DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2017-7602", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2017-7602", "description": "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", "published": "2017-04-09T14:59:00", "modified": "2018-03-22T01:29:00", "epss": [{"cve": "CVE-2017-7602", "epss": 0.01562, "percentile": 0.85315, "modified": "2023-06-05"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://security.alpinelinux.org/vuln/CVE-2017-7602", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2017-7602"], "immutableFields": [], "lastseen": "2023-06-23T11:06:49", "viewCount": 7, "enchantments": {"score": {"value": 7.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201704-10"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:B5964D2AB72D599E586D491432260541"]}, {"type": "cve", "idList": ["CVE-2017-7602"]}, {"type": "debian", "idList": ["DEBIAN:DLA-911-1:9A9B7", "DEBIAN:DLA-911-1:B5475", "DEBIAN:DSA-3844-1:F751B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-7602"]}, {"type": "fedora", "idList": ["FEDORA:2A37C6042817", "FEDORA:4AFEF606E602"]}, {"type": "freebsd", "idList": ["2A96E498-3234-4950-A9AD-419BC84A839D"]}, {"type": "gentoo", "idList": ["GLSA-201709-27"]}, {"type": "mageia", "idList": ["MGASA-2017-0199"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-911.NASL", "DEBIAN_DSA-3844.NASL", "EULEROS_SA-2019-2209.NASL", "EULEROS_SA-2019-2265.NASL", "EULEROS_SA-2019-2466.NASL", "EULEROS_SA-2020-1235.NASL", "EULEROS_SA-2020-1447.NASL", "FEDORA_2017-021BEBAE25.NASL", "FEDORA_2017-D95DACDFBF.NASL", "FREEBSD_PKG_2A96E49832344950A9AD419BC84A839D.NASL", "GENTOO_GLSA-201709-27.NASL", "OPENSUSE-2017-1118.NASL", "SUSE_SU-2017-2569-1.NASL", "SUSE_SU-2018-1472-1.NASL", "UBUNTU_USN-3602-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703844", "OPENVAS:1361412562310812582", "OPENVAS:1361412562310872566", "OPENVAS:1361412562310890911", "OPENVAS:1361412562311220192209", "OPENVAS:1361412562311220192265", "OPENVAS:1361412562311220192466", "OPENVAS:1361412562311220201235", "OPENVAS:1361412562311220201447", "OPENVAS:703844"]}, {"type": "osv", "idList": ["OSV:DLA-911-1", "OSV:DSA-3844-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-7602"]}, {"type": "ubuntu", "idList": ["USN-3602-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-7602"]}]}, "vulnersScore": 7.6}, "_state": {"score": 1687520033, "dependencies": 1687520033}, "_internal": {"score_hash": "1dd733cdf7add30b23b2fcfc3935ae3d"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.10-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.11-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.12-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.13-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.14-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.15-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.16-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.17-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.18-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.2-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.3-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.4-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.5-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.6-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.7-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.8-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}, {"OS": "Alpine", "OSVersion": "3.9-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.0.7-r2", "operator": "lt", "packageName": "tiff"}]}

{"cve": [{"lastseen": "2023-06-05T15:27:46", "description": "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-09T14:59:00", "type": "cve", "title": "CVE-2017-7602", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7602"], "modified": "2018-03-22T01:29:00", "cpe": ["cpe:/a:libtiff:libtiff:4.0.7"], "id": "CVE-2017-7602", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7602", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2021-09-02T22:50:34", "description": "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-11T14:19:46", "type": "redhatcve", "title": "CVE-2017-7602", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7602"], "modified": "2020-04-08T19:16:36", "id": "RH:CVE-2017-7602", "href": "https://access.redhat.com/security/cve/cve-2017-7602", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-28T14:28:16", "description": "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote\nattackers to cause a denial of service (application crash) or possibly have\nunspecified other impact via a crafted image.\n\n#### Bugs\n\n * <http://bugzilla.maptools.org/show_bug.cgi?id=2650>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | this will not be fixed in precise/esm\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-09T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7602", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7602"], "modified": "2017-04-09T00:00:00", "id": "UB:CVE-2017-7602", "href": "https://ubuntu.com/security/CVE-2017-7602", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-05T18:19:18", "description": "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-09T14:59:00", "type": "debiancve", "title": "CVE-2017-7602", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7602"], "modified": "2017-04-09T14:59:00", "id": "DEBIANCVE:CVE-2017-7602", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7602", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-15T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2017-021bebae25", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7597", "CVE-2017-7601", "CVE-2017-7600", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-7599", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872566", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2017-021bebae25\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872566\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-15 06:40:11 +0200 (Sat, 15 Apr 2017)\");\n script_cve_id(\"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\",\n \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\",\n \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libtiff FEDORA-2017-021bebae25\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-021bebae25\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY6E6YTV2NJNDBBKJDWYSU6SJDBUTPJA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.7~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:03", "description": "Multiple security issues have been found in the tiff image library\nthat may allow remote attackers to cause a denial of service\n(application crash), to obtain sensitive information from process\nmemory or possibly have unspecified other impact via a crafted image", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tiff (DLA-911-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7597", "CVE-2017-7601", "CVE-2017-7600", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-7599", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890911", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890911", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890911\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n script_name(\"Debian LTS: Security Advisory for tiff (DLA-911-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00030.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"tiff on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.0.2-6+deb7u12.\n\nWe recommend that you upgrade your tiff packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the tiff image library\nthat may allow remote attackers to cause a denial of service\n(application crash), to obtain sensitive information from process\nmemory or possibly have unspecified other impact via a crafted image\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.2-6+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.2-6+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.2-6+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff5\", ver:\"4.0.2-6+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff5-alt-dev\", ver:\"4.0.2-6+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.2-6+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiffxx5\", ver:\"4.0.2-6+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:57:54", "description": "Multiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service, memory\ndisclosure or the execution of arbitrary code.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3844-1 (tiff - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10266", "CVE-2017-7597", "CVE-2016-3658", "CVE-2016-10270", "CVE-2017-7601", "CVE-2016-9535", "CVE-2017-7600", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-7599", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2016-10267", "CVE-2017-5225"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703844", "href": "http://plugins.openvas.org/nasl.php?oid=703844", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3844.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3844-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703844);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-3658\", \"CVE-2016-9535\", \"CVE-2017-5225\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n script_name(\"Debian Security Advisory DSA 3844-1 (tiff - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-05-03 00:00:00 +0200 (Wed, 03 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3844.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tiff on Debian Linux\");\n script_tag(name: \"insight\", value: \"libtiff is a library providing support for the Tag Image File Format\n(TIFF), a widely used format for storing image data.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u3.\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.0.7-6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.7-6.\n\nWe recommend that you upgrade your tiff packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service, memory\ndisclosure or the execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev:i386\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev:amd64\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.3-12.3+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev:i386\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev:amd64\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.7-6\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:33:59", "description": "Multiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service, memory\ndisclosure or the execution of arbitrary code.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3844-1 (tiff - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10266", "CVE-2017-7597", "CVE-2016-3658", "CVE-2016-10270", "CVE-2017-7601", "CVE-2016-9535", "CVE-2017-7600", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-7599", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2016-10267", "CVE-2017-5225"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703844", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3844.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3844-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703844\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-3658\", \"CVE-2016-9535\", \"CVE-2017-5225\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n script_name(\"Debian Security Advisory DSA 3844-1 (tiff - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 00:00:00 +0200 (Wed, 03 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3844.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"tiff on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u3.\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.0.7-6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.7-6.\n\nWe recommend that you upgrade your tiff packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service, memory\ndisclosure or the execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-dev:i386\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-dev:amd64\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.3-12.3+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-dev:i386\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-dev:amd64\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.7-6\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for tiff USN-3602-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10266", "CVE-2017-9815", "CVE-2017-7597", "CVE-2016-10268", "CVE-2017-11335", "CVE-2016-10371", "CVE-2018-5784", "CVE-2017-7601", "CVE-2017-18013", "CVE-2017-7600", "CVE-2017-9936", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-9403", "CVE-2017-7599", "CVE-2017-12944", "CVE-2017-10688", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-9404", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2016-10267"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310812582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812582", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3602_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for tiff USN-3602-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812582\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-21 11:17:10 +0100 (Wed, 21 Mar 2018)\");\n script_cve_id(\"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10268\", \"CVE-2016-10269\",\n \"CVE-2016-10371\", \"CVE-2017-10688\", \"CVE-2017-11335\", \"CVE-2017-12944\",\n \"CVE-2017-13726\", \"CVE-2017-13727\", \"CVE-2017-18013\", \"CVE-2017-7592\",\n \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\",\n \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\",\n \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9403\", \"CVE-2017-9404\",\n \"CVE-2017-9815\", \"CVE-2017-9936\", \"CVE-2018-5784\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tiff USN-3602-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tiff'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that LibTIFF incorrectly\nhandled certain malformed images. If a user or automated system were tricked into\nopening a specially crafted image, a remote attacker could crash the application,\nleading to a denial of service, or possibly execute arbitrary code with user\nprivileges.\");\n script_tag(name:\"affected\", value:\"tiff on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3602-1\");\n script_xref(name:\"URL\", value:\"https://usn.ubuntu.com/usn/usn-3602-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.3-7ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.3-7ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.3-7ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.6-1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.6-1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.6-1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:45", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-3622", "CVE-2016-10266", "CVE-2017-7597", "CVE-2016-10268", "CVE-2018-8905", "CVE-2016-10272", "CVE-2016-9539", "CVE-2016-10270", "CVE-2016-10371", "CVE-2017-7601", "CVE-2016-3186", "CVE-2017-7600", "CVE-2017-9936", "CVE-2016-9538", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-9403", "CVE-2017-7599", "CVE-2017-12944", "CVE-2017-10688", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2016-10267", "CVE-2016-9273", "CVE-2018-7456"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192265", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2265\");\n script_version(\"2020-01-23T12:43:17+0000\");\n script_cve_id(\"CVE-2016-10092\", \"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10268\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-10272\", \"CVE-2016-10371\", \"CVE-2016-3186\", \"CVE-2016-3622\", \"CVE-2016-9273\", \"CVE-2016-9538\", \"CVE-2016-9539\", \"CVE-2017-10688\", \"CVE-2017-12944\", \"CVE-2017-13726\", \"CVE-2017-13727\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9403\", \"CVE-2017-9936\", \"CVE-2018-7456\", \"CVE-2018-8905\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:43:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:43:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2265)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2265\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2265\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2019-2265 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13727)\n\nThe putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7592)\n\ntif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.(CVE-2017-7593)\n\nThe OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.(CVE-2017-7594)\n\nThe JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7595)\n\nLibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7596)\n\ntif_dirread.c in LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7597)\n\nLibTIFF 4.0.7 has an 'outside the range of representable values of type short' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7599)\n\nLibTIFF 4.0.7 has an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7600)\n\ntif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7598)\n\nLibTIFF 4.0.7 has a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7601)\n\nLibTIFF 4.0.7 has a signed ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h14\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~4.0.3~27.h14\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-3622", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-18557", "CVE-2016-10266", "CVE-2016-3623", "CVE-2019-14973", "CVE-2016-5318", "CVE-2017-7597", "CVE-2016-10268", "CVE-2018-8905", "CVE-2017-9117", "CVE-2016-10272", "CVE-2016-9539", "CVE-2016-10270", "CVE-2016-10371", "CVE-2017-7601", "CVE-2017-7600", "CVE-2016-5323", "CVE-2017-9936", "CVE-2016-9538", "CVE-2017-7594", "CVE-2017-7592", "CVE-2018-17101", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-9403", "CVE-2018-18661", "CVE-2017-7599", "CVE-2016-3624", "CVE-2017-12944", "CVE-2017-10688", "CVE-2017-13726", "CVE-2016-5102", "CVE-2017-13727", "CVE-2017-7598", "CVE-2016-5321", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2018-17100", "CVE-2016-10267", "CVE-2016-9273", "CVE-2017-9147", "CVE-2018-7456"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192209", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2209\");\n script_version(\"2020-01-23T12:39:15+0000\");\n script_cve_id(\"CVE-2016-10092\", \"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10268\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-10272\", \"CVE-2016-10371\", \"CVE-2016-3622\", \"CVE-2016-3623\", \"CVE-2016-3624\", \"CVE-2016-5102\", \"CVE-2016-5318\", \"CVE-2016-5321\", \"CVE-2016-5323\", \"CVE-2016-9273\", \"CVE-2016-9538\", \"CVE-2016-9539\", \"CVE-2017-10688\", \"CVE-2017-12944\", \"CVE-2017-13726\", \"CVE-2017-13727\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9117\", \"CVE-2017-9147\", \"CVE-2017-9403\", \"CVE-2017-9936\", \"CVE-2018-10779\", \"CVE-2018-10963\", \"CVE-2018-17100\", \"CVE-2018-17101\", \"CVE-2018-18557\", \"CVE-2018-18661\", \"CVE-2018-7456\", \"CVE-2018-8905\", \"CVE-2019-14973\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:39:15 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:39:15 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2209)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2209\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2209\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2019-2209 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.(CVE-2016-5323)\n\nThe cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the '-v' option to -1.(CVE-2016-3624)\n\nThe rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.(CVE-2016-3623)\n\nAn issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)\n\nAn issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101)\n\nLibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557)\n\nIn LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)\n\ntools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\nHeap-based buffer over ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h22.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~4.0.3~27.h22.