Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2853-1 advisory.
Update to version 4.7.2.
Security issues fixed:
- CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF image (bsc#1269779).
- CVE-2026-36849: denial of service when processing a a crafted TIFF file containing a large SamplesPerPixel tag value (bsc#1268434).
Other updates and bugfixes:
- Version 4.7.2:
- Software configuration changes:
* cmake: Fix bundle identifiers to use reverse-DNS format
* cmake: Fix and improve Apple framework build support
* cmake: Use TurboJPEG CONFIG by default (issue #767)
* cmake: changes related to 8-/12-bit modes
* cmake: Replace CMath::CMath with direct link to avoid export.
* Support for iOS-derived builds
* Simplify cmake byte order version check
* Add additional warnings, primarily floating precision conversions and integer arithmetic conversions
* configure.ac: Require bootstrap with at least Autoconf 2.71.
- Library changes:
* New/improved functionalities::
- Add TIFFGetMaxCompressionRatio() and use it in _TIFFReadEncoded[Tile|Strip)AndAllocBuffer() (issue #781)
- Bug fixes:
* Handle negative TIFFReadFile results before state updates (issue #854)
* tif_dirread.c: fix copy-paste bug in ChopUpSingleUncompressedStrip
* tif_read.c: Fixed division by zero in TIFFStartStrip() (issue #777)
* tif_dirwrite.c: add integer overflow checks to allocation size calculations
* tif_print.c: add integer overflow checks to allocation size calculations
* tif_write.c: fix OOB read and underflow in TIFFAppendToStrip copy loop
* DumpModeSeek: add bounds check to prevent OOB pointer advance
* TIFFGrowStrips: fix use-after-free on partial realloc failure.
* Fix NULL dereference in _TIFFReserveLargeEnoughWriteBuffer() by validating the strip bytecount array before accessing it.
* TIFFRGBAImage: avoid int overflows in put functions (issue #830)
* tif_getimage: fix inconsistent fromskew handling in put16bitbwtile (issue #792)
* tif_getimage: Widen pointer-offset arithmetic in tif_getimage
* putcontig8bitYCbCr44tile: fix wrong fromskew computation (issue #798)
* putcontig8bitYCbCr42tile: Reject invalid YCbCr subsampling when image dimensions are smaller than the subsampling block to prevent out-of-bounds writes. (issue #753)
* TIFFReadRGBAImage(): prevent integer overflow and later heap overflow (issue #787)
* TIFFFillStrip/Tile(): avoid excessive memory allocation (issue #831)
* TIFFLinkDirectory() checks for IFD loops (issue #788)
* Check result of _TIFFCheckRealloc to prevent memory leaks and segmentation fault when reallocation fails.
* TIFFVTileSize64(): in YCbCr contig non upsampled mode, validate td_samplesperpixel==3 (issue #805)
* TIFFReadDirEntryPersampleShort(): be tolerant to tags like SampleFormat not having 1 or SamplesPerPixel values (https://github.com/OSGeo/gdal/issues/13465)
* tif_getimage: reject tile widths that would overflow toskew (issue #808)
* Fix integer overflow in _TIFFPartialReadStripArray on 32-bit.
* TIFFAppendToStrip(): add some checks to avoid null-pointer-dereferencing (issue #777).
* _TIFFGetStrileOffsetOrByteCountValue(): fix potential crash on corrupted files when file opened in 'O' mode (https://issues.oss-fuzz.com/issues/471328917)
* TIFFReadDirectory(): re-set TIFF_LAZYSTRILELOAD if file opened in 'O' mode
* _TIFFMergeFields(): avoid NULL ptr dereference (issue #755).
* Check td_stripbytecount_p and td_stripoffset_p for NULL pointer before (re-)writing to file. (issue #749)
* JPEGDecodeRaw: initialize output buffer to avoid returning uninitialized memory (issue #892)
* JPEG decompressor: initialize output buffer when JPEG image is smaller than strile dimension to avoid heap memory disclosure (issue #826)
* JPEG: fix generation of tiled 12-bit JPEG compressed files with libjpeg-turbo 3.0.3 (issue #773)
* JPEGDecode(): fix memory leak in error code path (https://issues.oss-fuzz.com/issues/471945501)
* tif_jpeg: reject mismatched JPEG data precision to avoid write overflow
* Fix signed left-shift UB in LogLuv RANDITHER encoding (issue #850)
* PixarLog: error out on invalid ABGR output buffer sizes.
* PixarLog: complete ABGR bounds check for multi-row strip decoding.
* PixarLog: fix heap-buffer-overflow in 8BITABGR decode with stride 3 (issue #824)
* PixarLog: fix undoing horizontal differencing when SamplesPerPixel != 3 and 4 (issue #789).
* PixarLog codec: fix potential integer overflow/out-of-bounds access (issue #797)
* TIFFAdvanceDirectory(): avoid potential read heap-buffer-overflow in mmap code path on 32 bit builds (https://issues.oss-fuzz.com/issues/506737072)
* OJPEG: fix integer overflow in subsampling buffer allocation.
* OJPEG: fix nullptr deref when changing compression method from OJPEG to something else (issue #795).
* OJPEG fix potential integer overflow/out-of-bounds access (issue #796).
* ojpeg: prevent EOF infinite loop (fixes commit 2a3d55b)
* fix null pointer deference in issue #782.
* fix stack-overflow in issue #784.
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected libtiff-devel, libtiff6, libtiff6-32bit and / or tiff packages.
Plugin Details
File Name: suse_SU-2026-2853-1.nasl
Agent: unix
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:libtiff-devel, p-cpe:/a:novell:suse_linux:libtiff6, p-cpe:/a:novell:suse_linux:tiff, p-cpe:/a:novell:suse_linux:libtiff6-32bit, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/10/2026
Vulnerability Publication Date: 3/24/2026