Vulnerability-Lookup

CVE-2018-12900 (GCVE-0-2018-12900)

Vulnerability from cvelistv5 – Published: 2018-06-26 22:00 – Updated: 2024-08-05 08:45

Summary

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

8 references

URL	Tags
http://bugzilla.maptools.org/show_bug.cgi?id=2798	x_refsource_MISC
https://usn.ubuntu.com/3906-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3906-2/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:2053	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3419	vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2020/dsa-4670	vendor-advisoryx_refsource_DEBIAN
https://github.com/Hack-Me/Pocs_for_Multi_Version…	x_refsource_MISC

Date Public

2018-06-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:45:02.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798"
          },
          {
            "name": "USN-3906-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-1/"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          },
          {
            "name": "RHSA-2019:3419",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3419"
          },
          {
            "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
          },
          {
            "name": "DSA-4670",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4670"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T18:18:41.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798"
        },
        {
          "name": "USN-3906-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-1/"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        },
        {
          "name": "RHSA-2019:3419",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3419"
        },
        {
          "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
        },
        {
          "name": "DSA-4670",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4670"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12900",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2798",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798"
            },
            {
              "name": "USN-3906-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-1/"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            },
            {
              "name": "RHSA-2019:3419",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3419"
            },
            {
              "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
            },
            {
              "name": "DSA-4670",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4670"
            },
            {
              "name": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900",
              "refsource": "MISC",
              "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12900",
    "datePublished": "2018-06-26T22:00:00.000Z",
    "dateReserved": "2018-06-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T08:45:02.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-12900",
      "date": "2026-05-29",
      "epss": "0.09894",
      "percentile": "0.93125"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27374BA0-7A61-4BDC-9F92-C09E99A9AB81\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en heap en la funci\\u00f3n cpSeparateBufToContigBuf en tiffcp.c en LibTIFF versiones 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4. 0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 y 4.0.9 permite a los atacantes remotos causar una denegaci\\u00f3n de servicio (crash) o posiblemente tener otro impacto no especificado a trav\\u00e9s de un archivo TIFF crafteado\"}]",
      "id": "CVE-2018-12900",
      "lastModified": "2024-11-21T03:46:03.900",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-06-26T22:29:00.257",
      "references": "[{\"url\": \"http://bugzilla.maptools.org/show_bug.cgi?id=2798\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2053\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3419\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/3906-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3906-2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4670\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugzilla.maptools.org/show_bug.cgi?id=2798\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2053\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3419\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3906-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3906-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4670\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12900\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-06-26T22:29:00.257\",\"lastModified\":\"2024-11-21T03:46:03.900\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en heap en la funci\u00f3n cpSeparateBufToContigBuf en tiffcp.c en LibTIFF versiones 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4. 0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 y 4.0.9 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (crash) o posiblemente tener otro impacto no especificado a trav\u00e9s de un archivo TIFF crafteado\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27374BA0-7A61-4BDC-9F92-C09E99A9AB81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}],\"references\":[{\"url\":\"http://bugzilla.maptools.org/show_bug.cgi?id=2798\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2053\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3419\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3906-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3906-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4670\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugzilla.maptools.org/show_bug.cgi?id=2798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3419\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3906-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3906-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4670\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

SUSE-SU-2018:3879-1

Vulnerability from csaf_suse - Published: 2018-11-23 16:06 - Updated: 2018-11-23 16:06

Summary

Security update for tiff

Severity

Moderate

Notes

Title of the patch: Security update for tiff

Description of the patch: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322). - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080). - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186). - CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163). - CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440). - CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448). - CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447) - CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446) - CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging

Patchnames: sdksp4-tiff-13878,slessp4-tiff-13878

CVE-2015-8870

7.4 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2016-3619

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-3620

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-3621

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-5319

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2016-9273

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17942

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-9117

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-9147

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12900

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-18661

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 36 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64	—	Vendor Fix