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T16:55:15", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2020-1235)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-3622", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-18557", "CVE-2016-10266", "CVE-2016-3623", "CVE-2019-14973", "CVE-2016-5318", "CVE-2017-7597", "CVE-2016-10268", "CVE-2018-8905", "CVE-2017-9117", "CVE-2016-10272", "CVE-2016-9539", "CVE-2016-10270", "CVE-2016-10371", "CVE-2017-7601", "CVE-2017-7600", "CVE-2016-5323", "CVE-2017-9936", "CVE-2016-9538", "CVE-2017-7594", "CVE-2017-7592", "CVE-2018-17101", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-9403", "CVE-2018-18661", "CVE-2017-7599", "CVE-2016-3624", "CVE-2017-12944", "CVE-2017-10688", "CVE-2017-13726", "CVE-2016-5102", "CVE-2017-13727", "CVE-2017-7598", "CVE-2016-5321", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2018-17100", "CVE-2016-10267", "CVE-2016-9273", "CVE-2019-17546", "CVE-2017-9147", "CVE-2018-7456"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201235", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1235\");\n script_version(\"2020-03-13T07:16:30+0000\");\n script_cve_id(\"CVE-2016-10092\", \"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10268\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-10272\", \"CVE-2016-10371\", \"CVE-2016-3622\", \"CVE-2016-3623\", \"CVE-2016-3624\", \"CVE-2016-5102\", \"CVE-2016-5318\", \"CVE-2016-5321\", \"CVE-2016-5323\", \"CVE-2016-9273\", \"CVE-2016-9538\", \"CVE-2016-9539\", \"CVE-2017-10688\", \"CVE-2017-12944\", \"CVE-2017-13726\", \"CVE-2017-13727\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9117\", \"CVE-2017-9147\", \"CVE-2017-9403\", \"CVE-2017-9936\", \"CVE-2018-10779\", \"CVE-2018-10963\", \"CVE-2018-17100\", \"CVE-2018-17101\", \"CVE-2018-18557\", \"CVE-2018-18661\", \"CVE-2018-7456\", \"CVE-2018-8905\", \"CVE-2019-14973\", \"CVE-2019-17546\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:16:30 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:16:30 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2020-1235)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1235\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1235\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2020-1235 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.(CVE-2016-5323)\n\nThe cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the '-v' option to -1.(CVE-2016-3624)\n\nThe rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.(CVE-2016-3623)\n\nLibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557)\n\nAn issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101)\n\nAn issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)\n\nIn LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\ntools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\nHeap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.(C ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h22\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T16:54:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2020-1447)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-3622", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-18557", "CVE-2016-10266", "CVE-2016-3623", "CVE-2017-17095", "CVE-2019-14973", "CVE-2016-5318", "CVE-2017-7597", "CVE-2016-10268", "CVE-2018-8905", "CVE-2017-9117", "CVE-2016-10272", "CVE-2016-9539", "CVE-2016-10270", "CVE-2016-10371", "CVE-2017-7601", "CVE-2017-7600", "CVE-2016-5323", "CVE-2017-9936", "CVE-2016-9538", "CVE-2017-7594", "CVE-2017-7592", "CVE-2018-17101", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-9403", "CVE-2018-18661", "CVE-2017-7599", "CVE-2016-3624", "CVE-2017-12944", "CVE-2017-10688", "CVE-2017-13726", "CVE-2016-5102", "CVE-2017-13727", "CVE-2017-7598", "CVE-2016-5321", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2018-17100", "CVE-2016-10267", "CVE-2016-9273", "CVE-2019-17546", "CVE-2017-9147", "CVE-2018-7456"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201447", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201447", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1447\");\n script_version(\"2020-04-16T05:54:04+0000\");\n script_cve_id(\"CVE-2016-10092\", \"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10268\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-10272\", \"CVE-2016-10371\", \"CVE-2016-3622\", \"CVE-2016-3623\", \"CVE-2016-3624\", \"CVE-2016-5102\", \"CVE-2016-5318\", \"CVE-2016-5321\", \"CVE-2016-5323\", \"CVE-2016-9273\", \"CVE-2016-9538\", \"CVE-2016-9539\", \"CVE-2017-10688\", \"CVE-2017-12944\", \"CVE-2017-13726\", \"CVE-2017-13727\", \"CVE-2017-17095\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9117\", \"CVE-2017-9147\", \"CVE-2017-9403\", \"CVE-2017-9936\", \"CVE-2018-10779\", \"CVE-2018-10963\", \"CVE-2018-17100\", \"CVE-2018-17101\", \"CVE-2018-18557\", \"CVE-2018-18661\", \"CVE-2018-7456\", \"CVE-2018-8905\", \"CVE-2019-14973\", \"CVE-2019-17546\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:54:04 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:54:04 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2020-1447)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1447\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1447\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2020-1447 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.(CVE-2017-17095)\n\nThe _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.(CVE-2016-5323)\n\nThe cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the '-v' option to -1.(CVE-2016-3624)\n\nThe rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.(CVE-2016-3623)\n\nLibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557)\n\nAn issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101)\n\nAn issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)\n\nIn LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\nLibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\ntools/tiffcp.c in LibTIFF 4.0.7 allows remote ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h22.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-3622", "CVE-2018-10963", "CVE-2018-18557", "CVE-2016-10266", "CVE-2016-3623", "CVE-2019-14973", "CVE-2016-5318", "CVE-2019-6128", "CVE-2017-7597", "CVE-2016-10268", "CVE-2018-8905", "CVE-2017-9117", "CVE-2016-10272", "CVE-2016-9539", "CVE-2016-10270", "CVE-2016-10371", "CVE-2017-7601", "CVE-2016-3186", "CVE-2017-7600", "CVE-2016-5323", "CVE-2017-9936", "CVE-2016-9538", "CVE-2017-7594", "CVE-2018-19210", "CVE-2017-7592", "CVE-2018-17101", "CVE-2016-6223", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-9403", "CVE-2018-18661", "CVE-2017-7599", "CVE-2016-3624", "CVE-2017-12944", "CVE-2019-7663", "CVE-2017-10688", "CVE-2016-9532", "CVE-2017-13726", "CVE-2017-16232", "CVE-2018-12900", "CVE-2016-5102", "CVE-2017-13727", "CVE-2017-7598", "CVE-2017-5563", "CVE-2016-5321", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2018-17100", "CVE-2016-10267", "CVE-2016-9273", "CVE-2019-17546", "CVE-2017-9147"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192466", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192466", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2466\");\n script_version(\"2020-01-23T12:59:35+0000\");\n script_cve_id(\"CVE-2016-10092\", \"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10268\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-10272\", \"CVE-2016-10371\", \"CVE-2016-3186\", \"CVE-2016-3622\", \"CVE-2016-3623\", \"CVE-2016-3624\", \"CVE-2016-5102\", \"CVE-2016-5318\", \"CVE-2016-5321\", \"CVE-2016-5323\", \"CVE-2016-6223\", \"CVE-2016-9273\", \"CVE-2016-9532\", \"CVE-2016-9538\", \"CVE-2016-9539\", \"CVE-2017-10688\", \"CVE-2017-12944\", \"CVE-2017-13726\", \"CVE-2017-13727\", \"CVE-2017-16232\", \"CVE-2017-5563\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9117\", \"CVE-2017-9147\", \"CVE-2017-9403\", \"CVE-2017-9936\", \"CVE-2018-10963\", \"CVE-2018-12900\", \"CVE-2018-17100\", \"CVE-2018-17101\", \"CVE-2018-18557\", \"CVE-2018-18661\", \"CVE-2018-19210\", \"CVE-2018-8905\", \"CVE-2019-14973\", \"CVE-2019-17546\", \"CVE-2019-6128\", \"CVE-2019-7663\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:59:35 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:59:35 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2466)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2466\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2466\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2019-2466 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13727)\n\nThe putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7592)\n\nAn issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)\n\ntif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.(CVE-2017-7593)\n\nThe OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.(CVE-2017-7594)\n\nThe JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7595)\n\nLibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7596)\n\ntif_dirread.c in LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7597)\n\nLibTIFF 4.0.7 has an 'outside the range of representable values of type short' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7599)\n\nLibTIFF 4.0.7 has an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7600)\n\ntif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7598)\n\nLibTIFF 4.0.7 has a 'shift exponent too large for 6 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~4.0.3~27.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-14T17:24:35", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: libtiff-4.0.7-5.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2017-04-14T17:24:35", "id": "FEDORA:4AFEF606E602", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YSX46XMIA34YREHKQOUGR2HDXPEUWNVH/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-14T22:50:57", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libtiff-4.0.7-5.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2017-04-14T22:50:57", "id": "FEDORA:2A37C6042817", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QY6E6YTV2NJNDBBKJDWYSU6SJDBUTPJA/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T13:38:39", "description": "Package : tiff\nVersion : 4.0.2-6+deb7u12\nCVE ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594\n CVE-2017-7595 CVE-2017-7596 CVE-2017-7597\n CVE-2017-7598 CVE-2017-7599 CVE-2017-7600\n CVE-2017-7601 CVE-2017-7602\nDebian Bug : 859998 860000 860001 860003\n\nMultiple security issues have been found in the tiff image library\nthat may allow remote attackers to cause a denial of service\n(application crash), to obtain sensitive information from process\nmemory or possibly have unspecified other impact via a crafted image\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n4.0.2-6+deb7u12.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-24T09:30:12", "type": "debian", "title": "[SECURITY] [DLA 911-1] tiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2017-04-24T09:30:12", "id": "DEBIAN:DLA-911-1:9A9B7", "href": "https://lists.debian.org/debian-lts-announce/2017/04/msg00030.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-08T04:42:49", "description": "Package : tiff\nVersion : 4.0.2-6+deb7u12\nCVE ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594\n CVE-2017-7595 CVE-2017-7596 CVE-2017-7597\n CVE-2017-7598 CVE-2017-7599 CVE-2017-7600\n CVE-2017-7601 CVE-2017-7602\nDebian Bug : 859998 860000 860001 860003\n\nMultiple security issues have been found in the tiff image library\nthat may allow remote attackers to cause a denial of service\n(application crash), to obtain sensitive information from process\nmemory or possibly have unspecified other impact via a crafted image\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n4.0.2-6+deb7u12.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-24T09:30:12", "type": "debian", "title": "[SECURITY] [DLA 911-1] tiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2017-04-24T09:30:12", "id": "DEBIAN:DLA-911-1:B5475", "href": "https://lists.debian.org/debian-lts-announce/2017/04/msg00030.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-04T15:34:04", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3844-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 03, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tiff\nCVE ID : CVE-2016-3658 CVE-2016-9535 CVE-2016-10266\n CVE-2016-10267 CVE-2016-10269 CVE-2016-10270\n\t\t CVE-2017-5225 CVE-2017-7592 CVE-2017-7593\n\t\t CVE-2017-7594 CVE-2017-7595 CVE-2017-7596\n\t\t CVE-2017-7597 CVE-2017-7598 CVE-2017-7599\n\t\t CVE-2017-7600 CVE-2017-7601 CVE-2017-7602\n\nMultiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service, memory\ndisclosure or the execution of arbitrary code.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u3.\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.0.7-6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.7-6.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-03T21:06:19", "type": "debian", "title": "[SECURITY] [DSA 3844-1] tiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-3658", "CVE-2016-9535", "CVE-2017-5225", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2017-05-03T21:06:19", "id": "DEBIAN:DSA-3844-1:F751B", "href": "https://lists.debian.org/debian-security-announce/2017/msg00103.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:12:13", "description": "Multiple security issues have been found in the tiff image library that may allow remote attackers to cause a denial of service (application crash), to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted image\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 4.0.2-6+deb7u12.\n\nWe recommend that you upgrade your tiff packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "nessus", "title": "Debian DLA-911-1 : tiff security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libtiff-doc", "p-cpe:/a:debian:debian_linux:libtiff-opengl", "p-cpe:/a:debian:debian_linux:libtiff-tools", "p-cpe:/a:debian:debian_linux:libtiff5", "p-cpe:/a:debian:debian_linux:libtiff5-alt-dev", "p-cpe:/a:debian:debian_linux:libtiff5-dev", "p-cpe:/a:debian:debian_linux:libtiffxx5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-911.NASL", "href": "https://www.tenable.com/plugins/nessus/99636", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-911-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99636);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n\n script_name(english:\"Debian DLA-911-1 : tiff security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the tiff image library\nthat may allow remote attackers to cause a denial of service\n(application crash), to obtain sensitive information from process\nmemory or possibly have unspecified other impact via a crafted image\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.0.2-6+deb7u12.\n\nWe recommend that you upgrade your tiff packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tiff\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff5-alt-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiffxx5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-doc\", reference:\"4.0.2-6+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-opengl\", reference:\"4.0.2-6+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-tools\", reference:\"4.0.2-6+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5\", reference:\"4.0.2-6+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5-alt-dev\", reference:\"4.0.2-6+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5-dev\", reference:\"4.0.2-6+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiffxx5\", reference:\"4.0.2-6+deb7u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:11", "description": "Security fix for :\n\n - **CVE-2017-7592**\n\n - **CVE-2017-7593**\n\n - **CVE-2017-7594**\n\n - **CVE-2017-7595**\n\n - **CVE-2017-7596**\n\n - **CVE-2017-7597**\n\n - **CVE-2017-7598**\n\n - **CVE-2017-7599**\n\n - **CVE-2017-7600**\n\n - **CVE-2017-7601**\n\n - **CVE-2017-7602**\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : libtiff (2017-d95dacdfbf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-D95DACDFBF.NASL", "href": "https://www.tenable.com/plugins/nessus/101733", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-d95dacdfbf.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101733);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n script_xref(name:\"FEDORA\", value:\"2017-d95dacdfbf\");\n\n script_name(english:\"Fedora 26 : libtiff (2017-d95dacdfbf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for :\n\n - **CVE-2017-7592**\n\n - **CVE-2017-7593**\n\n - **CVE-2017-7594**\n\n - **CVE-2017-7595**\n\n - **CVE-2017-7596**\n\n - **CVE-2017-7597**\n\n - **CVE-2017-7598**\n\n - **CVE-2017-7599**\n\n - **CVE-2017-7600**\n\n - **CVE-2017-7601**\n\n - **CVE-2017-7602**\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d95dacdfbf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libtiff-4.0.7-5.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:38", "description": "Security fix for :\n\n - **CVE-2017-7592**\n\n - **CVE-2017-7593**\n\n - **CVE-2017-7594**\n\n - **CVE-2017-7595**\n\n - **CVE-2017-7596**\n\n - **CVE-2017-7597**\n\n - **CVE-2017-7598**\n\n - **CVE-2017-7599**\n\n - **CVE-2017-7600**\n\n - **CVE-2017-7601**\n\n - **CVE-2017-7602**\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-17T00:00:00", "type": "nessus", "title": "Fedora 25 : libtiff (2017-021bebae25)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-021BEBAE25.NASL", "href": "https://www.tenable.com/plugins/nessus/99404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-021bebae25.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99404);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n script_xref(name:\"FEDORA\", value:\"2017-021bebae25\");\n\n script_name(english:\"Fedora 25 : libtiff (2017-021bebae25)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for :\n\n - **CVE-2017-7592**\n\n - **CVE-2017-7593**\n\n - **CVE-2017-7594**\n\n - **CVE-2017-7595**\n\n - **CVE-2017-7596**\n\n - **CVE-2017-7597**\n\n - **CVE-2017-7598**\n\n - **CVE-2017-7599**\n\n - **CVE-2017-7600**\n\n - **CVE-2017-7601**\n\n - **CVE-2017-7602**\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-021bebae25\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"libtiff-4.0.7-5.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:54", "description": "NVD reports :\n\nPlease reference CVE/URL list for details", "cvss3": {}, "published": "2017-04-21T00:00:00", "type": "nessus", "title": "FreeBSD : tiff -- multiple vulnerabilities (2a96e498-3234-4950-a9ad-419bc84a839d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5225", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-tiff", "p-cpe:/a:freebsd:freebsd:linux-c7-tiff", "p-cpe:/a:freebsd:freebsd:linux-f10-tiff", "p-cpe:/a:freebsd:freebsd:linux-f8-tiff", "p-cpe:/a:freebsd:freebsd:tiff", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2A96E49832344950A9AD419BC84A839D.NASL", "href": "https://www.tenable.com/plugins/nessus/99551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99551);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-5225\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n\n script_name(english:\"FreeBSD : tiff -- multiple vulnerabilities (2a96e498-3234-4950-a9ad-419bc84a839d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NVD reports :\n\nPlease reference CVE/URL list for details\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/5c080298d59e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/48780b4fcc42\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/d60332057b95\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/2ea32f7372b6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/8283e4d1b7e5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/47f2fb61a3a6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/3cfd62d77c2a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/3144e57770c1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/0a76a8c765c7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/vadz/libtiff/commit/66e7bd595209\"\n );\n # https://vuxml.freebsd.org/freebsd/2a96e498-3234-4950-a9ad-419bc84a839d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e70bea5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c7-tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f8-tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tiff<4.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f8-tiff<4.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-tiff<4.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-tiff<4.0.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c7-tiff<4.0.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:13", "description": "This update for tiff to version 4.0.8 fixes a several bugs and security issues :\n\nThese security issues were fixed :\n\n - CVE-2017-7595: The JPEGSetupEncode function allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033127).\n\n - CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file (bsc#1038438).\n\n - CVE-2017-7598: Error in tif_dirread.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033118).