Overview

File _patchinfo of Package patchinfo.40030

<patchinfo incident="40030">
  <issue tracker="cve" id="2025-8177"/>
  <issue tracker="cve" id="2025-8176"/>
  <issue tracker="bnc" id="1247108">VUL-0: CVE-2025-8176: tiff: heap use-after-free in tools/tiffmedian.c</issue>
  <issue tracker="bnc" id="1247106">VUL-0: CVE-2025-8177: tiff: possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files</issue>
  <issue tracker="bnc" id="1243503">magick: The value of field_readcount and field_writecount must be greater than or equal to -3 and not zero.. `TIFFMergeFieldInfo' @ error/tiff.c/TIFFErrors/599.</issue>
  <packager>mvetter</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tiff</summary>
  <description>This update for tiff fixes the following issues:

- Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503)
- CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
- CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() 
  when processing malformed TIFF files (bsc#1247106)
- Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4
- Add %check section
- Remove Group: declarations, no longer used
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places