Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Tiff Update Fixes Critical Data Corruption and Crash Risks
SUSE-SU-2026:1407-1
Summary
This update for Tiff fixes two critical issues that could cause data corruption or crashes in the application. If left unpatched, these vulnerabilities could allow malicious users to manipulate or destroy data, or disrupt service. Apply the update to ensure your system remains secure and stable.
What to do
- Update tiff to version 4.0.9-44.109.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 | – | tiff |
< 4.0.9-44.109.1 Fix: upgrade to 4.0.9-44.109.1
|
Original title
Security update for tiff
Original description
This update for tiff fixes the following issues:
- CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798).
- CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801).
- CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798).
- CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261407-1/ Vendor Advisory
- https://bugzilla.suse.com/1258798 Third Party Advisory
- https://bugzilla.suse.com/1258801 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2025-61143 URL
- https://www.suse.com/security/cve/CVE-2025-61144 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026