\n\n - CVE-2017-7596: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033126).\n\n - CVE-2017-7597: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033120).\n\n - CVE-2017-7599: Undefined behavior because of shorts outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033113).\n\n - CVE-2017-7600: Undefined behavior because of chars outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033112).\n\n - CVE-2017-7601: Because of a shift exponent too large for 64-bit type long undefined behavior was caused, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033111).\n\n - CVE-2017-7602: Prevent signed integer overflow, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033109).\n\n - CVE-2017-7592: The putagreytile function had a left-shift undefined behavior issue, which might allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033131).\n\n - CVE-2017-7593: Ensure that tif_rawdata is properly initialized, to prevent remote attackers to obtain sensitive information from process memory via a crafted image (bsc#1033129).\n\n - CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function allowed remote attackers to cause a denial of service (memory leak) via a crafted image (bsc#1033128).\n\n - CVE-2017-9403: Prevent memory leak in function TIFFReadDirEntryLong8Array, which allowed attackers to cause a denial of service via a crafted file (bsc#1042805).\n\n - CVE-2017-9404: Fixed memory leak vulnerability in function OJPEGReadHeaderInfoSecTablesQTable, which allowed attackers to cause a denial of service via a crafted file (bsc#1042804).\n\nThese various other issues were fixed :\n\n - Fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer division by zero. Reported by Agostino Sarubbo.\n\n - fix heap-based buffer overflow on generation of PixarLog / LUV compressed files, with ColorMap, TransferFunction attached and nasty plays with bitspersample. The fix for LUV has not been tested, but suffers from the same kind of issue of PixarLog.\n\n - modify ChopUpSingleUncompressedStrip() to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on the total size of data. Which is faulty is the total size of data is not sufficient to fill the whole image, and thus results in reading outside of the StripByCounts/StripOffsets arrays when using TIFFReadScanline()\n\n - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues.\n\n - fix misleading indentation as warned by GCC.\n\n - revert change done on 2016-01-09 that made Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the binary. It happens that the Hylafax software uses the tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable), although they are not in a public libtiff header.\n\n - add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants of the functions without ext, with an extra argument to control the stop_on_error behaviour.\n\n - fix potential memory leaks in error code path of TIFFRGBAImageBegin().\n\n - increase libjpeg max memory usable to 10 MB instead of libjpeg 1MB default. This helps when creating files with 'big' tile, without using libjpeg temporary files.\n\n - add _TIFFcalloc()\n\n - return 0 in Encode functions instead of -1 when TIFFFlushData1() fails.\n\n - only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling tag is not explicitly present. This helps a bit to reduce the I/O amount when the tag is present (especially on cloud hosted files).\n\n - in LZWPostEncode(), increase, if necessary, the code bit-width after flushing the remaining code and before emitting the EOI code.\n\n - fix memory leak in error code path of PixarLogSetupDecode().\n\n - fix potential memory leak in OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable\n\n - avoid crash in Fax3Close() on empty file.\n\n - TIFFFillStrip(): add limitation to the number of bytes read in case td_stripbytecount[strip] is bigger than reasonable, so as to avoid excessive memory allocation.\n\n - fix memory leak when the underlying codec (ZIP, PixarLog) succeeds its setupdecode() method, but PredictorSetup fails.\n\n - TIFFFillStrip() and TIFFFillTile(): avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds and non-mapped cases.\n\n - TIFFFillStripPartial() / TIFFSeek(), avoid potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode.\n\n - avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds.\n\n - update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with tif_rawdataloaded when calling TIFFStartStrip() or TIFFFillStripPartial(). \n\n - avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes\n\n - avoid potential int32 overflows in multiply_ms() and add_ms().\n\n - fix out-of-buffer read in PackBitsDecode() Fixes\n\n - LogL16InitState(): avoid excessive memory allocation when RowsPerStrip tag is missing.\n\n - update dec_bitsleft at beginning of LZWDecode(), and update tif_rawcc at end of LZWDecode(). This is needed to properly work with the latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode.\n\n - PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc with avail_in at beginning and end of function, similarly to what is done in LZWDecode().\n Likely needed so that it works properly with latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode.\n\n - initYCbCrConversion(): add basic validation of luma and refBlackWhite coefficients (just check they are not NaN for now), to avoid potential float to int overflows.\n\n - _TIFFVSetField(): fix outside range cast of double to float.\n\n - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero\n\n - _TIFFVSetField(): fix outside range cast of double to float.\n\n - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero.\n\n - initYCbCrConversion(): stricter validation for refBlackWhite coefficients values.\n\n - avoid uint32 underflow in cpDecodedStrips that can cause various issues, such as buffer overflows in the library.\n\n - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the output buffer is correctly incremented to avoid write outside bounds.\n\n - add 3 extra bytes at end of strip buffer in readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer.\n\n - fix integer division by zero when BitsPerSample is missing.\n\n - fix NULL pointer dereference in -r mode when the image has no StripByteCount tag.\n\n - avoid potential division by zero is BitsPerSamples tag is missing.\n\n - when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit the return number of inks to SamplesPerPixel, so that code that parses ink names doesn't go past the end of the buffer.\n\n - avoid potential division by zero is BitsPerSamples tag is missing.\n\n - fix uint32 underflow/overflow that can cause heap-based buffer overflow.\n\n - replace assert( (bps % 8) == 0 ) by a non assert check.\n\n - fix 2 heap-based buffer overflows (in PSDataBW and PSDataColorContig).\n\n - prevent heap-based buffer overflow in -j mode on a paletted image.\n\n - fix wrong usage of memcpy() that can trigger unspecified behaviour.\n\n - avoid potential invalid memory read in t2p_writeproc.\n\n - avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile().\n\n - remove extraneous TIFFClose() in error code path, that caused double free.\n\n - error out cleanly in cpContig2SeparateByRow and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow.\n\n - avoid integer division by zero.\n\n - call TIFFClose() in error code paths.\n\n - emit appropriate message if the input file is empty.\n\n - close TIFF handle in error code path.\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-10-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tiff (openSUSE-2017-1118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10371", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9403", "CVE-2017-9404"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit", "p-cpe:/a:novell:opensuse:libtiff5", "p-cpe:/a:novell:opensuse:libtiff5-32bit", "p-cpe:/a:novell:opensuse:libtiff5-debuginfo", "p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:tiff", "p-cpe:/a:novell:opensuse:tiff-debuginfo", "p-cpe:/a:novell:opensuse:tiff-debugsource", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1118.NASL", "href": "https://www.tenable.com/plugins/nessus/103658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1118.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103658);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10371\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9403\", \"CVE-2017-9404\");\n\n script_name(english:\"openSUSE Security Update : tiff (openSUSE-2017-1118)\");\n script_summary(english:\"Check for the openSUSE-2017-1118 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tiff to version 4.0.8 fixes a several bugs and\nsecurity issues :\n\nThese security issues were fixed :\n\n - CVE-2017-7595: The JPEGSetupEncode function allowed\n remote attackers to cause a denial of service\n (divide-by-zero error and application crash) via a\n crafted image (bsc#1033127).\n\n - CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational\n function allowed remote attackers to cause a denial of\n service (assertion failure and application exit) via a\n crafted TIFF file (bsc#1038438).\n\n - CVE-2017-7598: Error in tif_dirread.c allowed remote\n attackers to cause a denial of service (divide-by-zero\n error and application crash) via a crafted image\n (bsc#1033118).\n\n - CVE-2017-7596: Undefined behavior because of floats\n outside their expected value range, which allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image (bsc#1033126).\n\n - CVE-2017-7597: Undefined behavior because of floats\n outside their expected value range, which allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image (bsc#1033120).\n\n - CVE-2017-7599: Undefined behavior because of shorts\n outside their expected value range, which allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image (bsc#1033113).\n\n - CVE-2017-7600: Undefined behavior because of chars\n outside their expected value range, which allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image (bsc#1033112).\n\n - CVE-2017-7601: Because of a shift exponent too large for\n 64-bit type long undefined behavior was caused, which\n allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image (bsc#1033111).\n\n - CVE-2017-7602: Prevent signed integer overflow, which\n allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image (bsc#1033109).\n\n - CVE-2017-7592: The putagreytile function had a\n left-shift undefined behavior issue, which might allowed\n remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image (bsc#1033131).\n\n - CVE-2017-7593: Ensure that tif_rawdata is properly\n initialized, to prevent remote attackers to obtain\n sensitive information from process memory via a crafted\n image (bsc#1033129).\n\n - CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable\n function allowed remote attackers to cause a denial of\n service (memory leak) via a crafted image (bsc#1033128).\n\n - CVE-2017-9403: Prevent memory leak in function\n TIFFReadDirEntryLong8Array, which allowed attackers to\n cause a denial of service via a crafted file\n (bsc#1042805).\n\n - CVE-2017-9404: Fixed memory leak vulnerability in\n function OJPEGReadHeaderInfoSecTablesQTable, which\n allowed attackers to cause a denial of service via a\n crafted file (bsc#1042804).\n\nThese various other issues were fixed :\n\n - Fix uint32 overflow in TIFFReadEncodedStrip() that\n caused an integer division by zero. Reported by Agostino\n Sarubbo.\n\n - fix heap-based buffer overflow on generation of PixarLog\n / LUV compressed files, with ColorMap, TransferFunction\n attached and nasty plays with bitspersample. The fix for\n LUV has not been tested, but suffers from the same kind\n of issue of PixarLog.\n\n - modify ChopUpSingleUncompressedStrip() to instanciate\n compute ntrips as TIFFhowmany_32(td->td_imagelength,\n rowsperstrip), instead of a logic based on the total\n size of data. Which is faulty is the total size of data\n is not sufficient to fill the whole image, and thus\n results in reading outside of the\n StripByCounts/StripOffsets arrays when using\n TIFFReadScanline()\n\n - make OJPEGDecode() early exit in case of failure in\n OJPEGPreDecode(). This will avoid a divide by zero, and\n potential other issues.\n\n - fix misleading indentation as warned by GCC.\n\n - revert change done on 2016-01-09 that made Param member\n of TIFFFaxTabEnt structure a uint16 to reduce size of\n the binary. It happens that the Hylafax software uses\n the tables that follow this typedef (TIFFFaxMainTable,\n TIFFFaxWhiteTable, TIFFFaxBlackTable), although they are\n not in a public libtiff header.\n\n - add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt()\n variants of the functions without ext, with an extra\n argument to control the stop_on_error behaviour.\n\n - fix potential memory leaks in error code path of\n TIFFRGBAImageBegin().\n\n - increase libjpeg max memory usable to 10 MB instead of\n libjpeg 1MB default. This helps when creating files with\n 'big' tile, without using libjpeg temporary files.\n\n - add _TIFFcalloc()\n\n - return 0 in Encode functions instead of -1 when\n TIFFFlushData1() fails.\n\n - only run JPEGFixupTagsSubsampling() if the\n YCbCrSubsampling tag is not explicitly present. This\n helps a bit to reduce the I/O amount when the tag is\n present (especially on cloud hosted files).\n\n - in LZWPostEncode(), increase, if necessary, the code\n bit-width after flushing the remaining code and before\n emitting the EOI code.\n\n - fix memory leak in error code path of\n PixarLogSetupDecode().\n\n - fix potential memory leak in\n OJPEGReadHeaderInfoSecTablesQTable,\n OJPEGReadHeaderInfoSecTablesDcTable and\n OJPEGReadHeaderInfoSecTablesAcTable\n\n - avoid crash in Fax3Close() on empty file.\n\n - TIFFFillStrip(): add limitation to the number of bytes\n read in case td_stripbytecount[strip] is bigger than\n reasonable, so as to avoid excessive memory allocation.\n\n - fix memory leak when the underlying codec (ZIP,\n PixarLog) succeeds its setupdecode() method, but\n PredictorSetup fails.\n\n - TIFFFillStrip() and TIFFFillTile(): avoid excessive\n memory allocation in case of shorten files. Only\n effective on 64 bit builds and non-mapped cases.\n\n - TIFFFillStripPartial() / TIFFSeek(), avoid potential\n integer overflows with read_ahead in\n CHUNKY_STRIP_READ_SUPPORT mode.\n\n - avoid excessive memory allocation in case of shorten\n files. Only effective on 64 bit builds.\n\n - update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with\n tif_rawdataloaded when calling TIFFStartStrip() or\n TIFFFillStripPartial(). \n\n - avoid potential int32 overflow in TIFFYCbCrToRGBInit()\n Fixes\n\n - avoid potential int32 overflows in multiply_ms() and\n add_ms().\n\n - fix out-of-buffer read in PackBitsDecode() Fixes\n\n - LogL16InitState(): avoid excessive memory allocation\n when RowsPerStrip tag is missing.\n\n - update dec_bitsleft at beginning of LZWDecode(), and\n update tif_rawcc at end of LZWDecode(). This is needed\n to properly work with the latest chnges in tif_read.c in\n CHUNKY_STRIP_READ_SUPPORT mode.\n\n - PixarLogDecode(): resync tif_rawcp with next_in and\n tif_rawcc with avail_in at beginning and end of\n function, similarly to what is done in LZWDecode().\n Likely needed so that it works properly with latest\n chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode.\n\n - initYCbCrConversion(): add basic validation of luma and\n refBlackWhite coefficients (just check they are not NaN\n for now), to avoid potential float to int overflows.\n\n - _TIFFVSetField(): fix outside range cast of double to\n float.\n\n - initYCbCrConversion(): check luma[1] is not zero to\n avoid division by zero\n\n - _TIFFVSetField(): fix outside range cast of double to\n float.\n\n - initYCbCrConversion(): check luma[1] is not zero to\n avoid division by zero.\n\n - initYCbCrConversion(): stricter validation for\n refBlackWhite coefficients values.\n\n - avoid uint32 underflow in cpDecodedStrips that can cause\n various issues, such as buffer overflows in the library.\n\n - fix readContigStripsIntoBuffer() in -i (ignore) mode so\n that the output buffer is correctly incremented to avoid\n write outside bounds.\n\n - add 3 extra bytes at end of strip buffer in\n readSeparateStripsIntoBuffer() to avoid read outside of\n heap allocated buffer.\n\n - fix integer division by zero when BitsPerSample is\n missing.\n\n - fix NULL pointer dereference in -r mode when the image\n has no StripByteCount tag.\n\n - avoid potential division by zero is BitsPerSamples tag\n is missing.\n\n - when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called,\n limit the return number of inks to SamplesPerPixel, so\n that code that parses ink names doesn't go past the end\n of the buffer.\n\n - avoid potential division by zero is BitsPerSamples tag\n is missing.\n\n - fix uint32 underflow/overflow that can cause heap-based\n buffer overflow.\n\n - replace assert( (bps % 8) == 0 ) by a non assert check.\n\n - fix 2 heap-based buffer overflows (in PSDataBW and\n PSDataColorContig).\n\n - prevent heap-based buffer overflow in -j mode on a\n paletted image.\n\n - fix wrong usage of memcpy() that can trigger unspecified\n behaviour.\n\n - avoid potential invalid memory read in t2p_writeproc.\n\n - avoid potential heap-based overflow in\n t2p_readwrite_pdf_image_tile().\n\n - remove extraneous TIFFClose() in error code path, that\n caused double free.\n\n - error out cleanly in cpContig2SeparateByRow and\n cpSeparate2ContigByRow if BitsPerSample != 8 to avoid\n heap based overflow.\n\n - avoid integer division by zero.\n\n - call TIFFClose() in error code paths.\n\n - emit appropriate message if the input file is empty.\n\n - close TIFF handle in error code path.\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042805\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libtiff-devel-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libtiff5-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libtiff5-debuginfo-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tiff-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tiff-debuginfo-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tiff-debugsource-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.8-17.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtiff-devel-4.0.8-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtiff5-4.0.8-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtiff5-debuginfo-4.0.8-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tiff-4.0.8-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tiff-debuginfo-4.0.8-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tiff-debugsource-4.0.8-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-4.0.8-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.8-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.8-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel-32bit / libtiff-devel / libtiff5-32bit / libtiff5 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:28", "description": "This update for tiff to version 4.0.8 fixes a several bugs and security issues: These security issues were fixed :\n\n - CVE-2017-7595: The JPEGSetupEncode function allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033127).\n\n - CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file (bsc#1038438).\n\n - CVE-2017-7598: Error in tif_dirread.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033118).\n\n - CVE-2017-7596: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033126).\n\n - CVE-2017-7597: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033120).\n\n - CVE-2017-7599: Undefined behavior because of shorts outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033113).\n\n - CVE-2017-7600: Undefined behavior because of chars outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033112).\n\n - CVE-2017-7601: Because of a shift exponent too large for 64-bit type long undefined behavior was caused, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033111).\n\n - CVE-2017-7602: Prevent signed integer overflow, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033109).\n\n - CVE-2017-7592: The putagreytile function had a left-shift undefined behavior issue, which might allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033131).\n\n - CVE-2017-7593: Ensure that tif_rawdata is properly initialized, to prevent remote attackers to obtain sensitive information from process memory via a crafted image (bsc#1033129).\n\n - CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function allowed remote attackers to cause a denial of service (memory leak) via a crafted image (bsc#1033128).