Threats

Impact low

References

67 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1010163	self
https://bugzilla.suse.com/1014461	self
https://bugzilla.suse.com/1040080	self
https://bugzilla.suse.com/1040322	self
https://bugzilla.suse.com/1074186	self
https://bugzilla.suse.com/1099257	self
https://bugzilla.suse.com/1113672	self
https://bugzilla.suse.com/974446	self
https://bugzilla.suse.com/974447	self
https://bugzilla.suse.com/974448	self
https://bugzilla.suse.com/983440	self
https://www.suse.com/security/cve/CVE-2015-8870/	self
https://www.suse.com/security/cve/CVE-2016-3619/	self
https://www.suse.com/security/cve/CVE-2016-3620/	self
https://www.suse.com/security/cve/CVE-2016-3621/	self
https://www.suse.com/security/cve/CVE-2016-5319/	self
https://www.suse.com/security/cve/CVE-2016-9273/	self
https://www.suse.com/security/cve/CVE-2017-17942/	self
https://www.suse.com/security/cve/CVE-2017-9117/	self
https://www.suse.com/security/cve/CVE-2017-9147/	self
https://www.suse.com/security/cve/CVE-2018-12900/	self
https://www.suse.com/security/cve/CVE-2018-18661/	self
https://www.suse.com/security/cve/CVE-2015-8870	external
https://bugzilla.suse.com/1014461	external
https://bugzilla.suse.com/1150480	external
https://www.suse.com/security/cve/CVE-2016-3619	external
https://bugzilla.suse.com/1040080	external
https://bugzilla.suse.com/1150480	external
https://bugzilla.suse.com/974446	external
https://bugzilla.suse.com/974447	external
https://bugzilla.suse.com/974448	external
https://www.suse.com/security/cve/CVE-2016-3620	external
https://bugzilla.suse.com/1040080	external
https://bugzilla.suse.com/1150480	external
https://bugzilla.suse.com/974447	external
https://www.suse.com/security/cve/CVE-2016-3621	external
https://bugzilla.suse.com/1040080	external
https://bugzilla.suse.com/1150480	external
https://bugzilla.suse.com/974448	external
https://www.suse.com/security/cve/CVE-2016-5319	external
https://bugzilla.suse.com/1074186	external
https://bugzilla.suse.com/1150480	external
https://bugzilla.suse.com/983440	external
https://www.suse.com/security/cve/CVE-2016-9273	external
https://bugzilla.suse.com/1010163	external
https://bugzilla.suse.com/1017693	external
https://bugzilla.suse.com/1150480	external
https://www.suse.com/security/cve/CVE-2017-17942	external
https://bugzilla.suse.com/1074186	external
https://bugzilla.suse.com/1150480	external
https://bugzilla.suse.com/983440	external
https://www.suse.com/security/cve/CVE-2017-9117	external
https://bugzilla.suse.com/1040080	external
https://bugzilla.suse.com/1150480	external
https://www.suse.com/security/cve/CVE-2017-9147	external
https://bugzilla.suse.com/1040322	external
https://bugzilla.suse.com/1150480	external
https://www.suse.com/security/cve/CVE-2018-12900	external
https://bugzilla.suse.com/1099257	external
https://bugzilla.suse.com/1125113	external
https://bugzilla.suse.com/1150480	external
https://www.suse.com/security/cve/CVE-2018-18661	external
https://bugzilla.suse.com/1113672	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tiff",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tiff fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).\n- CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).\n- CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322). \n- CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080).\n- CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186).\n- CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163).\n- CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440).\n- CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448).\n- CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447)\n- CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446)\n- CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461).\n\nNon-security issues fixed:\n\n- asan_build: build ASAN included\n- debug_build: build more suitable for debugging\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp4-tiff-13878,slessp4-tiff-13878",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3879-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3879-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183879-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3879-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004880.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1010163",
        "url": "https://bugzilla.suse.com/1010163"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1014461",
        "url": "https://bugzilla.suse.com/1014461"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1040080",
        "url": "https://bugzilla.suse.com/1040080"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1040322",
        "url": "https://bugzilla.suse.com/1040322"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1074186",
        "url": "https://bugzilla.suse.com/1074186"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099257",
        "url": "https://bugzilla.suse.com/1099257"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113672",
        "url": "https://bugzilla.suse.com/1113672"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 974446",
        "url": "https://bugzilla.suse.com/974446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 974447",
        "url": "https://bugzilla.suse.com/974447"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 974448",
        "url": "https://bugzilla.suse.com/974448"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 983440",
        "url": "https://bugzilla.suse.com/983440"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8870 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8870/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3619 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3619/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3620 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3620/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3621 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3621/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-5319 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-5319/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9273 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9273/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17942 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17942/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9117 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9117/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9147 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9147/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12900 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18661 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18661/"
      }
    ],
    "title": "Security update for tiff",
    "tracking": {
      "current_release_date": "2018-11-23T16:06:18Z",
      "generator": {
        "date": "2018-11-23T16:06:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3879-1",
      "initial_release_date": "2018-11-23T16:06:18Z",
      "revision_history": [
        {
          "date": "2018-11-23T16:06:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-3.8.2-141.169.22.1.i586",
                "product": {
                  "name": "libtiff-devel-3.8.2-141.169.22.1.i586",
                  "product_id": "libtiff-devel-3.8.2-141.169.22.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-3.8.2-141.169.22.1.i586",
                "product": {
