{"affected":[{"ecosystem_specific":{"binaries":[{"libtiff-devel":"3.8.2-141.168.1","libtiff-devel-32bit":"3.8.2-141.168.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.168.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff3":"3.8.2-141.168.1","libtiff3-32bit":"3.8.2-141.168.1","libtiff3-x86":"3.8.2-141.168.1","tiff":"3.8.2-141.168.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.168.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff3":"3.8.2-141.168.1","libtiff3-32bit":"3.8.2-141.168.1","libtiff3-x86":"3.8.2-141.168.1","tiff":"3.8.2-141.168.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.168.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tiff fixes the following issues:\n\n- CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449)\n- Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098)\n- CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831)\n- CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837)\n- CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842)\n- CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808)\n- CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351)\n- CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618)\n- CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614)\n- CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069)\n- CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340)\n","id":"SUSE-SU-2016:2527-1","modified":"2016-10-13T11:59:37Z","published":"2016-10-13T11:59:37Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162527-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/973340"},{"type":"REPORT","url":"https://bugzilla.suse.com/974449"},{"type":"REPORT","url":"https://bugzilla.suse.com/974614"},{"type":"REPORT","url":"https://bugzilla.suse.com/974618"},{"type":"REPORT","url":"https://bugzilla.suse.com/975069"},{"type":"REPORT","url":"https://bugzilla.suse.com/984808"},{"type":"REPORT","url":"https://bugzilla.suse.com/984831"},{"type":"REPORT","url":"https://bugzilla.suse.com/984837"},{"type":"REPORT","url":"https://bugzilla.suse.com/984842"},{"type":"REPORT","url":"https://bugzilla.suse.com/987351"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3622"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3623"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3990"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5314"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5316"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5317"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5320"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5875"}],"related":["CVE-2016-3186","CVE-2016-3622","CVE-2016-3623","CVE-2016-3945","CVE-2016-3990","CVE-2016-5314","CVE-2016-5316","CVE-2016-5317","CVE-2016-5320","CVE-2016-5875"],"summary":"Security update for tiff","upstream":["CVE-2016-3186","CVE-2016-3622","CVE-2016-3623","CVE-2016-3945","CVE-2016-3990","CVE-2016-5314","CVE-2016-5316","CVE-2016-5317","CVE-2016-5320","CVE-2016-5875"]}