\n\n - CVE-2017-9403: Prevent memory leak in function TIFFReadDirEntryLong8Array, which allowed attackers to cause a denial of service via a crafted file (bsc#1042805).\n\n - CVE-2017-9404: Fixed memory leak vulnerability in function OJPEGReadHeaderInfoSecTablesQTable, which allowed attackers to cause a denial of service via a crafted file (bsc#1042804). These various other issues were fixed :\n\n - Fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer division by zero. Reported by Agostino Sarubbo.\n\n - fix heap-based buffer overflow on generation of PixarLog / LUV compressed files, with ColorMap, TransferFunction attached and nasty plays with bitspersample. The fix for LUV has not been tested, but suffers from the same kind of issue of PixarLog.\n\n - modify ChopUpSingleUncompressedStrip() to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on the total size of data. Which is faulty is the total size of data is not sufficient to fill the whole image, and thus results in reading outside of the StripByCounts/StripOffsets arrays when using TIFFReadScanline()\n\n - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues.\n\n - fix misleading indentation as warned by GCC.\n\n - revert change done on 2016-01-09 that made Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the binary. It happens that the Hylafax software uses the tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable), although they are not in a public libtiff header.\n\n - add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants of the functions without ext, with an extra argument to control the stop_on_error behaviour.\n\n - fix potential memory leaks in error code path of TIFFRGBAImageBegin().\n\n - increase libjpeg max memory usable to 10 MB instead of libjpeg 1MB default. This helps when creating files with 'big' tile, without using libjpeg temporary files.\n\n - add _TIFFcalloc()\n\n - return 0 in Encode functions instead of -1 when TIFFFlushData1() fails.\n\n - only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling tag is not explicitly present. This helps a bit to reduce the I/O amount when the tag is present (especially on cloud hosted files).\n\n - in LZWPostEncode(), increase, if necessary, the code bit-width after flushing the remaining code and before emitting the EOI code.\n\n - fix memory leak in error code path of PixarLogSetupDecode().\n\n - fix potential memory leak in OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable\n\n - avoid crash in Fax3Close() on empty file.\n\n - TIFFFillStrip(): add limitation to the number of bytes read in case td_stripbytecount[strip] is bigger than reasonable, so as to avoid excessive memory allocation.\n\n - fix memory leak when the underlying codec (ZIP, PixarLog) succeeds its setupdecode() method, but PredictorSetup fails.\n\n - TIFFFillStrip() and TIFFFillTile(): avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds and non-mapped cases.\n\n - TIFFFillStripPartial() / TIFFSeek(), avoid potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode.\n\n - avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds.\n\n - update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with tif_rawdataloaded when calling TIFFStartStrip() or TIFFFillStripPartial().\n\n - avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes\n\n - avoid potential int32 overflows in multiply_ms() and add_ms().\n\n - fix out-of-buffer read in PackBitsDecode() Fixes\n\n - LogL16InitState(): avoid excessive memory allocation when RowsPerStrip tag is missing.\n\n - update dec_bitsleft at beginning of LZWDecode(), and update tif_rawcc at end of LZWDecode(). This is needed to properly work with the latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode.\n\n - PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc with avail_in at beginning and end of function, similarly to what is done in LZWDecode().\n Likely needed so that it works properly with latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode.\n\n - initYCbCrConversion(): add basic validation of luma and refBlackWhite coefficients (just check they are not NaN for now), to avoid potential float to int overflows.\n\n - _TIFFVSetField(): fix outside range cast of double to float.\n\n - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero\n\n - _TIFFVSetField(): fix outside range cast of double to float.\n\n - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero.\n\n - initYCbCrConversion(): stricter validation for refBlackWhite coefficients values.\n\n - avoid uint32 underflow in cpDecodedStrips that can cause various issues, such as buffer overflows in the library.\n\n - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the output buffer is correctly incremented to avoid write outside bounds.\n\n - add 3 extra bytes at end of strip buffer in readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer.\n\n - fix integer division by zero when BitsPerSample is missing.\n\n - fix NULL pointer dereference in -r mode when the image has no StripByteCount tag.\n\n - avoid potential division by zero is BitsPerSamples tag is missing.\n\n - when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit the return number of inks to SamplesPerPixel, so that code that parses ink names doesn't go past the end of the buffer.\n\n - avoid potential division by zero is BitsPerSamples tag is missing.\n\n - fix uint32 underflow/overflow that can cause heap-based buffer overflow.\n\n - replace assert( (bps % 8) == 0 ) by a non assert check.\n\n - fix 2 heap-based buffer overflows (in PSDataBW and PSDataColorContig).\n\n - prevent heap-based buffer overflow in -j mode on a paletted image.\n\n - fix wrong usage of memcpy() that can trigger unspecified behaviour.\n\n - avoid potential invalid memory read in t2p_writeproc.\n\n - avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile().\n\n - remove extraneous TIFFClose() in error code path, that caused double free.\n\n - error out cleanly in cpContig2SeparateByRow and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow.\n\n - avoid integer division by zero.\n\n - call TIFFClose() in error code paths.\n\n - emit appropriate message if the input file is empty.\n\n - close TIFF handle in error code path.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2017:2569-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10371", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9403", "CVE-2017-9404"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libtiff5", "p-cpe:/a:novell:suse_linux:libtiff5-debuginfo", "p-cpe:/a:novell:suse_linux:tiff", "p-cpe:/a:novell:suse_linux:tiff-debuginfo", "p-cpe:/a:novell:suse_linux:tiff-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2569-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2569-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103503);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10371\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9403\", \"CVE-2017-9404\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2017:2569-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tiff to version 4.0.8 fixes a several bugs and\nsecurity issues: These security issues were fixed :\n\n - CVE-2017-7595: The JPEGSetupEncode function allowed\n remote attackers to cause a denial of service\n (divide-by-zero error and application crash) via a\n crafted image (bsc#1033127).\n\n - CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational\n function allowed remote attackers to cause a denial of\n service (assertion failure and application exit) via a\n crafted TIFF file (bsc#1038438).\n\n - CVE-2017-7598: Error in tif_dirread.c allowed remote\n attackers to cause a denial of service (divide-by-zero\n error and application crash) via a crafted image\n (bsc#1033118).\n\n - CVE-2017-7596: Undefined behavior because of floats\n outside their expected value range, which allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image (bsc#1033126).\n\n - CVE-2017-7597: Undefined behavior because of floats\n outside their expected value range, which allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image (bsc#1033120).\n\n - CVE-2017-7599: Undefined behavior because of shorts\n outside their expected value range, which allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image (bsc#1033113).\n\n - CVE-2017-7600: Undefined behavior because of chars\n outside their expected value range, which allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image (bsc#1033112).\n\n - CVE-2017-7601: Because of a shift exponent too large for\n 64-bit type long undefined behavior was caused, which\n allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image (bsc#1033111).\n\n - CVE-2017-7602: Prevent signed integer overflow, which\n allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image (bsc#1033109).\n\n - CVE-2017-7592: The putagreytile function had a\n left-shift undefined behavior issue, which might allowed\n remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image (bsc#1033131).\n\n - CVE-2017-7593: Ensure that tif_rawdata is properly\n initialized, to prevent remote attackers to obtain\n sensitive information from process memory via a crafted\n image (bsc#1033129).\n\n - CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable\n function allowed remote attackers to cause a denial of\n service (memory leak) via a crafted image (bsc#1033128).\n\n - CVE-2017-9403: Prevent memory leak in function\n TIFFReadDirEntryLong8Array, which allowed attackers to\n cause a denial of service via a crafted file\n (bsc#1042805).\n\n - CVE-2017-9404: Fixed memory leak vulnerability in\n function OJPEGReadHeaderInfoSecTablesQTable, which\n allowed attackers to cause a denial of service via a\n crafted file (bsc#1042804). These various other issues\n were fixed :\n\n - Fix uint32 overflow in TIFFReadEncodedStrip() that\n caused an integer division by zero. Reported by Agostino\n Sarubbo.\n\n - fix heap-based buffer overflow on generation of PixarLog\n / LUV compressed files, with ColorMap, TransferFunction\n attached and nasty plays with bitspersample. The fix for\n LUV has not been tested, but suffers from the same kind\n of issue of PixarLog.\n\n - modify ChopUpSingleUncompressedStrip() to instanciate\n compute ntrips as TIFFhowmany_32(td->td_imagelength,\n rowsperstrip), instead of a logic based on the total\n size of data. Which is faulty is the total size of data\n is not sufficient to fill the whole image, and thus\n results in reading outside of the\n StripByCounts/StripOffsets arrays when using\n TIFFReadScanline()\n\n - make OJPEGDecode() early exit in case of failure in\n OJPEGPreDecode(). This will avoid a divide by zero, and\n potential other issues.\n\n - fix misleading indentation as warned by GCC.\n\n - revert change done on 2016-01-09 that made Param member\n of TIFFFaxTabEnt structure a uint16 to reduce size of\n the binary. It happens that the Hylafax software uses\n the tables that follow this typedef (TIFFFaxMainTable,\n TIFFFaxWhiteTable, TIFFFaxBlackTable), although they are\n not in a public libtiff header.\n\n - add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt()\n variants of the functions without ext, with an extra\n argument to control the stop_on_error behaviour.\n\n - fix potential memory leaks in error code path of\n TIFFRGBAImageBegin().\n\n - increase libjpeg max memory usable to 10 MB instead of\n libjpeg 1MB default. This helps when creating files with\n 'big' tile, without using libjpeg temporary files.\n\n - add _TIFFcalloc()\n\n - return 0 in Encode functions instead of -1 when\n TIFFFlushData1() fails.\n\n - only run JPEGFixupTagsSubsampling() if the\n YCbCrSubsampling tag is not explicitly present. This\n helps a bit to reduce the I/O amount when the tag is\n present (especially on cloud hosted files).\n\n - in LZWPostEncode(), increase, if necessary, the code\n bit-width after flushing the remaining code and before\n emitting the EOI code.\n\n - fix memory leak in error code path of\n PixarLogSetupDecode().\n\n - fix potential memory leak in\n OJPEGReadHeaderInfoSecTablesQTable,\n OJPEGReadHeaderInfoSecTablesDcTable and\n OJPEGReadHeaderInfoSecTablesAcTable\n\n - avoid crash in Fax3Close() on empty file.\n\n - TIFFFillStrip(): add limitation to the number of bytes\n read in case td_stripbytecount[strip] is bigger than\n reasonable, so as to avoid excessive memory allocation.\n\n - fix memory leak when the underlying codec (ZIP,\n PixarLog) succeeds its setupdecode() method, but\n PredictorSetup fails.\n\n - TIFFFillStrip() and TIFFFillTile(): avoid excessive\n memory allocation in case of shorten files. Only\n effective on 64 bit builds and non-mapped cases.\n\n - TIFFFillStripPartial() / TIFFSeek(), avoid potential\n integer overflows with read_ahead in\n CHUNKY_STRIP_READ_SUPPORT mode.\n\n - avoid excessive memory allocation in case of shorten\n files. Only effective on 64 bit builds.\n\n - update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with\n tif_rawdataloaded when calling TIFFStartStrip() or\n TIFFFillStripPartial().\n\n - avoid potential int32 overflow in TIFFYCbCrToRGBInit()\n Fixes\n\n - avoid potential int32 overflows in multiply_ms() and\n add_ms().\n\n - fix out-of-buffer read in PackBitsDecode() Fixes\n\n - LogL16InitState(): avoid excessive memory allocation\n when RowsPerStrip tag is missing.\n\n - update dec_bitsleft at beginning of LZWDecode(), and\n update tif_rawcc at end of LZWDecode(). This is needed\n to properly work with the latest chnges in tif_read.c in\n CHUNKY_STRIP_READ_SUPPORT mode.\n\n - PixarLogDecode(): resync tif_rawcp with next_in and\n tif_rawcc with avail_in at beginning and end of\n function, similarly to what is done in LZWDecode().\n Likely needed so that it works properly with latest\n chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode.\n\n - initYCbCrConversion(): add basic validation of luma and\n refBlackWhite coefficients (just check they are not NaN\n for now), to avoid potential float to int overflows.\n\n - _TIFFVSetField(): fix outside range cast of double to\n float.\n\n - initYCbCrConversion(): check luma[1] is not zero to\n avoid division by zero\n\n - _TIFFVSetField(): fix outside range cast of double to\n float.\n\n - initYCbCrConversion(): check luma[1] is not zero to\n avoid division by zero.\n\n - initYCbCrConversion(): stricter validation for\n refBlackWhite coefficients values.\n\n - avoid uint32 underflow in cpDecodedStrips that can cause\n various issues, such as buffer overflows in the library.\n\n - fix readContigStripsIntoBuffer() in -i (ignore) mode so\n that the output buffer is correctly incremented to avoid\n write outside bounds.\n\n - add 3 extra bytes at end of strip buffer in\n readSeparateStripsIntoBuffer() to avoid read outside of\n heap allocated buffer.\n\n - fix integer division by zero when BitsPerSample is\n missing.\n\n - fix NULL pointer dereference in -r mode when the image\n has no StripByteCount tag.\n\n - avoid potential division by zero is BitsPerSamples tag\n is missing.\n\n - when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called,\n limit the return number of inks to SamplesPerPixel, so\n that code that parses ink names doesn't go past the end\n of the buffer.\n\n - avoid potential division by zero is BitsPerSamples tag\n is missing.\n\n - fix uint32 underflow/overflow that can cause heap-based\n buffer overflow.\n\n - replace assert( (bps % 8) == 0 ) by a non assert check.\n\n - fix 2 heap-based buffer overflows (in PSDataBW and\n PSDataColorContig).\n\n - prevent heap-based buffer overflow in -j mode on a\n paletted image.\n\n - fix wrong usage of memcpy() that can trigger unspecified\n behaviour.\n\n - avoid potential invalid memory read in t2p_writeproc.\n\n - avoid potential heap-based overflow in\n t2p_readwrite_pdf_image_tile().\n\n - remove extraneous TIFFClose() in error code path, that\n caused double free.\n\n - error out cleanly in cpContig2SeparateByRow and\n cpSeparate2ContigByRow if BitsPerSample != 8 to avoid\n heap based overflow.\n\n - avoid integer division by zero.\n\n - call TIFFClose() in error code paths.\n\n - emit appropriate message if the input file is empty.\n\n - close TIFF handle in error code path.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10371/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7592/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7593/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7594/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7595/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7596/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7597/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7598/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9403/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9404/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172569-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6dda5e4a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1589=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1589=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1589=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1589=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1589=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1589=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1589=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtiff5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tiff-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtiff5-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtiff5-debuginfo-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tiff-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tiff-debuginfo-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tiff-debugsource-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtiff5-32bit-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtiff5-debuginfo-32bit-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtiff5-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtiff5-debuginfo-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tiff-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tiff-debuginfo-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tiff-debugsource-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtiff5-32bit-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtiff5-debuginfo-32bit-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtiff5-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tiff-debuginfo-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tiff-debugsource-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libtiff5-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tiff-debuginfo-4.0.8-44.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tiff-debugsource-4.0.8-44.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:23", "description": "This update for tiff fixes the following issues: Security issues fixed :\n\n - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.\n (bsc#984809)\n\n - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694)\n\n - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254)\n\n - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250)\n\n - CVE-2017-18013: In LibTIFF, there was a NULL pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.\n (bsc#1074317)\n\n - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129)\n\n - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127)\n\n - CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126)\n\n - CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120)\n\n - CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113)\n\n - CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112)\n\n - CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111)\n\n - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.\n (bsc#1033109)\n\n - Multiple divide by zero issues\n\n - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-31T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1472-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10267", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-5314", "CVE-2016-5315", "CVE-2017-18013", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libtiff3", "p-cpe:/a:novell:suse_linux:tiff", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-1472-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1472-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110258);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10267\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-5314\", \"CVE-2016-5315\", \"CVE-2017-18013\", \"CVE-2017-7593\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n\n script_name(english:\"SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1472-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tiff fixes the following issues: Security issues \nfixed :\n\n - CVE-2016-5315: The setByteArray function in tif_dir.c\n allowed remote attackers to cause a denial of service\n (out-of-bounds read) via a crafted tiff image.