                  "name": "libtiff3-3.8.2-141.169.22.1.i586",
                  "product_id": "libtiff3-3.8.2-141.169.22.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-3.8.2-141.169.22.1.i586",
                "product": {
                  "name": "tiff-3.8.2-141.169.22.1.i586",
                  "product_id": "tiff-3.8.2-141.169.22.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-3.8.2-141.169.22.1.ia64",
                "product": {
                  "name": "libtiff-devel-3.8.2-141.169.22.1.ia64",
                  "product_id": "libtiff-devel-3.8.2-141.169.22.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-3.8.2-141.169.22.1.ia64",
                "product": {
                  "name": "libtiff3-3.8.2-141.169.22.1.ia64",
                  "product_id": "libtiff3-3.8.2-141.169.22.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-x86-3.8.2-141.169.22.1.ia64",
                "product": {
                  "name": "libtiff3-x86-3.8.2-141.169.22.1.ia64",
                  "product_id": "libtiff3-x86-3.8.2-141.169.22.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-3.8.2-141.169.22.1.ia64",
                "product": {
                  "name": "tiff-3.8.2-141.169.22.1.ia64",
                  "product_id": "tiff-3.8.2-141.169.22.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-3.8.2-141.169.22.1.ppc64",
                "product": {
                  "name": "libtiff-devel-3.8.2-141.169.22.1.ppc64",
                  "product_id": "libtiff-devel-3.8.2-141.169.22.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
                "product": {
                  "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
                  "product_id": "libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-3.8.2-141.169.22.1.ppc64",
                "product": {
                  "name": "libtiff3-3.8.2-141.169.22.1.ppc64",
                  "product_id": "libtiff3-3.8.2-141.169.22.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
                "product": {
                  "name": "libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
                  "product_id": "libtiff3-32bit-3.8.2-141.169.22.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-3.8.2-141.169.22.1.ppc64",
                "product": {
                  "name": "tiff-3.8.2-141.169.22.1.ppc64",
                  "product_id": "tiff-3.8.2-141.169.22.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-3.8.2-141.169.22.1.s390x",
                "product": {
                  "name": "libtiff-devel-3.8.2-141.169.22.1.s390x",
                  "product_id": "libtiff-devel-3.8.2-141.169.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
                "product": {
                  "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
                  "product_id": "libtiff-devel-32bit-3.8.2-141.169.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-3.8.2-141.169.22.1.s390x",
                "product": {
                  "name": "libtiff3-3.8.2-141.169.22.1.s390x",
                  "product_id": "libtiff3-3.8.2-141.169.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-32bit-3.8.2-141.169.22.1.s390x",
                "product": {
                  "name": "libtiff3-32bit-3.8.2-141.169.22.1.s390x",
                  "product_id": "libtiff3-32bit-3.8.2-141.169.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-3.8.2-141.169.22.1.s390x",
                "product": {
                  "name": "tiff-3.8.2-141.169.22.1.s390x",
                  "product_id": "tiff-3.8.2-141.169.22.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-3.8.2-141.169.22.1.x86_64",
                "product": {
                  "name": "libtiff-devel-3.8.2-141.169.22.1.x86_64",
                  "product_id": "libtiff-devel-3.8.2-141.169.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64",
                "product": {
                  "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64",
                  "product_id": "libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-3.8.2-141.169.22.1.x86_64",
                "product": {
                  "name": "libtiff3-3.8.2-141.169.22.1.x86_64",
                  "product_id": "libtiff3-3.8.2-141.169.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
                "product": {
                  "name": "libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
                  "product_id": "libtiff3-32bit-3.8.2-141.169.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-3.8.2-141.169.22.1.x86_64",
                "product": {
                  "name": "tiff-3.8.2-141.169.22.1.x86_64",
                  "product_id": "tiff-3.8.2-141.169.22.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-3.8.2-141.169.22.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586"
        },
        "product_reference": "libtiff-devel-3.8.2-141.169.22.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-3.8.2-141.169.22.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64"
        },
        "product_reference": "libtiff-devel-3.8.2-141.169.22.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-3.8.2-141.169.22.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64"
        },
        "product_reference": "libtiff-devel-3.8.2-141.169.22.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-3.8.2-141.169.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x"
        },
        "product_reference": "libtiff-devel-3.8.2-141.169.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-3.8.2-141.169.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64"
        },
        "product_reference": "libtiff-devel-3.8.2-141.169.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64"
        },
        "product_reference": "libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x"
        },
        "product_reference": "libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        },
        "product_reference": "libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-32bit-3.8.2-141.169.22.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64"
        },
        "product_reference": "libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-32bit-3.8.2-141.169.22.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x"
        },
        "product_reference": "libtiff3-32bit-3.8.2-141.169.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-32bit-3.8.2-141.169.22.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64"
        },
        "product_reference": "libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-x86-3.8.2-141.169.22.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64"
        },
        "product_reference": "libtiff3-x86-3.8.2-141.169.22.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-3.8.2-141.169.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64"
        },
        "product_reference": "libtiff3-3.8.2-141.169.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-32bit-3.8.2-141.169.22.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64"
        },
        "product_reference": "libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-32bit-3.8.2-141.169.22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x"
        },
        "product_reference": "libtiff3-32bit-3.8.2-141.169.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-32bit-3.8.2-141.169.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64"
        },
