{"affected":[{"ecosystem_specific":{"binaries":[{"libtiff-devel":"4.0.9-44.89.1","libtiff5":"4.0.9-44.89.1","libtiff5-32bit":"4.0.9-44.89.1","tiff":"4.0.9-44.89.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-44.89.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff-devel":"4.0.9-44.89.1","libtiff5":"4.0.9-44.89.1","libtiff5-32bit":"4.0.9-44.89.1","tiff":"4.0.9-44.89.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-44.89.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tiff fixes the following issues:\n\n- CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)\n- CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() \n  when processing malformed TIFF files (bsc#1247106)\n","id":"SUSE-SU-2025:02771-1","modified":"2025-08-12T13:50:53Z","published":"2025-08-12T13:50:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502771-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247106"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247108"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-8176"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-8177"}],"related":["CVE-2025-8176","CVE-2025-8177"],"summary":"Security update for tiff","upstream":["CVE-2025-8176","CVE-2025-8177"]}