\n (bsc#984809)\n\n - CVE-2016-10267: LibTIFF allowed remote attackers to\n cause a denial of service (divide-by-zero error and\n application crash) via a crafted TIFF image, related to\n libtiff/tif_ojpeg.c:816:8. (bsc#1017694)\n\n - CVE-2016-10269: LibTIFF allowed remote attackers to\n cause a denial of service (heap-based buffer over-read)\n or possibly have unspecified other impact via a crafted\n TIFF image, related to 'READ of size 512' and\n libtiff/tif_unix.c:340:2. (bsc#1031254)\n\n - CVE-2016-10270: LibTIFF allowed remote attackers to\n cause a denial of service (heap-based buffer over-read)\n or possibly have unspecified other impact via a crafted\n TIFF image, related to 'READ of size 8' and\n libtiff/tif_read.c:523:22. (bsc#1031250)\n\n - CVE-2017-18013: In LibTIFF, there was a NULL pointer\n Dereference in the tif_print.c TIFFPrintDirectory\n function, as demonstrated by a tiffinfo crash.\n (bsc#1074317)\n\n - CVE-2017-7593: tif_read.c did not ensure that\n tif_rawdata is properly initialized, which might have\n allowed remote attackers to obtain sensitive information\n from process memory via a crafted image. (bsc#1033129)\n\n - CVE-2017-7595: The JPEGSetupEncode function in\n tiff_jpeg.c allowed remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted image. (bsc#1033127)\n\n - CVE-2017-7596: LibTIFF had an 'outside the range of\n representable values of type float' undefined behavior\n issue, which might have allowed remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image. (bsc#1033126)\n\n - CVE-2017-7597: tif_dirread.c had an 'outside the range\n of representable values of type float' undefined\n behavior issue, which might have allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image. (bsc#1033120)\n\n - CVE-2017-7599: LibTIFF had an 'outside the range of\n representable values of type short' undefined behavior\n issue, which might have allowed remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image. (bsc#1033113)\n\n - CVE-2017-7600: LibTIFF had an 'outside the range of\n representable values of type unsigned char' undefined\n behavior issue, which might have allowed remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image. (bsc#1033112)\n\n - CVE-2017-7601: LibTIFF had a 'shift exponent too large\n for 64-bit type long' undefined behavior issue, which\n might have allowed remote attackers to cause a denial of\n service (application crash) or possibly have unspecified\n other impact via a crafted image. (bsc#1033111)\n\n - CVE-2017-7602: LibTIFF had a signed integer overflow,\n which might have allowed remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted image.\n (bsc#1033109)\n\n - Multiple divide by zero issues\n\n - CVE-2016-5314: Buffer overflow in the PixarLogDecode\n function in tif_pixarlog.c allowed remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n TIFF image, as demonstrated by overwriting the\n vgetparent function pointer with rgb2ycbcr. (bsc#987351\n bsc#984808 bsc#984831)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10269/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5315/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18013/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7593/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7595/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7596/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7597/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7602/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f76228cb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-tiff-13631=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-tiff-13631=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-tiff-13631=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.169.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libtiff3-32bit-3.8.2-141.169.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libtiff3-3.8.2-141.169.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tiff-3.8.2-141.169.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:28", "description": "The remote host is affected by the vulnerability described in GLSA-201709-27 (libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker, by enticing the user to process a specially crafted TIFF file, could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or have other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-09-27T00:00:00", "type": "nessus", "title": "GLSA-201709-27 : libTIFF: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10267", "CVE-2016-10268", "CVE-2017-5225", "CVE-2017-5563", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9403"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tiff", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201709-27.NASL", "href": "https://www.tenable.com/plugins/nessus/103486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201709-27.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103486);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10267\", \"CVE-2016-10268\", \"CVE-2017-5225\", \"CVE-2017-5563\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9403\");\n script_xref(name:\"GLSA\", value:\"201709-27\");\n\n script_name(english:\"GLSA-201709-27 : libTIFF: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201709-27\n(libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in LibTIFF. Please review\n the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker, by enticing the user to process a specially crafted\n TIFF file, could possibly execute arbitrary code with the privileges of\n the process, cause a Denial of Service condition, obtain sensitive\n information, or have other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201709-27\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All LibTIFF users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.0.8'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/tiff\", unaffected:make_list(\"ge 4.0.8\"), vulnerable:make_list(\"lt 4.0.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libTIFF\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:34", "description": "Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service, memory disclosure or the execution of arbitrary code.", "cvss3": {}, "published": "2017-05-04T00:00:00", "type": "nessus", "title": "Debian DSA-3844-1 : tiff - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-3658", "CVE-2016-9535", "CVE-2017-5225", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tiff", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3844.NASL", "href": "https://www.tenable.com/plugins/nessus/99973", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3844. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99973);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10269\", \"CVE-2016-10270\", \"CVE-2016-3658\", \"CVE-2016-9535\", \"CVE-2017-5225\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\");\n script_xref(name:\"DSA\", value:\"3844\");\n\n script_name(english:\"Debian DSA-3844-1 : tiff - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the libtiff library\nand the included tools, which may result in denial of service, memory\ndisclosure or the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3844\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tiff packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 4.0.3-12.3+deb8u3.\n\nFor the upcoming stable distribution (stretch), these problems have\nbeen fixed in version 4.0.7-6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libtiff-doc\", reference:\"4.0.3-12.3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff-opengl\", reference:\"4.0.3-12.3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff-tools\", reference:\"4.0.3-12.3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff5\", reference:\"4.0.3-12.3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff5-dev\", reference:\"4.0.3-12.3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiffxx5\", reference:\"4.0.3-12.3+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:41", "description": "It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS : LibTIFF vulnerabilities (USN-3602-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10371", "CVE-2017-10688", "CVE-2017-11335", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-18013", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9403", "CVE-2017-9404", "CVE-2017-9815", "CVE-2017-9936", "CVE-2018-5784"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtiff-tools", "p-cpe:/a:canonical:ubuntu_linux:libtiff5", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3602-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108513", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3602-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108513);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2016-10266\", \"CVE-2016-10267\", \"CVE-2016-10268\", \"CVE-2016-10269\", \"CVE-2016-10371\", \"CVE-2017-10688\", \"CVE-2017-11335\", \"CVE-2017-12944\", \"CVE-2017-13726\", \"CVE-2017-13727\", \"CVE-2017-18013\", \"CVE-2017-7592\", \"CVE-2017-7593\", \"CVE-2017-7594\", \"CVE-2017-7595\", \"CVE-2017-7596\", \"CVE-2017-7597\", \"CVE-2017-7598\", \"CVE-2017-7599\", \"CVE-2017-7600\", \"CVE-2017-7601\", \"CVE-2017-7602\", \"CVE-2017-9403\", \"CVE-2017-9404\", \"CVE-2017-9815\", \"CVE-2017-9936\", \"CVE-2018-5784\");\n script_xref(name:\"USN\", value:\"3602-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : LibTIFF vulnerabilities (USN-3602-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that LibTIFF incorrectly handled certain malformed\nimages. If a user or automated system were tricked into opening a\nspecially crafted image, a remote attacker could crash the\napplication, leading to a denial of service, or possibly execute\narbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3602-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libtiff-tools and / or libtiff5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libtiff-tools\", pkgver:\"4.0.3-7ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libtiff5\", pkgver:\"4.0.3-7ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libtiff-tools\", pkgver:\"4.0.6-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libtiff5\", pkgver:\"4.0.6-1ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-tools / libtiff5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:15", "description": "According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13727)\n\n - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7592)\n\n - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.(CVE-2017-7593)\n\n - The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.(CVE-2017-7594)\n\n - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7595)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7596)\n\n - tif_dirread.c in LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7597)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type short' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7599)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7600)\n\n - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7598)\n\n - LibTIFF 4.0.7 has a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7601)\n\n - LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7602)\n\n - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.(CVE-2017-9403)\n\n - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.\n A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.(CVE-2017-9936)\n\n - Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.(CVE-2016-10092)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.(CVE-2016-10266)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)\n\n - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\n - The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.(CVE-2016-10371)\n\n - The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.(CVE-2016-3622)\n\n - tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.(CVE-2016-9273)\n\n - The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.(CVE-2017-12944)\n\n - There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13726)\n\n - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.(CVE-2016-9538)\n\n - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.(CVE-2016-9539)\n\n - In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.(CVE-2017-10688)\n\n - Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.(CVE-2016-3186)\n\n - A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)(CVE-2018-7456)\n\n - In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libtiff (EulerOS-SA-2019-2265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-10272", "CVE-2016-10371", "CVE-2016-3186", "CVE-2016-3622", "CVE-2016-9273", "CVE-2016-9538", "CVE-2016-9539", "CVE-2017-10688", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-18013", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9403", "CVE-2017-9936", "CVE-2018-7456", "CVE-2018-8905"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "p-cpe:/a:huawei:euleros:libtiff-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2265.NASL", "href": "https://www.tenable.com/plugins/nessus/130727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130727);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10092\",\n \"CVE-2016-10266\",\n \"CVE-2016-10267\",\n \"CVE-2016-10268\",\n \"CVE-2016-10269\",\n \"CVE-2016-10270\",\n \"CVE-2016-10272\",\n \"CVE-2016-10371\",\n \"CVE-2016-3186\",\n \"CVE-2016-3622\",\n \"CVE-2016-9273\",\n \"CVE-2016-9538\",\n \"CVE-2016-9539\",\n \"CVE-2017-10688\",\n \"CVE-2017-12944\",\n \"CVE-2017-13726\",\n \"CVE-2017-13727\",\n \"CVE-2017-7592\",\n \"CVE-2017-7593\",\n \"CVE-2017-7594\",\n \"CVE-2017-7595\",\n \"CVE-2017-7596\",\n \"CVE-2017-7597\",\n \"CVE-2017-7598\",\n \"CVE-2017-7599\",\n \"CVE-2017-7600\",\n \"CVE-2017-7601\",\n \"CVE-2017-7602\",\n \"CVE-2017-9403\",\n \"CVE-2017-9936\",\n \"CVE-2018-7456\",\n \"CVE-2018-8905\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libtiff (EulerOS-SA-2019-2265)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - There is a reachable assertion abort in the function\n TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related\n to tif_dirwrite.c and a SubIFD tag. A crafted input\n will lead to a remote denial of service\n attack.(CVE-2017-13727)\n\n - The putagreytile function in tif_getimage.c in LibTIFF\n 4.0.7 has a left-shift undefined behavior issue, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7592)\n\n - tif_read.c in LibTIFF 4.0.7 does not ensure that\n tif_rawdata is properly initialized, which might allow\n remote attackers to obtain sensitive information from\n process memory via a crafted image.(CVE-2017-7593)\n\n - The OJPEGReadHeaderInfoSecTablesDcTable function in\n tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to\n cause a denial of service (memory leak) via a crafted\n image.(CVE-2017-7594)\n\n - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF\n 4.0.7 allows remote attackers to cause a denial of\n service (divide-by-zero error and application crash)\n via a crafted image.(CVE-2017-7595)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type float' undefined behavior\n issue, which might allow remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7596)\n\n - tif_dirread.c in LibTIFF 4.0.7 has an 'outside the\n range of representable values of type float' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7597)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type short' undefined behavior\n issue, which might allow remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7599)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type unsigned char' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7600)\n\n - tif_dirread.c in LibTIFF 4.0.7 might allow remote\n attackers to cause a denial of service (divide-by-zero\n error and application crash) via a crafted\n image.(CVE-2017-7598)\n\n - LibTIFF 4.0.7 has a 'shift exponent too large for\n 64-bit type long' undefined behavior issue, which might\n allow remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image.(CVE-2017-7601)\n\n - LibTIFF 4.0.7 has a signed integer overflow, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7602)\n\n - In LibTIFF 4.0.7, a memory leak vulnerability was found\n in the function TIFFReadDirEntryLong8Array in\n tif_dirread.c, which allows attackers to cause a denial\n of service via a crafted file.(CVE-2017-9403)\n\n - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.\n A crafted TIFF document can lead to a memory leak\n resulting in a remote denial of service\n attack.(CVE-2017-9936)\n\n - Heap-based buffer overflow in the\n readContigStripsIntoBuffer function in tif_unix.c in\n LibTIFF 4.0.7 allows remote attackers to have\n unspecified impact via a crafted image.(CVE-2016-10092)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer overflow) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'WRITE of size 2048' and\n libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted TIFF image, related to\n libtiff/tif_read.c:351:22.(CVE-2016-10266)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted TIFF image, related to\n libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)\n\n - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers\n to cause a denial of service (integer underflow and\n heap-based buffer under-read) or possibly have\n unspecified other impact via a crafted TIFF image,\n related to 'READ of size 78490' and\n libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer over-read) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'READ of size 512' and\n libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer over-read) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'READ of size 8' and\n libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\n - The TIFFWriteDirectoryTagCheckedRational function in\n tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers\n to cause a denial of service (assertion failure and\n application exit) via a crafted TIFF\n file.(CVE-2016-10371)\n\n - The fpAcc function in tif_predict.c in the tiff2rgba\n tool in LibTIFF 4.0.6 and earlier allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted TIFF image.(CVE-2016-3622)\n\n - tiffsplit in libtiff 4.0.6 allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted file, related to changing td_nstrips in\n TIFF_STRIPCHOP mode.(CVE-2016-9273)\n\n - The TIFFReadDirEntryArray function in tif_read.c in\n LibTIFF 4.0.8 mishandles memory allocation for short\n files, which allows remote attackers to cause a denial\n of service (allocation failure and application crash)\n in the TIFFFetchStripThing function in tif_dirread.c\n during a tiff2pdf invocation.(CVE-2017-12944)\n\n - There is a reachable assertion abort in the function\n TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to\n tif_dirwrite.c and a SubIFD tag. A crafted input will\n lead to a remote denial of service\n attack.(CVE-2017-13726)\n\n - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined\n buffer in readContigStripsIntoBuffer() because of a\n uint16 integer overflow. Reported as MSVR\n 35100.(CVE-2016-9538)\n\n - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds\n read in readContigTilesIntoBuffer(). Reported as MSVR\n 35092.(CVE-2016-9539)\n\n - In LibTIFF 4.0.8, there is a assertion abort in the\n TIFFWriteDirectoryTagCheckedLong8Array function in\n tif_dirwrite.c. A crafted input will lead to a remote\n denial of service attack.(CVE-2017-10688)\n\n - Buffer overflow in the readextension function in\n gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to\n cause a denial of service (application crash) via a\n crafted GIF file.(CVE-2016-3186)\n\n - A NULL Pointer Dereference occurs in the function\n TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when\n using the tiffinfo tool to print crafted TIFF\n information, a different vulnerability than\n CVE-2017-18013. (This affects an earlier part of the\n TIFFPrintDirectory function that was not addressed by\n the CVE-2017-18013 patch.)(CVE-2018-7456)\n\n - In LibTIFF 4.0.9, a heap-based buffer overflow occurs\n in the function LZWDecodeCompat in tif_lzw.c via a\n crafted TIFF file, as demonstrated by\n tiff2ps.