        "product_reference": "libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff3-x86-3.8.2-141.169.22.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64"
        },
        "product_reference": "libtiff3-x86-3.8.2-141.169.22.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-3.8.2-141.169.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64"
        },
        "product_reference": "tiff-3.8.2-141.169.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8870",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8870"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8870",
          "url": "https://www.suse.com/security/cve/CVE-2015-8870"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1014461 for CVE-2015-8870",
          "url": "https://bugzilla.suse.com/1014461"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2015-8870",
          "url": "https://bugzilla.suse.com/1150480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8870"
    },
    {
      "cve": "CVE-2016-3619",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3619"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c none\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3619",
          "url": "https://www.suse.com/security/cve/CVE-2016-3619"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040080 for CVE-2016-3619",
          "url": "https://bugzilla.suse.com/1040080"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2016-3619",
          "url": "https://bugzilla.suse.com/1150480"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 974446 for CVE-2016-3619",
          "url": "https://bugzilla.suse.com/974446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 974447 for CVE-2016-3619",
          "url": "https://bugzilla.suse.com/974447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 974448 for CVE-2016-3619",
          "url": "https://bugzilla.suse.com/974448"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3619"
    },
    {
      "cve": "CVE-2016-3620",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3620"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c zip\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3620",
          "url": "https://www.suse.com/security/cve/CVE-2016-3620"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040080 for CVE-2016-3620",
          "url": "https://bugzilla.suse.com/1040080"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2016-3620",
          "url": "https://bugzilla.suse.com/1150480"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 974447 for CVE-2016-3620",
          "url": "https://bugzilla.suse.com/974447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3620"
    },
    {
      "cve": "CVE-2016-3621",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3621"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c lzw\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3621",
          "url": "https://www.suse.com/security/cve/CVE-2016-3621"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040080 for CVE-2016-3621",
          "url": "https://bugzilla.suse.com/1040080"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2016-3621",
          "url": "https://bugzilla.suse.com/1150480"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 974448 for CVE-2016-3621",
          "url": "https://bugzilla.suse.com/974448"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3621"
    },
    {
      "cve": "CVE-2016-5319",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-5319"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-5319",
          "url": "https://www.suse.com/security/cve/CVE-2016-5319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074186 for CVE-2016-5319",
          "url": "https://bugzilla.suse.com/1074186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2016-5319",
          "url": "https://bugzilla.suse.com/1150480"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 983440 for CVE-2016-5319",
          "url": "https://bugzilla.suse.com/983440"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-5319"
    },
    {
      "cve": "CVE-2016-9273",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9273"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9273",
          "url": "https://www.suse.com/security/cve/CVE-2016-9273"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1010163 for CVE-2016-9273",
          "url": "https://bugzilla.suse.com/1010163"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1017693 for CVE-2016-9273",
          "url": "https://bugzilla.suse.com/1017693"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2016-9273",
          "url": "https://bugzilla.suse.com/1150480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9273"
    },
    {
      "cve": "CVE-2017-17942",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17942"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17942",
          "url": "https://www.suse.com/security/cve/CVE-2017-17942"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074186 for CVE-2017-17942",
          "url": "https://bugzilla.suse.com/1074186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2017-17942",
          "url": "https://bugzilla.suse.com/1150480"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 983440 for CVE-2017-17942",
          "url": "https://bugzilla.suse.com/983440"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17942"
    },
    {
      "cve": "CVE-2017-9117",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9117"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9117",
          "url": "https://www.suse.com/security/cve/CVE-2017-9117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040080 for CVE-2017-9117",
          "url": "https://bugzilla.suse.com/1040080"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2017-9117",
          "url": "https://bugzilla.suse.com/1150480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-9117"
    },
    {
      "cve": "CVE-2017-9147",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9147"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9147",
          "url": "https://www.suse.com/security/cve/CVE-2017-9147"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040322 for CVE-2017-9147",
          "url": "https://bugzilla.suse.com/1040322"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2017-9147",
          "url": "https://bugzilla.suse.com/1150480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-9147"
    },
    {
      "cve": "CVE-2018-12900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12900",
          "url": "https://www.suse.com/security/cve/CVE-2018-12900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099257 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1099257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125113 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1125113"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1150480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12900"
    },
    {
      "cve": "CVE-2018-18661",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18661"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18661",
          "url": "https://www.suse.com/security/cve/CVE-2018-18661"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113672 for CVE-2018-18661",
          "url": "https://bugzilla.suse.com/1113672"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.22.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-23T16:06:18Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-18661"
    }
  ]
}

