{"id":"SUSE-SU-2023:4869-1","summary":"Security update for tiff","details":"This update for tiff fixes the following issues:\n\n- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).\n- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).\n- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).\n- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).\n","modified":"2026-02-04T04:21:31.775627Z","published":"2023-12-14T15:26:46Z","related":["CVE-2022-1622","CVE-2022-40090","CVE-2023-1916","CVE-2023-26965","CVE-2023-2731"],"upstream":["CVE-2022-1622","CVE-2022-40090","CVE-2023-1916","CVE-2023-26965","CVE-2023-2731"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234869-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199483"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210231"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211478"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212398"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214680"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-1622"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-40090"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-1916"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-26965"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-2731"}],"affected":[{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Micro 5.3","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Micro 5.4","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Micro 5.5","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP5","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP4","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"tiff":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"tiff":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Server 15 SP1-LTSS","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Server 15 SP2-LTSS","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP1","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP2","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Linux Enterprise Micro 5.2","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"SUSE:Enterprise Storage 7.1","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"openSUSE:Leap Micro 5.3","purl":"pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"openSUSE:Leap Micro 5.4","purl":"pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"openSUSE:Leap 15.4","purl":"pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel-32bit":"4.0.9-150000.45.35.1","tiff":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}},{"package":{"name":"tiff","ecosystem":"openSUSE:Leap 15.5","purl":"pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-150000.45.35.1"}]}],"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-150000.45.35.1","libtiff-devel-32bit":"4.0.9-150000.45.35.1","tiff":"4.0.9-150000.45.35.1","libtiff-devel":"4.0.9-150000.45.35.1","libtiff5":"4.0.9-150000.45.35.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4869-1.json"}}],"schema_version":"1.7.3"}