018-19210", url: "https://bugzilla.suse.com/1108606", }, { category: "external", summary: "SUSE Bug 1115717 for CVE-2018-19210", url: "https://bugzilla.suse.com/1115717", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-19210", }, { cve: "CVE-2018-5784", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-5784", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-5784", url: "https://www.suse.com/security/cve/CVE-2018-5784", }, { category: "external", summary: "SUSE Bug 1081690 for CVE-2018-5784", url: "https://bugzilla.suse.com/1081690", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-5784", }, { cve: "CVE-2018-7456", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-7456", }, ], notes: [ { category: "general", text: "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-7456", url: "https://www.suse.com/security/cve/CVE-2018-7456", }, { category: "external", summary: "SUSE Bug 1074317 for CVE-2018-7456", url: "https://bugzilla.suse.com/1074317", }, { category: "external", summary: "SUSE Bug 1082825 for CVE-2018-7456", url: "https://bugzilla.suse.com/1082825", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-7456", }, { cve: "CVE-2018-8905", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8905", }, ], notes: [ { category: "general", text: "In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8905", url: "https://www.suse.com/security/cve/CVE-2018-8905", }, { category: "external", summary: "SUSE Bug 1086408 for CVE-2018-8905", url: "https://bugzilla.suse.com/1086408", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8905", }, { cve: "CVE-2019-6128", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-6128", }, ], notes: [ { category: "general", text: "The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-6128", url: "https://www.suse.com/security/cve/CVE-2019-6128", }, { category: "external", summary: "SUSE Bug 1121626 for CVE-2019-6128", url: "https://bugzilla.suse.com/1121626", }, { category: "external", summary: "SUSE Bug 1153715 for CVE-2019-6128", url: "https://bugzilla.suse.com/1153715", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-6128", }, { cve: "CVE-2019-7663", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-7663", }, ], notes: [ { category: "general", text: "An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-7663", url: "https://www.suse.com/security/cve/CVE-2019-7663", }, { category: "external", summary: "SUSE Bug 1125113 for CVE-2019-7663", url: "https://bugzilla.suse.com/1125113", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.s390x", "openSUSE Tumbleweed:libtiff5-4.3.0-1.3.x86_64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.aarch64", "openSUSE Tumbleweed:tiff-4.3.0-1.3.ppc64le", "openSUSE Tumbleweed:tiff-4.3.0-1.3.s390x", "openSUSE Tumbleweed:tiff-4.3.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-7663", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.