SUSE-SU-2018:3911-1

Vulnerability from csaf_suse - Published: 2018-11-26 16:47 - Updated: 2018-11-26 16:47

Summary

Security update for tiff

Severity

Moderate

Notes

Title of the patch: Security update for tiff

Description of the patch: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging

Patchnames: SUSE-SLE-DESKTOP-12-SP3-2018-2782,SUSE-SLE-SDK-12-SP3-2018-2782,SUSE-SLE-SERVER-12-SP3-2018-2782

CVE-2018-12900

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-18557

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-18661

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64	—	Vendor Fix

Threats

Impact low

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1099257	self
https://bugzilla.suse.com/1113094	self
https://bugzilla.suse.com/1113672	self
https://www.suse.com/security/cve/CVE-2018-12900/	self
https://www.suse.com/security/cve/CVE-2018-18557/	self
https://www.suse.com/security/cve/CVE-2018-18661/	self
https://www.suse.com/security/cve/CVE-2018-12900	external
https://bugzilla.suse.com/1099257	external
https://bugzilla.suse.com/1125113	external
https://bugzilla.suse.com/1150480	external
https://www.suse.com/security/cve/CVE-2018-18557	external
https://bugzilla.suse.com/1113094	external
https://www.suse.com/security/cve/CVE-2018-18661	external
https://bugzilla.suse.com/1113672	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tiff",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tiff fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).                                                                                             \n- CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).                                                                               \n- CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).\n\nNon-security issues fixed:\n\n- asan_build: build ASAN included\n- debug_build: build more suitable for debugging\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP3-2018-2782,SUSE-SLE-SDK-12-SP3-2018-2782,SUSE-SLE-SERVER-12-SP3-2018-2782",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3911-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3911-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183911-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3911-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004890.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099257",
        "url": "https://bugzilla.suse.com/1099257"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113094",
        "url": "https://bugzilla.suse.com/1113094"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113672",
        "url": "https://bugzilla.suse.com/1113672"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12900 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18557 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18557/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18661 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18661/"
      }
    ],
    "title": "Security update for tiff",
    "tracking": {
      "current_release_date": "2018-11-26T16:47:06Z",
      "generator": {
        "date": "2018-11-26T16:47:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3911-1",
      "initial_release_date": "2018-11-26T16:47:06Z",
      "revision_history": [
        {
          "date": "2018-11-26T16:47:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-44.27.1.aarch64",
                "product": {
                  "name": "libtiff-devel-4.0.9-44.27.1.aarch64",
                  "product_id": "libtiff-devel-4.0.9-44.27.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-44.27.1.aarch64",
                "product": {
                  "name": "libtiff5-4.0.9-44.27.1.aarch64",
                  "product_id": "libtiff5-4.0.9-44.27.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-44.27.1.aarch64",
                "product": {
                  "name": "tiff-4.0.9-44.27.1.aarch64",
                  "product_id": "tiff-4.0.9-44.27.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-44.27.1.ppc64le",
                "product": {
                  "name": "libtiff-devel-4.0.9-44.27.1.ppc64le",
                  "product_id": "libtiff-devel-4.0.9-44.27.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-44.27.1.ppc64le",
                "product": {
                  "name": "libtiff5-4.0.9-44.27.1.ppc64le",
                  "product_id": "libtiff5-4.0.9-44.27.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-44.27.1.ppc64le",
                "product": {
                  "name": "tiff-4.0.9-44.27.1.ppc64le",
                  "product_id": "tiff-4.0.9-44.27.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-44.27.1.s390x",
                "product": {
                  "name": "libtiff-devel-4.0.9-44.27.1.s390x",
                  "product_id": "libtiff-devel-4.0.9-44.27.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-44.27.1.s390x",
                "product": {
                  "name": "libtiff5-4.0.9-44.27.1.s390x",
                  "product_id": "libtiff5-4.0.9-44.27.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-32bit-4.0.9-44.27.1.s390x",
                "product": {
                  "name": "libtiff5-32bit-4.0.9-44.27.1.s390x",
                  "product_id": "libtiff5-32bit-4.0.9-44.27.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-44.27.1.s390x",
                "product": {
                  "name": "tiff-4.0.9-44.27.1.s390x",
                  "product_id": "tiff-4.0.9-44.27.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-44.27.1.x86_64",
                "product": {
                  "name": "libtiff5-4.0.9-44.27.1.x86_64",
                  "product_id": "libtiff5-4.0.9-44.27.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
                "product": {
                  "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
                  "product_id": "libtiff5-32bit-4.0.9-44.27.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-44.27.1.x86_64",
                "product": {
                  "name": "libtiff-devel-4.0.9-44.27.1.x86_64",
                  "product_id": "libtiff-devel-4.0.9-44.27.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-44.27.1.x86_64",
                "product": {
                  "name": "tiff-4.0.9-44.27.1.x86_64",
                  "product_id": "tiff-4.0.9-44.27.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP3",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "libtiff-devel-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "libtiff-devel-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff-devel-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff-devel-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "tiff-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "tiff-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x"
        },
        "product_reference": "tiff-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "tiff-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "tiff-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "tiff-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x"
        },
        "product_reference": "tiff-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "tiff-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12900",
          "url": "https://www.suse.com/security/cve/CVE-2018-12900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099257 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1099257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125113 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1125113"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1150480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-26T16:47:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12900"
    },
    {
      "cve": "CVE-2018-18557",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18557"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18557",
          "url": "https://www.suse.com/security/cve/CVE-2018-18557"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113094 for CVE-2018-18557",
          "url": "https://bugzilla.suse.com/1113094"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-26T16:47:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-18557"
    },
    {
      "cve": "CVE-2018-18661",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18661"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18661",
          "url": "https://www.suse.com/security/cve/CVE-2018-18661"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113672 for CVE-2018-18661",
          "url": "https://bugzilla.suse.com/1113672"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-26T16:47:06Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-18661"
    }
  ]
}

