Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libtiff-devel-32bit-4.6.0-2.1 on GA media
Notes
Title of the patch
libtiff-devel-32bit-4.6.0-2.1 on GA media
Description of the patch
These are all security issues fixed in the libtiff-devel-32bit-4.6.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13381
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libtiff-devel-32bit-4.6.0-2.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libtiff-devel-32bit-4.6.0-2.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13381", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13381-1.json", }, { category: "self", summary: "SUSE CVE CVE-2016-10092 page", url: "https://www.suse.com/security/cve/CVE-2016-10092/", }, { category: "self", summary: "SUSE CVE CVE-2016-6223 page", url: "https://www.suse.com/security/cve/CVE-2016-6223/", }, { category: "self", summary: "SUSE CVE CVE-2017-12944 page", url: "https://www.suse.com/security/cve/CVE-2017-12944/", }, { category: "self", summary: "SUSE CVE CVE-2017-17095 page", url: "https://www.suse.com/security/cve/CVE-2017-17095/", }, { category: "self", summary: "SUSE CVE CVE-2019-14973 page", url: "https://www.suse.com/security/cve/CVE-2019-14973/", }, { category: "self", summary: "SUSE CVE CVE-2019-17546 page", url: "https://www.suse.com/security/cve/CVE-2019-17546/", }, { category: "self", summary: "SUSE CVE CVE-2020-19131 page", url: "https://www.suse.com/security/cve/CVE-2020-19131/", }, { category: "self", summary: "SUSE CVE CVE-2020-35521 page", url: "https://www.suse.com/security/cve/CVE-2020-35521/", }, { category: "self", summary: "SUSE CVE CVE-2020-35522 page", url: "https://www.suse.com/security/cve/CVE-2020-35522/", }, { category: "self", summary: "SUSE CVE CVE-2020-35523 page", url: "https://www.suse.com/security/cve/CVE-2020-35523/", }, { category: "self", summary: "SUSE CVE CVE-2020-35524 page", url: "https://www.suse.com/security/cve/CVE-2020-35524/", }, { category: "self", summary: "SUSE CVE CVE-2022-22844 page", url: "https://www.suse.com/security/cve/CVE-2022-22844/", }, { category: "self", summary: "SUSE CVE CVE-2022-2867 page", url: "https://www.suse.com/security/cve/CVE-2022-2867/", }, { category: "self", summary: "SUSE CVE CVE-2022-2868 page", url: "https://www.suse.com/security/cve/CVE-2022-2868/", }, { category: "self", summary: "SUSE CVE CVE-2022-2869 page", url: "https://www.suse.com/security/cve/CVE-2022-2869/", }, { category: "self", summary: "SUSE CVE CVE-2022-34266 page", url: "https://www.suse.com/security/cve/CVE-2022-34266/", }, ], title: "libtiff-devel-32bit-4.6.0-2.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13381-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libtiff-devel-4.6.0-2.1.aarch64", product: { name: "libtiff-devel-4.6.0-2.1.aarch64", product_id: "libtiff-devel-4.6.0-2.1.aarch64", }, }, { category: "product_version", name: "libtiff-devel-32bit-4.6.0-2.1.aarch64", product: { name: "libtiff-devel-32bit-4.6.0-2.1.aarch64", product_id: "libtiff-devel-32bit-4.6.0-2.1.aarch64", }, }, { category: "product_version", name: "libtiff6-4.6.0-2.1.aarch64", product: { name: "libtiff6-4.6.0-2.1.aarch64", product_id: "libtiff6-4.6.0-2.1.aarch64", }, }, { category: "product_version", name: "libtiff6-32bit-4.6.0-2.1.aarch64", product: { name: "libtiff6-32bit-4.6.0-2.1.aarch64", product_id: "libtiff6-32bit-4.6.0-2.1.aarch64", }, }, { category: "product_version", name: "tiff-4.6.0-2.1.aarch64", product: { name: "tiff-4.6.0-2.1.aarch64", product_id: "tiff-4.6.0-2.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libtiff-devel-4.6.0-2.1.ppc64le", product: { name: "libtiff-devel-4.6.0-2.1.ppc64le", product_id: "libtiff-devel-4.6.0-2.1.ppc64le", }, }, { category: "product_version", name: "libtiff-devel-32bit-4.6.0-2.1.ppc64le", product: { name: "libtiff-devel-32bit-4.6.0-2.1.ppc64le", product_id: "libtiff-devel-32bit-4.6.0-2.1.ppc64le", }, }, { category: "product_version", name: "libtiff6-4.6.0-2.1.ppc64le", product: { name: "libtiff6-4.6.0-2.1.ppc64le", product_id: "libtiff6-4.6.0-2.1.ppc64le", }, }, { category: "product_version", name: "libtiff6-32bit-4.6.0-2.1.ppc64le", product: { name: "libtiff6-32bit-4.6.0-2.1.ppc64le", product_id: "libtiff6-32bit-4.6.0-2.1.ppc64le", }, }, { category: "product_version", name: "tiff-4.6.0-2.1.ppc64le", product: { name: "tiff-4.6.0-2.1.ppc64le", product_id: "tiff-4.6.0-2.