(CVE-2018-8905)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2265\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4354c43e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.3-27.h14\",\n \"libtiff-devel-4.0.3-27.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:02", "description": "According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.(CVE-2016-5323)\n\n - The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the '-v' option to -1.(CVE-2016-3624)\n\n - The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.(CVE-2016-3623)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)\n\n - An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101)\n\n - LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557)\n\n - In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)\n\n - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\n - Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.(CVE-2016-10092)\n\n - In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.(CVE-2017-10688)\n\n - The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.(CVE-2017-12944)\n\n - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.(CVE-2016-9538)\n\n - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.(CVE-2016-9539)\n\n - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7592)\n\n - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7595)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7596)\n\n - tif_dirread.c in LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7597)\n\n - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7598)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type short' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7599)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7600)\n\n - LibTIFF 4.0.7 has a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7601)\n\n - LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7602)\n\n - In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.(CVE-2017-9117)\n\n - The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.(CVE-2016-10371)\n\n - The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.(CVE-2016-3622)\n\n - The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.(CVE-2016-5321)\n\n - The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.(CVE-2018-10963)\n\n - There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13726)\n\n - There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13727)\n\n - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.\n A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.(CVE-2017-9936)\n\n - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.(CVE-2017-9403)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)\n\n - tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.(CVE-2016-9273)\n\n - LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.(CVE-2017-9147)\n\n - Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.(CVE-2016-5318)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.(CVE-2018-18661)\n\n - TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.(CVE-2018-10779)\n\n - The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.(CVE-2017-7594)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.(CVE-2016-10266)\n\n - Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.(CVE-2016-5102)\n\n - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.(CVE-2017-7593)\n\n - A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)(CVE-2018-7456)\n\n - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.(CVE-2019-14973)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : libtiff (EulerOS-SA-2019-2209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-10272", "CVE-2016-10371", "CVE-2016-3622", "CVE-2016-3623", "CVE-2016-3624", "CVE-2016-5102", "CVE-2016-5318", "CVE-2016-5321", "CVE-2016-5323", "CVE-2016-9273", "CVE-2016-9538", "CVE-2016-9539", "CVE-2017-10688", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-18013", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9117", "CVE-2017-9147", "CVE-2017-9403", "CVE-2017-9936", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-17100", "CVE-2018-17101", "CVE-2018-18557", "CVE-2018-18661", "CVE-2018-7456", "CVE-2018-8905", "CVE-2019-14973"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "p-cpe:/a:huawei:euleros:libtiff-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2209.NASL", "href": "https://www.tenable.com/plugins/nessus/130671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130671);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10092\",\n \"CVE-2016-10266\",\n \"CVE-2016-10267\",\n \"CVE-2016-10268\",\n \"CVE-2016-10269\",\n \"CVE-2016-10270\",\n \"CVE-2016-10272\",\n \"CVE-2016-10371\",\n \"CVE-2016-3622\",\n \"CVE-2016-3623\",\n \"CVE-2016-3624\",\n \"CVE-2016-5102\",\n \"CVE-2016-5318\",\n \"CVE-2016-5321\",\n \"CVE-2016-5323\",\n \"CVE-2016-9273\",\n \"CVE-2016-9538\",\n \"CVE-2016-9539\",\n \"CVE-2017-10688\",\n \"CVE-2017-12944\",\n \"CVE-2017-13726\",\n \"CVE-2017-13727\",\n \"CVE-2017-7592\",\n \"CVE-2017-7593\",\n \"CVE-2017-7594\",\n \"CVE-2017-7595\",\n \"CVE-2017-7596\",\n \"CVE-2017-7597\",\n \"CVE-2017-7598\",\n \"CVE-2017-7599\",\n \"CVE-2017-7600\",\n \"CVE-2017-7601\",\n \"CVE-2017-7602\",\n \"CVE-2017-9117\",\n \"CVE-2017-9147\",\n \"CVE-2017-9403\",\n \"CVE-2017-9936\",\n \"CVE-2018-10779\",\n \"CVE-2018-10963\",\n \"CVE-2018-17100\",\n \"CVE-2018-17101\",\n \"CVE-2018-18557\",\n \"CVE-2018-18661\",\n \"CVE-2018-7456\",\n \"CVE-2018-8905\",\n \"CVE-2019-14973\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libtiff (EulerOS-SA-2019-2209)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The _TIFFFax3fillruns function in libtiff before 4.0.6\n allows remote attackers to cause a denial of service\n (divide-by-zero error and application crash) via a\n crafted Tiff image.The _TIFFFax3fillruns function in\n libtiff before 4.0.6 allows remote attackers to cause a\n denial of service (divide-by-zero error and application\n crash) via a crafted Tiff image.(CVE-2016-5323)\n\n - The cvtClump function in the rgb2ycbcr tool in LibTIFF\n 4.0.6 and earlier allows remote attackers to cause a\n denial of service (out-of-bounds write) by setting the\n '-v' option to -1.(CVE-2016-3624)\n\n - The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows\n remote attackers to cause a denial of service\n (divide-by-zero) by setting the (1) v or (2) h\n parameter to 0.(CVE-2016-3623)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a\n int32 overflow in multiply_ms in tools/ppm2tiff.c,\n which can cause a denial of service (crash) or possibly\n have unspecified other impact via a crafted image\n file.(CVE-2018-17100)\n\n - An issue was discovered in LibTIFF 4.0.9. There are two\n out-of-bounds writes in cpTags in tools/tiff2bw.c and\n tools/pal2rgb.c, which can cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image file.(CVE-2018-17101)\n\n - LibTIFF 4.0.9 (with JBIG enabled) decodes\n arbitrarily-sized JBIG into a buffer, ignoring the\n buffer size, which leads to a tif_jbig.c JBIGDecode\n out-of-bounds write.(CVE-2018-18557)\n\n - In LibTIFF 4.0.9, a heap-based buffer overflow occurs\n in the function LZWDecodeCompat in tif_lzw.c via a\n crafted TIFF file, as demonstrated by\n tiff2ps.(CVE-2018-8905)\n\n - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers\n to cause a denial of service (integer underflow and\n heap-based buffer under-read) or possibly have\n unspecified other impact via a crafted TIFF image,\n related to 'READ of size 78490' and\n libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer over-read) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'READ of size 512' and\n libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer over-read) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'READ of size 8' and\n libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer overflow) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'WRITE of size 2048' and\n libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\n - Heap-based buffer overflow in the\n readContigStripsIntoBuffer function in tif_unix.c in\n LibTIFF 4.0.7 allows remote attackers to have\n unspecified impact via a crafted image.(CVE-2016-10092)\n\n - In LibTIFF 4.0.8, there is a assertion abort in the\n TIFFWriteDirectoryTagCheckedLong8Array function in\n tif_dirwrite.c. A crafted input will lead to a remote\n denial of service attack.(CVE-2017-10688)\n\n - The TIFFReadDirEntryArray function in tif_read.c in\n LibTIFF 4.0.8 mishandles memory allocation for short\n files, which allows remote attackers to cause a denial\n of service (allocation failure and application crash)\n in the TIFFFetchStripThing function in tif_dirread.c\n during a tiff2pdf invocation.(CVE-2017-12944)\n\n - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined\n buffer in readContigStripsIntoBuffer() because of a\n uint16 integer overflow. Reported as MSVR\n 35100.(CVE-2016-9538)\n\n - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds\n read in readContigTilesIntoBuffer(). Reported as MSVR\n 35092.(CVE-2016-9539)\n\n - The putagreytile function in tif_getimage.c in LibTIFF\n 4.0.7 has a left-shift undefined behavior issue, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7592)\n\n - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF\n 4.0.7 allows remote attackers to cause a denial of\n service (divide-by-zero error and application crash)\n via a crafted image.(CVE-2017-7595)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type float' undefined behavior\n issue, which might allow remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7596)\n\n - tif_dirread.c in LibTIFF 4.0.7 has an 'outside the\n range of representable values of type float' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7597)\n\n - tif_dirread.c in LibTIFF 4.0.7 might allow remote\n attackers to cause a denial of service (divide-by-zero\n error and application crash) via a crafted\n image.(CVE-2017-7598)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type short' undefined behavior\n issue, which might allow remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7599)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type unsigned char' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7600)\n\n - LibTIFF 4.0.7 has a 'shift exponent too large for\n 64-bit type long' undefined behavior issue, which might\n allow remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image.(CVE-2017-7601)\n\n - LibTIFF 4.0.7 has a signed integer overflow, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7602)\n\n - In LibTIFF 4.0.7, the program processes BMP images\n without verifying that biWidth and biHeight in the\n bitmap-information header match the actual input,\n leading to a heap-based buffer over-read in\n bmp2tiff.(CVE-2017-9117)\n\n - The TIFFWriteDirectoryTagCheckedRational function in\n tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers\n to cause a denial of service (assertion failure and\n application exit) via a crafted TIFF\n file.(CVE-2016-10371)\n\n - The fpAcc function in tif_predict.c in the tiff2rgba\n tool in LibTIFF 4.0.6 and earlier allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted TIFF image.(CVE-2016-3622)\n\n - The DumpModeDecode function in libtiff 4.0.6 and\n earlier allows attackers to cause a denial of service\n (invalid read and crash) via a crafted tiff\n image.(CVE-2016-5321)\n\n - The TIFFWriteDirectorySec() function in tif_dirwrite.c\n in LibTIFF through 4.0.9 allows remote attackers to\n cause a denial of service (assertion failure and\n application crash) via a crafted file, a different\n vulnerability than CVE-2017-13726.(CVE-2018-10963)\n\n - There is a reachable assertion abort in the function\n TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to\n tif_dirwrite.c and a SubIFD tag. A crafted input will\n lead to a remote denial of service\n attack.(CVE-2017-13726)\n\n - There is a reachable assertion abort in the function\n TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related\n to tif_dirwrite.c and a SubIFD tag. A crafted input\n will lead to a remote denial of service\n attack.(CVE-2017-13727)\n\n - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.\n A crafted TIFF document can lead to a memory leak\n resulting in a remote denial of service\n attack.(CVE-2017-9936)\n\n - In LibTIFF 4.0.7, a memory leak vulnerability was found\n in the function TIFFReadDirEntryLong8Array in\n tif_dirread.c, which allows attackers to cause a denial\n of service via a crafted file.(CVE-2017-9403)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted TIFF image, related to\n libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)\n\n - tiffsplit in libtiff 4.0.6 allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted file, related to changing td_nstrips in\n TIFF_STRIPCHOP mode.(CVE-2016-9273)\n\n - LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField\n function in tif_dir.c, which might allow remote\n attackers to cause a denial of service (crash) via a\n crafted TIFF file.(CVE-2017-9147)\n\n - Stack-based buffer overflow in the _TIFFVGetField\n function in libtiff 4.0.6 and earlier allows remote\n attackers to crash the application via a crafted\n tiff.(CVE-2016-5318)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a\n NULL pointer dereference in the function LZWDecode in\n the file tif_lzw.c.(CVE-2018-18661)\n\n - TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a\n heap-based buffer over-read, as demonstrated by\n bmp2tiff.(CVE-2018-10779)\n\n - The OJPEGReadHeaderInfoSecTablesDcTable function in\n tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to\n cause a denial of service (memory leak) via a crafted\n image.(CVE-2017-7594)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted TIFF image, related to\n libtiff/tif_read.c:351:22.(CVE-2016-10266)\n\n - Buffer overflow in the readgifimage function in\n gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows\n remote attackers to cause a denial of service\n (segmentation fault) via a crafted gif\n file.(CVE-2016-5102)\n\n - tif_read.c in LibTIFF 4.0.7 does not ensure that\n tif_rawdata is properly initialized, which might allow\n remote attackers to obtain sensitive information from\n process memory via a crafted image.(CVE-2017-7593)\n\n - A NULL Pointer Dereference occurs in the function\n TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when\n using the tiffinfo tool to print crafted TIFF\n information, a different vulnerability than\n CVE-2017-18013. (This affects an earlier part of the\n TIFFPrintDirectory function that was not addressed by\n the CVE-2017-18013 patch.)(CVE-2018-7456)\n\n - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in\n LibTIFF through 4.0.10 mishandle Integer Overflow\n checks because they rely on compiler behavior that is\n undefined by the applicable C standards. This can, for\n example, lead to an application crash.(CVE-2019-14973)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2209\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1833399b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.3-27.h22.eulerosv2r7\",\n \"libtiff-devel-4.0.3-27.h22.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:04:55", "description": "According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.(CVE-2017-17095)\n\n - The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.(CVE-2016-5323)\n\n - The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the '-v' option to -1.(CVE-2016-3624)\n\n - The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.(CVE-2016-3623)\n\n - LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557)\n\n - An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)\n\n - In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\n - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\n - Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.(CVE-2016-10092)\n\n - The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.(CVE-2017-12944)\n\n - In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.(CVE-2017-10688)\n\n - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.(CVE-2016-9539)\n\n - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.(CVE-2016-9538)\n\n - LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7602)\n\n - LibTIFF 4.0.7 has a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7601)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7600)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type short' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7599)\n\n - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7598)\n\n - tif_dirread.c in LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7597)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7596)\n\n - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7595)\n\n - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7592)\n\n - In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.(CVE-2017-9117)\n\n - The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.(CVE-2016-10371)\n\n - The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.(CVE-2016-5321)\n\n - The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.(CVE-2016-3622)\n\n - The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.(CVE-2018-10963)\n\n - There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13727)\n\n - There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13726)\n\n - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.\n A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.(CVE-2017-9936)\n\n - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.(CVE-2017-9403)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)\n\n - tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.(CVE-2016-9273)\n\n - LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.(CVE-2017-9147)\n\n - Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.(CVE-2016-5318)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.(CVE-2018-18661)\n\n - TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.(CVE-2018-10779)\n\n - The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.(CVE-2017-7594)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.(CVE-2016-10266)\n\n - Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.(CVE-2016-5102)\n\n - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.(CVE-2017-7593)\n\n - A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)(CVE-2018-7456)\n\n - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.(CVE-2019-14973)\n\n - tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a 'Negative-size-param' condition.(CVE-2019-17546)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : libtiff (EulerOS-SA-2020-1447)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-10272", "CVE-2016-10371", "CVE-2016-3622", "CVE-2016-3623", "CVE-2016-3624", "CVE-2016-5102", "CVE-2016-5318", "CVE-2016-5321", "CVE-2016-5323", "CVE-2016-9273", "CVE-2016-9538", "CVE-2016-9539", "CVE-2017-10688", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-17095", "CVE-2017-18013", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9117", "CVE-2017-9147", "CVE-2017-9403", "CVE-2017-9936", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-17100", "CVE-2018-17101", "CVE-2018-18557", "CVE-2018-18661", "CVE-2018-7456", "CVE-2018-8905", "CVE-2019-14973", "CVE-2019-17546"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-1447.NASL", "href": "https://www.tenable.com/plugins/nessus/135609", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135609);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10092\",\n \"CVE-2016-10266\",\n \"CVE-2016-10267\",\n \"CVE-2016-10268\",\n \"CVE-2016-10269\",\n \"CVE-2016-10270\",\n \"CVE-2016-10272\",\n \"CVE-2016-10371\",\n \"CVE-2016-3622\",\n \"CVE-2016-3623\",\n \"CVE-2016-3624\",\n \"CVE-2016-5102\",\n \"CVE-2016-5318\",\n \"CVE-2016-5321\",\n \"CVE-2016-5323\",\n \"CVE-2016-9273\",\n \"CVE-2016-9538\",\n \"CVE-2016-9539\",\n \"CVE-2017-10688\",\n \"CVE-2017-12944\",\n \"CVE-2017-13726\",\n \"CVE-2017-13727\",\n \"CVE-2017-17095\",\n \"CVE-2017-7592\",\n \"CVE-2017-7593\",\n \"CVE-2017-7594\",\n \"CVE-2017-7595\",\n \"CVE-2017-7596\",\n \"CVE-2017-7597\",\n \"CVE-2017-7598\",\n \"CVE-2017-7599\",\n \"CVE-2017-7600\",\n \"CVE-2017-7601\",\n \"CVE-2017-7602\",\n \"CVE-2017-9117\",\n \"CVE-2017-9147\",\n \"CVE-2017-9403\",\n \"CVE-2017-9936\",\n \"CVE-2018-10779\",\n \"CVE-2018-10963\",\n \"CVE-2018-17100\",\n \"CVE-2018-17101\",\n \"CVE-2018-18557\",\n \"CVE-2018-18661\",\n \"CVE-2018-7456\",\n \"CVE-2018-8905\",\n \"CVE-2019-14973\",\n \"CVE-2019-17546\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : libtiff (EulerOS-SA-2020-1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows\n remote attackers to cause a denial of service\n (TIFFSetupStrips heap-based buffer overflow and\n application crash) or possibly have unspecified other\n impact via a crafted TIFF file.