SUSE-SU-2018:3911-2

Vulnerability from csaf_suse - Published: 2018-12-06 13:03 - Updated: 2018-12-06 13:03

Summary

Security update for tiff

Severity

Moderate

Notes

Title of the patch: Security update for tiff

Patchnames: SUSE-SLE-DESKTOP-12-SP4-2018-2782,SUSE-SLE-SDK-12-SP4-2018-2782,SUSE-SLE-SERVER-12-SP4-2018-2782

CVE-2018-12900

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-18557

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-18661

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64	—	Vendor Fix

Threats

Impact low

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1099257	self
https://bugzilla.suse.com/1113094	self
https://bugzilla.suse.com/1113672	self
https://www.suse.com/security/cve/CVE-2018-12900/	self
https://www.suse.com/security/cve/CVE-2018-18557/	self
https://www.suse.com/security/cve/CVE-2018-18661/	self
https://www.suse.com/security/cve/CVE-2018-12900	external
https://bugzilla.suse.com/1099257	external
https://bugzilla.suse.com/1125113	external
https://bugzilla.suse.com/1150480	external
https://www.suse.com/security/cve/CVE-2018-18557	external
https://bugzilla.suse.com/1113094	external
https://www.suse.com/security/cve/CVE-2018-18661	external
https://bugzilla.suse.com/1113672	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tiff",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tiff fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).                                                                                             \n- CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).                                                                               \n- CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).\n\nNon-security issues fixed:\n\n- asan_build: build ASAN included\n- debug_build: build more suitable for debugging\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP4-2018-2782,SUSE-SLE-SDK-12-SP4-2018-2782,SUSE-SLE-SERVER-12-SP4-2018-2782",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3911-2.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3911-2",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183911-2/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3911-2",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004931.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099257",
        "url": "https://bugzilla.suse.com/1099257"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113094",
        "url": "https://bugzilla.suse.com/1113094"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113672",
        "url": "https://bugzilla.suse.com/1113672"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12900 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18557 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18557/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18661 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18661/"
      }
    ],
    "title": "Security update for tiff",
    "tracking": {
      "current_release_date": "2018-12-06T13:03:37Z",
      "generator": {
        "date": "2018-12-06T13:03:37Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3911-2",
      "initial_release_date": "2018-12-06T13:03:37Z",
      "revision_history": [
        {
          "date": "2018-12-06T13:03:37Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-44.27.1.aarch64",
                "product": {
                  "name": "libtiff-devel-4.0.9-44.27.1.aarch64",
                  "product_id": "libtiff-devel-4.0.9-44.27.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-44.27.1.aarch64",
                "product": {
                  "name": "libtiff5-4.0.9-44.27.1.aarch64",
                  "product_id": "libtiff5-4.0.9-44.27.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-44.27.1.aarch64",
                "product": {
                  "name": "tiff-4.0.9-44.27.1.aarch64",
                  "product_id": "tiff-4.0.9-44.27.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-44.27.1.ppc64le",
                "product": {
                  "name": "libtiff-devel-4.0.9-44.27.1.ppc64le",
                  "product_id": "libtiff-devel-4.0.9-44.27.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-44.27.1.ppc64le",
                "product": {
                  "name": "libtiff5-4.0.9-44.27.1.ppc64le",
                  "product_id": "libtiff5-4.0.9-44.27.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-44.27.1.ppc64le",
                "product": {
                  "name": "tiff-4.0.9-44.27.1.ppc64le",
                  "product_id": "tiff-4.0.9-44.27.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-44.27.1.s390x",
                "product": {
                  "name": "libtiff-devel-4.0.9-44.27.1.s390x",
                  "product_id": "libtiff-devel-4.0.9-44.27.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-44.27.1.s390x",
                "product": {
                  "name": "libtiff5-4.0.9-44.27.1.s390x",
                  "product_id": "libtiff5-4.0.9-44.27.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-32bit-4.0.9-44.27.1.s390x",
                "product": {
                  "name": "libtiff5-32bit-4.0.9-44.27.1.s390x",
                  "product_id": "libtiff5-32bit-4.0.9-44.27.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-44.27.1.s390x",
                "product": {
                  "name": "tiff-4.0.9-44.27.1.s390x",
                  "product_id": "tiff-4.0.9-44.27.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-44.27.1.x86_64",
                "product": {
                  "name": "libtiff5-4.0.9-44.27.1.x86_64",
                  "product_id": "libtiff5-4.0.9-44.27.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
                "product": {
                  "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
                  "product_id": "libtiff5-32bit-4.0.9-44.27.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-44.27.1.x86_64",
                "product": {
                  "name": "libtiff-devel-4.0.9-44.27.1.x86_64",
                  "product_id": "libtiff-devel-4.0.9-44.27.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-44.27.1.x86_64",
                "product": {
                  "name": "tiff-4.0.9-44.27.1.x86_64",
                  "product_id": "tiff-4.0.9-44.27.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP4",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "libtiff-devel-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "libtiff-devel-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff-devel-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff-devel-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "tiff-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "tiff-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x"
        },
        "product_reference": "tiff-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
          "product_id": "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "tiff-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64"
        },
        "product_reference": "tiff-4.0.9-44.27.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le"
        },
        "product_reference": "tiff-4.0.9-44.27.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x"
        },
        "product_reference": "tiff-4.0.9-44.27.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-44.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64"
        },
        "product_reference": "tiff-4.0.9-44.27.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12900",
          "url": "https://www.suse.com/security/cve/CVE-2018-12900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099257 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1099257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125113 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1125113"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1150480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-12-06T13:03:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12900"
    },
    {
      "cve": "CVE-2018-18557",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18557"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18557",
          "url": "https://www.suse.com/security/cve/CVE-2018-18557"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113094 for CVE-2018-18557",
          "url": "https://bugzilla.suse.com/1113094"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-12-06T13:03:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-18557"
    },
    {
      "cve": "CVE-2018-18661",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18661"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18661",
          "url": "https://www.suse.com/security/cve/CVE-2018-18661"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113672 for CVE-2018-18661",
          "url": "https://bugzilla.suse.com/1113672"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-32bit-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libtiff5-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tiff-4.0.9-44.27.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP4:libtiff-devel-4.0.9-44.27.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-12-06T13:03:37Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-18661"
    }
  ]
}