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libtiff-devel-4.6.0-2.1.s390x", product: { name: "libtiff-devel-4.6.0-2.1.s390x", product_id: "libtiff-devel-4.6.0-2.1.s390x", }, }, { category: "product_version", name: "libtiff-devel-32bit-4.6.0-2.1.s390x", product: { name: "libtiff-devel-32bit-4.6.0-2.1.s390x", product_id: "libtiff-devel-32bit-4.6.0-2.1.s390x", }, }, { category: "product_version", name: "libtiff6-4.6.0-2.1.s390x", product: { name: "libtiff6-4.6.0-2.1.s390x", product_id: "libtiff6-4.6.0-2.1.s390x", }, }, { category: "product_version", name: "libtiff6-32bit-4.6.0-2.1.s390x", product: { name: "libtiff6-32bit-4.6.0-2.1.s390x", product_id: "libtiff6-32bit-4.6.0-2.1.s390x", }, }, { category: "product_version", name: "tiff-4.6.0-2.1.s390x", product: { name: "tiff-4.6.0-2.1.s390x", product_id: "tiff-4.6.0-2.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libtiff-devel-4.6.0-2.1.x86_64", product: { name: "libtiff-devel-4.6.0-2.1.x86_64", product_id: "libtiff-devel-4.6.0-2.1.x86_64", }, }, { category: "product_version", name: "libtiff-devel-32bit-4.6.0-2.1.x86_64", product: { name: "libtiff-devel-32bit-4.6.0-2.1.x86_64", product_id: "libtiff-devel-32bit-4.6.0-2.1.x86_64", }, }, { category: "product_version", name: "libtiff6-4.6.0-2.1.x86_64", product: { name: "libtiff6-4.6.0-2.1.x86_64", product_id: "libtiff6-4.6.0-2.1.x86_64", }, }, { category: "product_version", name: "libtiff6-32bit-4.6.0-2.1.x86_64", product: { name: "libtiff6-32bit-4.6.0-2.1.x86_64", product_id: "libtiff6-32bit-4.6.0-2.1.x86_64", }, }, { category: "product_version", name: "tiff-4.6.0-2.1.x86_64", product: { name: "tiff-4.6.0-2.1.x86_64", product_id: "tiff-4.6.0-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.6.0-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", }, product_reference: "libtiff-devel-4.6.0-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.6.0-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", }, product_reference: "libtiff-devel-4.6.0-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.6.0-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", }, product_reference: "libtiff-devel-4.6.0-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-4.6.0-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", }, product_reference: "libtiff-devel-4.6.0-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-4.6.0-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", }, product_reference: "libtiff-devel-32bit-4.6.0-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-4.6.0-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", }, product_reference: "libtiff-devel-32bit-4.6.0-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-4.6.0-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", }, product_reference: "libtiff-devel-32bit-4.6.0-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff-devel-32bit-4.6.0-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", }, product_reference: "libtiff-devel-32bit-4.6.0-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff6-4.6.0-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", }, product_reference: "libtiff6-4.6.0-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff6-4.6.0-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", }, product_reference: "libtiff6-4.6.0-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff6-4.6.0-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", }, product_reference: "libtiff6-4.6.0-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff6-4.6.0-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", }, product_reference: "libtiff6-4.6.0-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff6-32bit-4.6.0-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", }, product_reference: "libtiff6-32bit-4.6.0-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff6-32bit-4.6.0-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", }, product_reference: "libtiff6-32bit-4.6.0-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff6-32bit-4.6.0-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", }, product_reference: "libtiff6-32bit-4.6.0-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libtiff6-32bit-4.6.0-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", }, product_reference: "libtiff6-32bit-4.6.0-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tiff-4.6.0-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", }, product_reference: "tiff-4.6.0-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tiff-4.6.0-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", }, product_reference: "tiff-4.6.0-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tiff-4.6.0-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", }, product_reference: "tiff-4.6.0-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "tiff-4.6.0-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", }, product_reference: "tiff-4.6.0-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10092", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10092", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10092", url: "https://www.suse.com/security/cve/CVE-2016-10092", }, { category: "external", summary: "SUSE Bug 1017693 for CVE-2016-10092", url: "https://bugzilla.suse.com/1017693", }, { category: "external", summary: "SUSE Bug 1122679 for CVE-2016-10092", url: "https://bugzilla.suse.com/1122679", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10092", }, { cve: "CVE-2016-6223", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-6223", }, ], notes: [ { category: "general", text: "The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-6223", url: "https://www.suse.com/security/cve/CVE-2016-6223", }, { category: "external", summary: "SUSE Bug 990460 for CVE-2016-6223", url: "https://bugzilla.suse.com/990460", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-6223", }, { cve: "CVE-2017-12944", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12944", }, ], notes: [ { category: "general", text: "The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12944", url: "https://www.suse.com/security/cve/CVE-2017-12944", }, { category: "external", summary: "SUSE Bug 1003874 for CVE-2017-12944", url: "https://bugzilla.suse.com/1003874", }, { category: "external", summary: "SUSE Bug 1054594 for CVE-2017-12944", url: "https://bugzilla.suse.com/1054594", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-12944", }, { cve: "CVE-2017-17095", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-17095", }, ], notes: [ { category: "general", text: "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-17095", url: "https://www.suse.com/security/cve/CVE-2017-17095", }, { category: "external", summary: "SUSE Bug 1071031 for CVE-2017-17095", url: "https://bugzilla.suse.com/1071031", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-17095", }, { cve: "CVE-2019-14973", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14973", }, ], notes: [ { category: "general", text: "_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14973", url: "https://www.suse.com/security/cve/CVE-2019-14973", }, { category: "external", summary: "SUSE Bug 1146608 for CVE-2019-14973", url: "https://bugzilla.suse.com/1146608", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14973", }, { cve: "CVE-2019-17546", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-17546", }, ], notes: [ { category: "general", text: "tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-17546", url: "https://www.suse.com/security/cve/CVE-2019-17546", }, { category: "external", summary: "SUSE Bug 1154365 for CVE-2019-17546", url: "https://bugzilla.suse.com/1154365", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-17546", }, { cve: "CVE-2020-19131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-19131", }, ], notes: [ { category: "general", text: "Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the \"invertImage()\" function in the component \"tiffcrop\".", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-19131", url: "https://www.suse.com/security/cve/CVE-2020-19131", }, { category: "external", summary: "SUSE Bug 1190312 for CVE-2020-19131", url: "https://bugzilla.suse.com/1190312", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-19131", }, { cve: "CVE-2020-35521", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35521", }, ], notes: [ { category: "general", text: "A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35521", url: "https://www.suse.com/security/cve/CVE-2020-35521", }, { category: "external", summary: "SUSE Bug 1182808 for CVE-2020-35521", url: "https://bugzilla.suse.com/1182808", }, { category: "external", summary: "SUSE Bug 1200195 for CVE-2020-35521", url: "https://bugzilla.suse.com/1200195", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-35521", }, { cve: "CVE-2020-35522", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35522", }, ], notes: [ { category: "general", text: "In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35522", url: "https://www.suse.com/security/cve/CVE-2020-35522", }, { category: "external", summary: "SUSE Bug 1182809 for CVE-2020-35522", url: "https://bugzilla.suse.com/1182809", }, { category: "external", summary: "SUSE Bug 1200195 for CVE-2020-35522", url: "https://bugzilla.suse.com/1200195", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-35522", }, { cve: "CVE-2020-35523", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35523", }, ], notes: [ { category: "general", text: "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35523", url: "https://www.suse.com/security/cve/CVE-2020-35523", }, { category: "external", summary: "SUSE Bug 1182811 for CVE-2020-35523", url: "https://bugzilla.suse.com/1182811", }, { category: "external", summary: "SUSE Bug 1200195 for CVE-2020-35523", url: "https://bugzilla.suse.com/1200195", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-35523", }, { cve: "CVE-2020-35524", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35524", }, ], notes: [ { category: "general", text: "A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-35524", url: "https://www.suse.com/security/cve/CVE-2020-35524", }, { category: "external", summary: "SUSE Bug 1182812 for CVE-2020-35524", url: "https://bugzilla.suse.com/1182812", }, { category: "external", summary: "SUSE Bug 1200195 for CVE-2020-35524", url: "https://bugzilla.suse.com/1200195", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-35524", }, { cve: "CVE-2022-22844", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-22844", }, ], notes: [ { category: "general", text: "LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-22844", url: "https://www.suse.com/security/cve/CVE-2022-22844", }, { category: "external", summary: "SUSE Bug 1194539 for CVE-2022-22844", url: "https://bugzilla.suse.com/1194539", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-22844", }, { cve: "CVE-2022-2867", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2867", }, ], notes: [ { category: "general", text: "libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2867", url: "https://www.suse.com/security/cve/CVE-2022-2867", }, { category: "external", summary: "SUSE Bug 1202466 for CVE-2022-2867", url: "https://bugzilla.suse.com/1202466", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2022-2867", }, { cve: "CVE-2022-2868", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2868", }, ], notes: [ { category: "general", text: "libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2868", url: "https://www.suse.com/security/cve/CVE-2022-2868", }, { category: "external", summary: "SUSE Bug 1202467 for CVE-2022-2868", url: "https://bugzilla.suse.com/1202467", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2022-2868", }, { cve: "CVE-2022-2869", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-2869", }, ], notes: [ { category: "general", text: "libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-2869", url: "https://www.suse.com/security/cve/CVE-2022-2869", }, { category: "external", summary: "SUSE Bug 1202468 for CVE-2022-2869", url: "https://bugzilla.suse.com/1202468", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2022-2869", }, { cve: "CVE-2022-34266", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-34266", }, ], notes: [ { category: "general", text: "The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-34266", url: "https://www.suse.com/security/cve/CVE-2022-34266", }, { category: "external", summary: "SUSE Bug 1201723 for CVE-2022-34266", url: "https://bugzilla.suse.com/1201723", }, { category: "external", summary: "SUSE Bug 1208311 for CVE-2022-34266", url: "https://bugzilla.suse.com/1208311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff-devel-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-32bit-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.s390x", "openSUSE Tumbleweed:libtiff6-4.6.0-2.1.x86_64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.aarch64", "openSUSE Tumbleweed:tiff-4.6.0-2.1.ppc64le", "openSUSE Tumbleweed:tiff-4.6.0-2.1.s390x", "openSUSE Tumbleweed:tiff-4.6.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-34266", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.