(CVE-2017-17095)\n\n - The _TIFFFax3fillruns function in libtiff before 4.0.6\n allows remote attackers to cause a denial of service\n (divide-by-zero error and application crash) via a\n crafted Tiff image.The _TIFFFax3fillruns function in\n libtiff before 4.0.6 allows remote attackers to cause a\n denial of service (divide-by-zero error and application\n crash) via a crafted Tiff image.(CVE-2016-5323)\n\n - The cvtClump function in the rgb2ycbcr tool in LibTIFF\n 4.0.6 and earlier allows remote attackers to cause a\n denial of service (out-of-bounds write) by setting the\n '-v' option to -1.(CVE-2016-3624)\n\n - The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows\n remote attackers to cause a denial of service\n (divide-by-zero) by setting the (1) v or (2) h\n parameter to 0.(CVE-2016-3623)\n\n - LibTIFF 4.0.9 (with JBIG enabled) decodes\n arbitrarily-sized JBIG into a buffer, ignoring the\n buffer size, which leads to a tif_jbig.c JBIGDecode\n out-of-bounds write.(CVE-2018-18557)\n\n - An issue was discovered in LibTIFF 4.0.9. There are two\n out-of-bounds writes in cpTags in tools/tiff2bw.c and\n tools/pal2rgb.c, which can cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image file.(CVE-2018-17101)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a\n int32 overflow in multiply_ms in tools/ppm2tiff.c,\n which can cause a denial of service (crash) or possibly\n have unspecified other impact via a crafted image\n file.(CVE-2018-17100)\n\n - In LibTIFF 4.0.9, a heap-based buffer overflow occurs\n in the function LZWDecodeCompat in tif_lzw.c via a\n crafted TIFF file, as demonstrated by\n tiff2ps.(CVE-2018-8905)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer overflow) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'WRITE of size 2048' and\n libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer over-read) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'READ of size 8' and\n libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer over-read) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'READ of size 512' and\n libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\n - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers\n to cause a denial of service (integer underflow and\n heap-based buffer under-read) or possibly have\n unspecified other impact via a crafted TIFF image,\n related to 'READ of size 78490' and\n libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\n - Heap-based buffer overflow in the\n readContigStripsIntoBuffer function in tif_unix.c in\n LibTIFF 4.0.7 allows remote attackers to have\n unspecified impact via a crafted image.(CVE-2016-10092)\n\n - The TIFFReadDirEntryArray function in tif_read.c in\n LibTIFF 4.0.8 mishandles memory allocation for short\n files, which allows remote attackers to cause a denial\n of service (allocation failure and application crash)\n in the TIFFFetchStripThing function in tif_dirread.c\n during a tiff2pdf invocation.(CVE-2017-12944)\n\n - In LibTIFF 4.0.8, there is a assertion abort in the\n TIFFWriteDirectoryTagCheckedLong8Array function in\n tif_dirwrite.c. A crafted input will lead to a remote\n denial of service attack.(CVE-2017-10688)\n\n - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds\n read in readContigTilesIntoBuffer(). Reported as MSVR\n 35092.(CVE-2016-9539)\n\n - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined\n buffer in readContigStripsIntoBuffer() because of a\n uint16 integer overflow. Reported as MSVR\n 35100.(CVE-2016-9538)\n\n - LibTIFF 4.0.7 has a signed integer overflow, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7602)\n\n - LibTIFF 4.0.7 has a 'shift exponent too large for\n 64-bit type long' undefined behavior issue, which might\n allow remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image.(CVE-2017-7601)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type unsigned char' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7600)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type short' undefined behavior\n issue, which might allow remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7599)\n\n - tif_dirread.c in LibTIFF 4.0.7 might allow remote\n attackers to cause a denial of service (divide-by-zero\n error and application crash) via a crafted\n image.(CVE-2017-7598)\n\n - tif_dirread.c in LibTIFF 4.0.7 has an 'outside the\n range of representable values of type float' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7597)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type float' undefined behavior\n issue, which might allow remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7596)\n\n - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF\n 4.0.7 allows remote attackers to cause a denial of\n service (divide-by-zero error and application crash)\n via a crafted image.(CVE-2017-7595)\n\n - The putagreytile function in tif_getimage.c in LibTIFF\n 4.0.7 has a left-shift undefined behavior issue, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7592)\n\n - In LibTIFF 4.0.7, the program processes BMP images\n without verifying that biWidth and biHeight in the\n bitmap-information header match the actual input,\n leading to a heap-based buffer over-read in\n bmp2tiff.(CVE-2017-9117)\n\n - The TIFFWriteDirectoryTagCheckedRational function in\n tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers\n to cause a denial of service (assertion failure and\n application exit) via a crafted TIFF\n file.(CVE-2016-10371)\n\n - The DumpModeDecode function in libtiff 4.0.6 and\n earlier allows attackers to cause a denial of service\n (invalid read and crash) via a crafted tiff\n image.(CVE-2016-5321)\n\n - The fpAcc function in tif_predict.c in the tiff2rgba\n tool in LibTIFF 4.0.6 and earlier allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted TIFF image.(CVE-2016-3622)\n\n - The TIFFWriteDirectorySec() function in tif_dirwrite.c\n in LibTIFF through 4.0.9 allows remote attackers to\n cause a denial of service (assertion failure and\n application crash) via a crafted file, a different\n vulnerability than CVE-2017-13726.(CVE-2018-10963)\n\n - There is a reachable assertion abort in the function\n TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related\n to tif_dirwrite.c and a SubIFD tag. A crafted input\n will lead to a remote denial of service\n attack.(CVE-2017-13727)\n\n - There is a reachable assertion abort in the function\n TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to\n tif_dirwrite.c and a SubIFD tag. A crafted input will\n lead to a remote denial of service\n attack.(CVE-2017-13726)\n\n - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.\n A crafted TIFF document can lead to a memory leak\n resulting in a remote denial of service\n attack.(CVE-2017-9936)\n\n - In LibTIFF 4.0.7, a memory leak vulnerability was found\n in the function TIFFReadDirEntryLong8Array in\n tif_dirread.c, which allows attackers to cause a denial\n of service via a crafted file.(CVE-2017-9403)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted TIFF image, related to\n libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)\n\n - tiffsplit in libtiff 4.0.6 allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted file, related to changing td_nstrips in\n TIFF_STRIPCHOP mode.(CVE-2016-9273)\n\n - LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField\n function in tif_dir.c, which might allow remote\n attackers to cause a denial of service (crash) via a\n crafted TIFF file.(CVE-2017-9147)\n\n - Stack-based buffer overflow in the _TIFFVGetField\n function in libtiff 4.0.6 and earlier allows remote\n attackers to crash the application via a crafted\n tiff.(CVE-2016-5318)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a\n NULL pointer dereference in the function LZWDecode in\n the file tif_lzw.c.(CVE-2018-18661)\n\n - TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a\n heap-based buffer over-read, as demonstrated by\n bmp2tiff.(CVE-2018-10779)\n\n - The OJPEGReadHeaderInfoSecTablesDcTable function in\n tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to\n cause a denial of service (memory leak) via a crafted\n image.(CVE-2017-7594)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted TIFF image, related to\n libtiff/tif_read.c:351:22.(CVE-2016-10266)\n\n - Buffer overflow in the readgifimage function in\n gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows\n remote attackers to cause a denial of service\n (segmentation fault) via a crafted gif\n file.(CVE-2016-5102)\n\n - tif_read.c in LibTIFF 4.0.7 does not ensure that\n tif_rawdata is properly initialized, which might allow\n remote attackers to obtain sensitive information from\n process memory via a crafted image.(CVE-2017-7593)\n\n - A NULL Pointer Dereference occurs in the function\n TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when\n using the tiffinfo tool to print crafted TIFF\n information, a different vulnerability than\n CVE-2017-18013. (This affects an earlier part of the\n TIFFPrintDirectory function that was not addressed by\n the CVE-2017-18013 patch.)(CVE-2018-7456)\n\n - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in\n LibTIFF through 4.0.10 mishandle Integer Overflow\n checks because they rely on compiler behavior that is\n undefined by the applicable C standards. This can, for\n example, lead to an application crash.(CVE-2019-14973)\n\n - tif_getimage.c in LibTIFF through 4.0.10, as used in\n GDAL through 3.0.1 and other products, has an integer\n overflow that potentially causes a heap-based buffer\n overflow via a crafted RGBA image, related to a\n 'Negative-size-param' condition.(CVE-2019-17546)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1447\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abf17028\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.3-27.h22.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:39", "description": "According to the versions of the libtiff package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.(CVE-2016-5323)\n\n - The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the '-v' option to -1.(CVE-2016-3624)\n\n - The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.(CVE-2016-3623)\n\n - LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557)\n\n - An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)\n\n - In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\n - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\n - Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.(CVE-2016-10092)\n\n - The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.(CVE-2017-12944)\n\n - In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.(CVE-2017-10688)\n\n - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.(CVE-2016-9539)\n\n - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.(CVE-2016-9538)\n\n - LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7602)\n\n - LibTIFF 4.0.7 has a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7601)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7600)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type short' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7599)\n\n - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7598)\n\n - tif_dirread.c in LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7597)\n\n - LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7596)\n\n - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7595)\n\n - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7592)\n\n - In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.(CVE-2017-9117)\n\n - The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.(CVE-2016-10371)\n\n - The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.(CVE-2016-5321)\n\n - The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.(CVE-2016-3622)\n\n - The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.(CVE-2018-10963)\n\n - There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13727)\n\n - There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13726)\n\n - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.\n A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.(CVE-2017-9936)\n\n - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.(CVE-2017-9403)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)\n\n - An out-of-bounds heap read was discovered in libtiff. A crafted file could cause the application to crash or, potentially, disclose process memory.(CVE-2016-9273)\n\n - LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.(CVE-2017-9147)\n\n - Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.(CVE-2016-5318)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.(CVE-2018-18661)\n\n - TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.(CVE-2018-10779)\n\n - The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.(CVE-2017-7594)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.(CVE-2016-10266)\n\n - Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.(CVE-2016-5102)\n\n - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.(CVE-2017-7593)\n\n - A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)(CVE-2018-7456)\n\n - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.(CVE-2019-14973)\n\n - tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a 'Negative-size-param' condition.(CVE-2019-17546)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : libtiff (EulerOS-SA-2020-1235)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-10272", "CVE-2016-10371", "CVE-2016-3622", "CVE-2016-3623", "CVE-2016-3624", "CVE-2016-5102", "CVE-2016-5318", "CVE-2016-5321", "CVE-2016-5323", "CVE-2016-9273", "CVE-2016-9538", "CVE-2016-9539", "CVE-2017-10688", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-18013", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9117", "CVE-2017-9147", "CVE-2017-9403", "CVE-2017-9936", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-17100", "CVE-2018-17101", "CVE-2018-18557", "CVE-2018-18661", "CVE-2018-7456", "CVE-2018-8905", "CVE-2019-14973", "CVE-2019-17546"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1235.NASL", "href": "https://www.tenable.com/plugins/nessus/134524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134524);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10092\",\n \"CVE-2016-10266\",\n \"CVE-2016-10267\",\n \"CVE-2016-10268\",\n \"CVE-2016-10269\",\n \"CVE-2016-10270\",\n \"CVE-2016-10272\",\n \"CVE-2016-10371\",\n \"CVE-2016-3622\",\n \"CVE-2016-3623\",\n \"CVE-2016-3624\",\n \"CVE-2016-5102\",\n \"CVE-2016-5318\",\n \"CVE-2016-5321\",\n \"CVE-2016-5323\",\n \"CVE-2016-9273\",\n \"CVE-2016-9538\",\n \"CVE-2016-9539\",\n \"CVE-2017-10688\",\n \"CVE-2017-12944\",\n \"CVE-2017-13726\",\n \"CVE-2017-13727\",\n \"CVE-2017-7592\",\n \"CVE-2017-7593\",\n \"CVE-2017-7594\",\n \"CVE-2017-7595\",\n \"CVE-2017-7596\",\n \"CVE-2017-7597\",\n \"CVE-2017-7598\",\n \"CVE-2017-7599\",\n \"CVE-2017-7600\",\n \"CVE-2017-7601\",\n \"CVE-2017-7602\",\n \"CVE-2017-9117\",\n \"CVE-2017-9147\",\n \"CVE-2017-9403\",\n \"CVE-2017-9936\",\n \"CVE-2018-10779\",\n \"CVE-2018-10963\",\n \"CVE-2018-17100\",\n \"CVE-2018-17101\",\n \"CVE-2018-18557\",\n \"CVE-2018-18661\",\n \"CVE-2018-7456\",\n \"CVE-2018-8905\",\n \"CVE-2019-14973\",\n \"CVE-2019-17546\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : libtiff (EulerOS-SA-2020-1235)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The _TIFFFax3fillruns function in libtiff before 4.0.6\n allows remote attackers to cause a denial of service\n (divide-by-zero error and application crash) via a\n crafted Tiff image.(CVE-2016-5323)\n\n - The cvtClump function in the rgb2ycbcr tool in LibTIFF\n 4.0.6 and earlier allows remote attackers to cause a\n denial of service (out-of-bounds write) by setting the\n '-v' option to -1.(CVE-2016-3624)\n\n - The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows\n remote attackers to cause a denial of service\n (divide-by-zero) by setting the (1) v or (2) h\n parameter to 0.(CVE-2016-3623)\n\n - LibTIFF 4.0.9 (with JBIG enabled) decodes\n arbitrarily-sized JBIG into a buffer, ignoring the\n buffer size, which leads to a tif_jbig.c JBIGDecode\n out-of-bounds write.(CVE-2018-18557)\n\n - An issue was discovered in LibTIFF 4.0.9. There are two\n out-of-bounds writes in cpTags in tools/tiff2bw.c and\n tools/pal2rgb.c, which can cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image file.(CVE-2018-17101)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a\n int32 overflow in multiply_ms in tools/ppm2tiff.c,\n which can cause a denial of service (crash) or possibly\n have unspecified other impact via a crafted image\n file.(CVE-2018-17100)\n\n - In LibTIFF 4.0.9, a heap-based buffer overflow occurs\n in the function LZWDecodeCompat in tif_lzw.c via a\n crafted TIFF file, as demonstrated by\n tiff2ps.(CVE-2018-8905)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer overflow) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'WRITE of size 2048' and\n libtiff/tif_next.c:64:9.(CVE-2016-10272)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer over-read) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'READ of size 8' and\n libtiff/tif_read.c:523:22.(CVE-2016-10270)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (heap-based buffer over-read) or possibly\n have unspecified other impact via a crafted TIFF image,\n related to 'READ of size 512' and\n libtiff/tif_unix.c:340:2.(CVE-2016-10269)\n\n - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers\n to cause a denial of service (integer underflow and\n heap-based buffer under-read) or possibly have\n unspecified other impact via a crafted TIFF image,\n related to 'READ of size 78490' and\n libtiff/tif_unix.c:115:23.(CVE-2016-10268)\n\n - Heap-based buffer overflow in the\n readContigStripsIntoBuffer function in tif_unix.c in\n LibTIFF 4.0.7 allows remote attackers to have\n unspecified impact via a crafted image.(CVE-2016-10092)\n\n - The TIFFReadDirEntryArray function in tif_read.c in\n LibTIFF 4.0.8 mishandles memory allocation for short\n files, which allows remote attackers to cause a denial\n of service (allocation failure and application crash)\n in the TIFFFetchStripThing function in tif_dirread.c\n during a tiff2pdf invocation.(CVE-2017-12944)\n\n - In LibTIFF 4.0.8, there is a assertion abort in the\n TIFFWriteDirectoryTagCheckedLong8Array function in\n tif_dirwrite.c. A crafted input will lead to a remote\n denial of service attack.(CVE-2017-10688)\n\n - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds\n read in readContigTilesIntoBuffer(). Reported as MSVR\n 35092.(CVE-2016-9539)\n\n - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined\n buffer in readContigStripsIntoBuffer() because of a\n uint16 integer overflow. Reported as MSVR\n 35100.(CVE-2016-9538)\n\n - LibTIFF 4.0.7 has a signed integer overflow, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7602)\n\n - LibTIFF 4.0.7 has a 'shift exponent too large for\n 64-bit type long' undefined behavior issue, which might\n allow remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image.(CVE-2017-7601)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type unsigned char' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7600)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type short' undefined behavior\n issue, which might allow remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7599)\n\n - tif_dirread.c in LibTIFF 4.0.7 might allow remote\n attackers to cause a denial of service (divide-by-zero\n error and application crash) via a crafted\n image.(CVE-2017-7598)\n\n - tif_dirread.c in LibTIFF 4.0.7 has an 'outside the\n range of representable values of type float' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7597)\n\n - LibTIFF 4.0.7 has an 'outside the range of\n representable values of type float' undefined behavior\n issue, which might allow remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7596)\n\n - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF\n 4.0.7 allows remote attackers to cause a denial of\n service (divide-by-zero error and application crash)\n via a crafted image.(CVE-2017-7595)\n\n - The putagreytile function in tif_getimage.c in LibTIFF\n 4.0.7 has a left-shift undefined behavior issue, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7592)\n\n - In LibTIFF 4.0.7, the program processes BMP images\n without verifying that biWidth and biHeight in the\n bitmap-information header match the actual input,\n leading to a heap-based buffer over-read in\n bmp2tiff.