SUSE-SU-2018:3925-1

Vulnerability from csaf_suse - Published: 2018-11-27 12:38 - Updated: 2018-11-27 12:38

Summary

Security update for tiff

Severity

Moderate

Notes

Title of the patch: Security update for tiff

Patchnames: SUSE-SLE-Module-Basesystem-15-2018-2793,SUSE-SLE-Module-Desktop-Applications-15-2018-2793,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2793,SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2793

CVE-2018-12900

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-18557

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-18661

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64	—	Vendor Fix

Threats

Impact low

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1099257	self
https://bugzilla.suse.com/1113094	self
https://bugzilla.suse.com/1113672	self
https://www.suse.com/security/cve/CVE-2018-12900/	self
https://www.suse.com/security/cve/CVE-2018-18557/	self
https://www.suse.com/security/cve/CVE-2018-18661/	self
https://www.suse.com/security/cve/CVE-2018-12900	external
https://bugzilla.suse.com/1099257	external
https://bugzilla.suse.com/1125113	external
https://bugzilla.suse.com/1150480	external
https://www.suse.com/security/cve/CVE-2018-18557	external
https://bugzilla.suse.com/1113094	external
https://www.suse.com/security/cve/CVE-2018-18661	external
https://bugzilla.suse.com/1113672	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tiff",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tiff fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).\n- CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).\n- CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).\n\nNon-security issues fixed:\n\n- asan_build: build ASAN included\n- debug_build: build more suitable for debugging\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Module-Basesystem-15-2018-2793,SUSE-SLE-Module-Desktop-Applications-15-2018-2793,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2793,SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2793",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3925-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3925-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183925-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3925-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004897.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099257",
        "url": "https://bugzilla.suse.com/1099257"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113094",
        "url": "https://bugzilla.suse.com/1113094"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113672",
        "url": "https://bugzilla.suse.com/1113672"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12900 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18557 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18557/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18661 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18661/"
      }
    ],
    "title": "Security update for tiff",
    "tracking": {
      "current_release_date": "2018-11-27T12:38:56Z",
      "generator": {
        "date": "2018-11-27T12:38:56Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3925-1",
      "initial_release_date": "2018-11-27T12:38:56Z",
      "revision_history": [
        {
          "date": "2018-11-27T12:38:56Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-5.17.1.aarch64",
                "product": {
                  "name": "libtiff-devel-4.0.9-5.17.1.aarch64",
                  "product_id": "libtiff-devel-4.0.9-5.17.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-5.17.1.aarch64",
                "product": {
                  "name": "libtiff5-4.0.9-5.17.1.aarch64",
                  "product_id": "libtiff5-4.0.9-5.17.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-5.17.1.aarch64",
                "product": {
                  "name": "tiff-4.0.9-5.17.1.aarch64",
                  "product_id": "tiff-4.0.9-5.17.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-5.17.1.ppc64le",
                "product": {
                  "name": "libtiff-devel-4.0.9-5.17.1.ppc64le",
                  "product_id": "libtiff-devel-4.0.9-5.17.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-5.17.1.ppc64le",
                "product": {
                  "name": "libtiff5-4.0.9-5.17.1.ppc64le",
                  "product_id": "libtiff5-4.0.9-5.17.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-5.17.1.ppc64le",
                "product": {
                  "name": "tiff-4.0.9-5.17.1.ppc64le",
                  "product_id": "tiff-4.0.9-5.17.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-5.17.1.s390x",
                "product": {
                  "name": "libtiff-devel-4.0.9-5.17.1.s390x",
                  "product_id": "libtiff-devel-4.0.9-5.17.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-5.17.1.s390x",
                "product": {
                  "name": "libtiff5-4.0.9-5.17.1.s390x",
                  "product_id": "libtiff5-4.0.9-5.17.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-5.17.1.s390x",
                "product": {
                  "name": "tiff-4.0.9-5.17.1.s390x",
                  "product_id": "tiff-4.0.9-5.17.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.9-5.17.1.x86_64",
                "product": {
                  "name": "libtiff-devel-4.0.9-5.17.1.x86_64",
                  "product_id": "libtiff-devel-4.0.9-5.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.9-5.17.1.x86_64",
                "product": {
                  "name": "libtiff5-4.0.9-5.17.1.x86_64",
                  "product_id": "libtiff5-4.0.9-5.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-32bit-4.0.9-5.17.1.x86_64",
