SUSE-SU-2026:1408-1

Details

This update for tiff fixes the following issues:

CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798).
CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801).

Affected Packages

libtiff5

SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP7

Fixed in:

4.0.9-150000.45.63.1

tiff

SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP7

Fixed in:

4.0.9-150000.45.63.1

libtiff5-32bit

SUSE Linux Enterprise Module for Basesystem 15 SP7

Fixed in:

4.0.9-150000.45.63.1

References

REPORT

https://bugzilla.suse.com/1258798

REPORT

https://bugzilla.suse.com/1258801

WEB

https://www.suse.com/security/cve/CVE-2025-61143

WEB

https://www.suse.com/security/cve/CVE-2025-61144

ADVISORY

https://www.suse.com/support/update/announcement/2026/suse-su-20261408-1/