{"affected":[{"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-44.27.1","libtiff5-32bit":"4.0.9-44.27.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-44.27.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff-devel":"4.0.9-44.27.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-44.27.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-44.27.1","libtiff5-32bit":"4.0.9-44.27.1","tiff":"4.0.9-44.27.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-44.27.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff5":"4.0.9-44.27.1","libtiff5-32bit":"4.0.9-44.27.1","tiff":"4.0.9-44.27.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-44.27.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tiff fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).                                                                                             \n- CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).                                                                               \n- CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).\n\nNon-security issues fixed:\n\n- asan_build: build ASAN included\n- debug_build: build more suitable for debugging\n","id":"SUSE-SU-2018:3911-2","modified":"2018-12-06T13:03:37Z","published":"2018-12-06T13:03:37Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183911-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1099257"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113094"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113672"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12900"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18557"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18661"}],"related":["CVE-2018-12900","CVE-2018-18557","CVE-2018-18661"],"summary":"Security update for tiff","upstream":["CVE-2018-12900","CVE-2018-18557","CVE-2018-18661"]}