                "product": {
                  "name": "libtiff5-32bit-4.0.9-5.17.1.x86_64",
                  "product_id": "libtiff5-32bit-4.0.9-5.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.9-5.17.1.x86_64",
                "product": {
                  "name": "tiff-4.0.9-5.17.1.x86_64",
                  "product_id": "tiff-4.0.9-5.17.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Desktop Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Desktop Applications 15",
                  "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-desktop-applications:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Package Hub 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Package Hub 15",
                  "product_id": "SUSE Linux Enterprise Module for Package Hub 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-5.17.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64"
        },
        "product_reference": "libtiff-devel-4.0.9-5.17.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-5.17.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le"
        },
        "product_reference": "libtiff-devel-4.0.9-5.17.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-5.17.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x"
        },
        "product_reference": "libtiff-devel-4.0.9-5.17.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.9-5.17.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64"
        },
        "product_reference": "libtiff-devel-4.0.9-5.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-5.17.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64"
        },
        "product_reference": "libtiff5-4.0.9-5.17.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-5.17.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le"
        },
        "product_reference": "libtiff5-4.0.9-5.17.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-5.17.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x"
        },
        "product_reference": "libtiff5-4.0.9-5.17.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.9-5.17.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64"
        },
        "product_reference": "libtiff5-4.0.9-5.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.9-5.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.9-5.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-5.17.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15",
          "product_id": "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64"
        },
        "product_reference": "tiff-4.0.9-5.17.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-5.17.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15",
          "product_id": "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le"
        },
        "product_reference": "tiff-4.0.9-5.17.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-5.17.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15",
          "product_id": "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x"
        },
        "product_reference": "tiff-4.0.9-5.17.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.9-5.17.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15",
          "product_id": "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
        },
        "product_reference": "tiff-4.0.9-5.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-12900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12900",
          "url": "https://www.suse.com/security/cve/CVE-2018-12900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099257 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1099257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125113 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1125113"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150480 for CVE-2018-12900",
          "url": "https://bugzilla.suse.com/1150480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-27T12:38:56Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12900"
    },
    {
      "cve": "CVE-2018-18557",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18557"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18557",
          "url": "https://www.suse.com/security/cve/CVE-2018-18557"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113094 for CVE-2018-18557",
          "url": "https://bugzilla.suse.com/1113094"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-27T12:38:56Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-18557"
    },
    {
      "cve": "CVE-2018-18661",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18661"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
          "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18661",
          "url": "https://www.suse.com/security/cve/CVE-2018-18661"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113672 for CVE-2018-18661",
          "url": "https://bugzilla.suse.com/1113672"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff-devel-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15:libtiff5-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:libtiff5-32bit-4.0.9-5.17.1.x86_64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.aarch64",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.s390x",
            "SUSE Linux Enterprise Module for Package Hub 15:tiff-4.0.9-5.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-27T12:38:56Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-18661"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12900 (GCVE-0-2018-12900)

SUSE-SU-2018:3879-1

SUSE-SU-2018:3911-1

SUSE-SU-2018:3911-2

SUSE-SU-2018:3925-1

Tags

Sightings

Nomenclature