Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Tiff Updates Fix Crashes and Data Corruption
SUSE-SU-2026:1408-1
Summary
This update fixes two critical bugs in the tiff software that could cause the program to crash or produce incorrect results, potentially leading to data corruption. These issues were found in the way the software handles certain types of image files. Install this update to ensure your tiff software runs smoothly and securely.
What to do
- Update tiff to version 4.0.9-150000.45.63.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Micro 5.3 | – | tiff |
< 4.0.9-150000.45.63.1 Fix: upgrade to 4.0.9-150000.45.63.1
|
| SUSE:Linux Enterprise Micro 5.4 | – | tiff |
< 4.0.9-150000.45.63.1 Fix: upgrade to 4.0.9-150000.45.63.1
|
| SUSE:Linux Enterprise Micro 5.5 | – | tiff |
< 4.0.9-150000.45.63.1 Fix: upgrade to 4.0.9-150000.45.63.1
|
| SUSE:Linux Enterprise Module for Basesystem 15 SP7 | – | tiff |
< 4.0.9-150000.45.63.1 Fix: upgrade to 4.0.9-150000.45.63.1
|
| SUSE:Linux Enterprise Micro 5.2 | – | tiff |
< 4.0.9-150000.45.63.1 Fix: upgrade to 4.0.9-150000.45.63.1
|
Original title
Security update for tiff
Original description
This update for tiff fixes the following issues:
- CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798).
- CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801).
- CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798).
- CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261408-1/ Vendor Advisory
- https://bugzilla.suse.com/1258798 Third Party Advisory
- https://bugzilla.suse.com/1258801 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2025-61143 URL
- https://www.suse.com/security/cve/CVE-2025-61144 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026