(CVE-2017-9117)\n\n - The TIFFWriteDirectoryTagCheckedRational function in\n tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers\n to cause a denial of service (assertion failure and\n application exit) via a crafted TIFF\n file.(CVE-2016-10371)\n\n - The DumpModeDecode function in libtiff 4.0.6 and\n earlier allows attackers to cause a denial of service\n (invalid read and crash) via a crafted tiff\n image.(CVE-2016-5321)\n\n - The fpAcc function in tif_predict.c in the tiff2rgba\n tool in LibTIFF 4.0.6 and earlier allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted TIFF image.(CVE-2016-3622)\n\n - The TIFFWriteDirectorySec() function in tif_dirwrite.c\n in LibTIFF through 4.0.9 allows remote attackers to\n cause a denial of service (assertion failure and\n application crash) via a crafted file, a different\n vulnerability than CVE-2017-13726.(CVE-2018-10963)\n\n - There is a reachable assertion abort in the function\n TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related\n to tif_dirwrite.c and a SubIFD tag. A crafted input\n will lead to a remote denial of service\n attack.(CVE-2017-13727)\n\n - There is a reachable assertion abort in the function\n TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to\n tif_dirwrite.c and a SubIFD tag. A crafted input will\n lead to a remote denial of service\n attack.(CVE-2017-13726)\n\n - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.\n A crafted TIFF document can lead to a memory leak\n resulting in a remote denial of service\n attack.(CVE-2017-9936)\n\n - In LibTIFF 4.0.7, a memory leak vulnerability was found\n in the function TIFFReadDirEntryLong8Array in\n tif_dirread.c, which allows attackers to cause a denial\n of service via a crafted file.(CVE-2017-9403)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted TIFF image, related to\n libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)\n\n - An out-of-bounds heap read was discovered in libtiff. A\n crafted file could cause the application to crash or,\n potentially, disclose process memory.(CVE-2016-9273)\n\n - LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField\n function in tif_dir.c, which might allow remote\n attackers to cause a denial of service (crash) via a\n crafted TIFF file.(CVE-2017-9147)\n\n - Stack-based buffer overflow in the _TIFFVGetField\n function in libtiff 4.0.6 and earlier allows remote\n attackers to crash the application via a crafted\n tiff.(CVE-2016-5318)\n\n - An issue was discovered in LibTIFF 4.0.9. There is a\n NULL pointer dereference in the function LZWDecode in\n the file tif_lzw.c.(CVE-2018-18661)\n\n - TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a\n heap-based buffer over-read, as demonstrated by\n bmp2tiff.(CVE-2018-10779)\n\n - The OJPEGReadHeaderInfoSecTablesDcTable function in\n tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to\n cause a denial of service (memory leak) via a crafted\n image.(CVE-2017-7594)\n\n - LibTIFF 4.0.7 allows remote attackers to cause a denial\n of service (divide-by-zero error and application crash)\n via a crafted TIFF image, related to\n libtiff/tif_read.c:351:22.(CVE-2016-10266)\n\n - Buffer overflow in the readgifimage function in\n gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows\n remote attackers to cause a denial of service\n (segmentation fault) via a crafted gif\n file.(CVE-2016-5102)\n\n - tif_read.c in LibTIFF 4.0.7 does not ensure that\n tif_rawdata is properly initialized, which might allow\n remote attackers to obtain sensitive information from\n process memory via a crafted image.(CVE-2017-7593)\n\n - A NULL Pointer Dereference occurs in the function\n TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when\n using the tiffinfo tool to print crafted TIFF\n information, a different vulnerability than\n CVE-2017-18013. (This affects an earlier part of the\n TIFFPrintDirectory function that was not addressed by\n the CVE-2017-18013 patch.)(CVE-2018-7456)\n\n - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in\n LibTIFF through 4.0.10 mishandle Integer Overflow\n checks because they rely on compiler behavior that is\n undefined by the applicable C standards. This can, for\n example, lead to an application crash.(CVE-2019-14973)\n\n - tif_getimage.c in LibTIFF through 4.0.10, as used in\n GDAL through 3.0.1 and other products, has an integer\n overflow that potentially causes a heap-based buffer\n overflow via a crafted RGBA image, related to a\n 'Negative-size-param' condition.(CVE-2019-17546)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1235\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?470ca94b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.3-27.h22\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:34", "description": "According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. Security Fix(es):There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13727)The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7592)An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.(CVE-2017-7593)The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.(CVE-2017-7594)The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7595)LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7596)tif_dirread.c in LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7597)LibTIFF 4.0.7 has an 'outside the range of representable values of type short' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7599)LibTIFF 4.0.7 has an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7600)tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7598)LibTIFF 4.0.7 has a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7601)LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7602)LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.(CVE-2017-5563)In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.(CVE-2017-9117)In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.(CVE-2017-9403)In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.(CVE-2017-9936)In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.(CVE-2016-10092)LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272)LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.(CVE-2016-10266)LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)tools/tiffcp.\n c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23.(CVE-2016-10268)LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269)LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270)The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.(CVE-2016-10371)Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.(CVE-2016-3186)The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.(CVE-2016-3622)tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.(CVE-2016-9273)tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.(CVE-2016-9538)tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.(CVE-2016-9539)In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.(CVE-2017-10688)The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.(CVE-2017-12944)There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13726)tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a 'Negative-size-param' condition.(CVE-2019-17546)_TIFFCheckMalloc and\n _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.(CVE-2019-14973)Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.(CVE-2016-5102)** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.(CVE-2017-16232)An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.(CVE-2018-18661)The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.(CVE-2016-3623)The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the '-v' option to -1.(CVE-2016-3624)Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.(CVE-2016-5318)LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.(CVE-2017-9147)The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.(CVE-2016-5323)The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.(CVE-2016-5321)The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.(CVE-2016-6223)Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.(CVE-2016-9532)The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.(CVE-2018-10963)Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.(CVE-2018-12900)An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101)LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557)In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.(CVE-2018-19210)The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.(CVE-2019-6128)An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.(CVE-2019-7663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libtiff (EulerOS-SA-2019-2466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10092", "CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-10272", "CVE-2016-10371", "CVE-2016-3186", "CVE-2016-3622", "CVE-2016-3623", "CVE-2016-3624", "CVE-2016-5102", "CVE-2016-5318", "CVE-2016-5321", "CVE-2016-5323", "CVE-2016-6223", "CVE-2016-9273", "CVE-2016-9532", "CVE-2016-9538", "CVE-2016-9539", "CVE-2017-10688", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-16232", "CVE-2017-5563", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9117", "CVE-2017-9147", "CVE-2017-9403", "CVE-2017-9936", "CVE-2018-10963", "CVE-2018-12900", "CVE-2018-17100", "CVE-2018-17101", "CVE-2018-18557", "CVE-2018-18661", "CVE-2018-19210", "CVE-2018-8905", "CVE-2019-14973", "CVE-2019-17546", "CVE-2019-6128", "CVE-2019-7663"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "p-cpe:/a:huawei:euleros:libtiff-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2466.NASL", "href": "https://www.tenable.com/plugins/nessus/131619", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131619);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10092\",\n \"CVE-2016-10266\",\n \"CVE-2016-10267\",\n \"CVE-2016-10268\",\n \"CVE-2016-10269\",\n \"CVE-2016-10270\",\n \"CVE-2016-10272\",\n \"CVE-2016-10371\",\n \"CVE-2016-3186\",\n \"CVE-2016-3622\",\n \"CVE-2016-3623\",\n \"CVE-2016-3624\",\n \"CVE-2016-5102\",\n \"CVE-2016-5318\",\n \"CVE-2016-5321\",\n \"CVE-2016-5323\",\n \"CVE-2016-6223\",\n \"CVE-2016-9273\",\n \"CVE-2016-9532\",\n \"CVE-2016-9538\",\n \"CVE-2016-9539\",\n \"CVE-2017-10688\",\n \"CVE-2017-12944\",\n \"CVE-2017-13726\",\n \"CVE-2017-13727\",\n \"CVE-2017-16232\",\n \"CVE-2017-5563\",\n \"CVE-2017-7592\",\n \"CVE-2017-7593\",\n \"CVE-2017-7594\",\n \"CVE-2017-7595\",\n \"CVE-2017-7596\",\n \"CVE-2017-7597\",\n \"CVE-2017-7598\",\n \"CVE-2017-7599\",\n \"CVE-2017-7600\",\n \"CVE-2017-7601\",\n \"CVE-2017-7602\",\n \"CVE-2017-9117\",\n \"CVE-2017-9147\",\n \"CVE-2017-9403\",\n \"CVE-2017-9936\",\n \"CVE-2018-10963\",\n \"CVE-2018-12900\",\n \"CVE-2018-17100\",\n \"CVE-2018-17101\",\n \"CVE-2018-18557\",\n \"CVE-2018-18661\",\n \"CVE-2018-19210\",\n \"CVE-2018-8905\",\n \"CVE-2019-14973\",\n \"CVE-2019-17546\",\n \"CVE-2019-6128\",\n \"CVE-2019-7663\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libtiff (EulerOS-SA-2019-2466)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The libtiff package contains a library of functions for\n manipulating TIFF (Tagged Image File Format) image\n format files. TIFF is a widely used file format for\n bitmapped images. TIFF files usually end in the .tif\n extension and they are often quite large. The libtiff\n package should be installed if you need to manipulate\n TIFF format image files. Security Fix(es):There is a\n reachable assertion abort in the function\n TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related\n to tif_dirwrite.c and a SubIFD tag. A crafted input\n will lead to a remote denial of service\n attack.(CVE-2017-13727)The putagreytile function in\n tif_getimage.c in LibTIFF 4.0.7 has a left-shift\n undefined behavior issue, which might allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image.(CVE-2017-7592)An issue was discovered in\n LibTIFF 4.0.9. There is a int32 overflow in multiply_ms\n in tools/ppm2tiff.c, which can cause a denial of\n service (crash) or possibly have unspecified other\n impact via a crafted image\n file.(CVE-2018-17100)tif_read.c in LibTIFF 4.0.7 does\n not ensure that tif_rawdata is properly initialized,\n which might allow remote attackers to obtain sensitive\n information from process memory via a crafted\n image.(CVE-2017-7593)The\n OJPEGReadHeaderInfoSecTablesDcTable function in\n tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to\n cause a denial of service (memory leak) via a crafted\n image.(CVE-2017-7594)The JPEGSetupEncode function in\n tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to\n cause a denial of service (divide-by-zero error and\n application crash) via a crafted\n image.(CVE-2017-7595)LibTIFF 4.0.7 has an 'outside the\n range of representable values of type float' undefined\n behavior issue, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7596)tif_dirread.c in LibTIFF 4.0.7 has\n an 'outside the range of representable values of type\n float' undefined behavior issue, which might allow\n remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image.(CVE-2017-7597)LibTIFF 4.0.7\n has an 'outside the range of representable values of\n type short' undefined behavior issue, which might allow\n remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via a crafted image.(CVE-2017-7599)LibTIFF 4.0.7\n has an 'outside the range of representable values of\n type unsigned char' undefined behavior issue, which\n might allow remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted\n image.(CVE-2017-7600)tif_dirread.c in LibTIFF 4.0.7\n might allow remote attackers to cause a denial of\n service (divide-by-zero error and application crash)\n via a crafted image.(CVE-2017-7598)LibTIFF 4.0.7 has a\n 'shift exponent too large for 64-bit type long'\n undefined behavior issue, which might allow remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted image.(CVE-2017-7601)LibTIFF 4.0.7 has a signed\n integer overflow, which might allow remote attackers to\n cause a denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-7602)LibTIFF version 4.0.7 is\n vulnerable to a heap-based buffer over-read in\n tif_lzw.c resulting in DoS or code execution via a\n crafted bmp image to tools/bmp2tiff.(CVE-2017-5563)In\n LibTIFF 4.0.7, the program processes BMP images without\n verifying that biWidth and biHeight in the\n bitmap-information header match the actual input,\n leading to a heap-based buffer over-read in\n bmp2tiff.(CVE-2017-9117)In LibTIFF 4.0.7, a memory leak\n vulnerability was found in the function\n TIFFReadDirEntryLong8Array in tif_dirread.c, which\n allows attackers to cause a denial of service via a\n crafted file.(CVE-2017-9403)In LibTIFF 4.0.8, there is\n a memory leak in tif_jbig.c. A crafted TIFF document\n can lead to a memory leak resulting in a remote denial\n of service attack.(CVE-2017-9936)In LibTIFF 4.0.9, a\n heap-based buffer overflow occurs in the function\n LZWDecodeCompat in tif_lzw.c via a crafted TIFF file,\n as demonstrated by tiff2ps.(CVE-2018-8905)Heap-based\n buffer overflow in the readContigStripsIntoBuffer\n function in tif_unix.c in LibTIFF 4.0.7 allows remote\n attackers to have unspecified impact via a crafted\n image.(CVE-2016-10092)LibTIFF 4.0.7 allows remote\n attackers to cause a denial of service (heap-based\n buffer overflow) or possibly have unspecified other\n impact via a crafted TIFF image, related to 'WRITE of\n size 2048' and\n libtiff/tif_next.c:64:9.(CVE-2016-10272)LibTIFF 4.0.7\n allows remote attackers to cause a denial of service\n (divide-by-zero error and application crash) via a\n crafted TIFF image, related to\n libtiff/tif_read.c:351:22.(CVE-2016-10266)LibTIFF 4.0.7\n allows remote attackers to cause a denial of service\n (divide-by-zero error and application crash) via a\n crafted TIFF image, related to\n libtiff/tif_ojpeg.c:816:8.(CVE-2016-10267)tools/tiffcp.\n c in LibTIFF 4.0.7 allows remote attackers to cause a\n denial of service (integer underflow and heap-based\n buffer under-read) or possibly have unspecified other\n impact via a crafted TIFF image, related to 'READ of\n size 78490' and\n libtiff/tif_unix.c:115:23.(CVE-2016-10268)LibTIFF 4.0.7\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read) or possibly have\n unspecified other impact via a crafted TIFF image,\n related to 'READ of size 512' and\n libtiff/tif_unix.c:340:2.(CVE-2016-10269)LibTIFF 4.0.7\n allows remote attackers to cause a denial of service\n (heap-based buffer over-read) or possibly have\n unspecified other impact via a crafted TIFF image,\n related to 'READ of size 8' and\n libtiff/tif_read.c:523:22.(CVE-2016-10270)The\n TIFFWriteDirectoryTagCheckedRational function in\n tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers\n to cause a denial of service (assertion failure and\n application exit) via a crafted TIFF\n file.(CVE-2016-10371)Buffer overflow in the\n readextension function in gif2tiff.c in LibTIFF 4.0.6\n allows remote attackers to cause a denial of service\n (application crash) via a crafted GIF\n file.(CVE-2016-3186)The fpAcc function in tif_predict.c\n in the tiff2rgba tool in LibTIFF 4.0.6 and earlier\n allows remote attackers to cause a denial of service\n (divide-by-zero error) via a crafted TIFF\n image.(CVE-2016-3622)tiffsplit in libtiff 4.0.6 allows\n remote attackers to cause a denial of service\n (out-of-bounds read) via a crafted file, related to\n changing td_nstrips in TIFF_STRIPCHOP\n mode.(CVE-2016-9273)tools/tiffcrop.c in libtiff 4.0.6\n reads an undefined buffer in\n readContigStripsIntoBuffer() because of a uint16\n integer overflow. Reported as MSVR\n 35100.(CVE-2016-9538)tools/tiffcrop.c in libtiff 4.0.6\n has an out-of-bounds read in\n readContigTilesIntoBuffer(). Reported as MSVR\n 35092.(CVE-2016-9539)In LibTIFF 4.0.8, there is a\n assertion abort in the\n TIFFWriteDirectoryTagCheckedLong8Array function in\n tif_dirwrite.c. A crafted input will lead to a remote\n denial of service attack.(CVE-2017-10688)The\n TIFFReadDirEntryArray function in tif_read.c in LibTIFF\n 4.0.8 mishandles memory allocation for short files,\n which allows remote attackers to cause a denial of\n service (allocation failure and application crash) in\n the TIFFFetchStripThing function in tif_dirread.c\n during a tiff2pdf invocation.(CVE-2017-12944)There is a\n reachable assertion abort in the function\n TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to\n tif_dirwrite.c and a SubIFD tag. A crafted input will\n lead to a remote denial of service\n attack.(CVE-2017-13726)tif_getimage.c in LibTIFF\n through 4.0.10, as used in GDAL through 3.0.1 and other\n products, has an integer overflow that potentially\n causes a heap-based buffer overflow via a crafted RGBA\n image, related to a 'Negative-size-param'\n condition.(CVE-2019-17546)_TIFFCheckMalloc and\n _TIFFCheckRealloc in tif_aux.c in LibTIFF through\n 4.0.10 mishandle Integer Overflow checks because they\n rely on compiler behavior that is undefined by the\n applicable C standards. This can, for example, lead to\n an application crash.(CVE-2019-14973)Buffer overflow in\n the readgifimage function in gif2tiff.c in the gif2tiff\n tool in LibTIFF 4.0.6 allows remote attackers to cause\n a denial of service (segmentation fault) via a crafted\n gif file.(CVE-2016-5102)** DISPUTED ** LibTIFF 4.0.8\n has multiple memory leak vulnerabilities, which allow\n attackers to cause a denial of service (memory\n consumption), as demonstrated by tif_open.c, tif_lzw.c,\n and tif_aux.c. NOTE: Third parties were unable to\n reproduce the issue.(CVE-2017-16232)An issue was\n discovered in LibTIFF 4.0.9. There is a NULL pointer\n dereference in the function LZWDecode in the file\n tif_lzw.c.(CVE-2018-18661)The rgb2ycbcr tool in LibTIFF\n 4.0.6 and earlier allows remote attackers to cause a\n denial of service (divide-by-zero) by setting the (1) v\n or (2) h parameter to 0.(CVE-2016-3623)The cvtClump\n function in the rgb2ycbcr tool in LibTIFF 4.0.6 and\n earlier allows remote attackers to cause a denial of\n service (out-of-bounds write) by setting the '-v'\n option to -1.(CVE-2016-3624)Stack-based buffer overflow\n in the _TIFFVGetField function in libtiff 4.0.6 and\n earlier allows remote attackers to crash the\n application via a crafted tiff.(CVE-2016-5318)LibTIFF\n 4.0.7 has an invalid read in the _TIFFVGetField\n function in tif_dir.c, which might allow remote\n attackers to cause a denial of service (crash) via a\n crafted TIFF file.(CVE-2017-9147)The _TIFFFax3fillruns\n function in libtiff before 4.0.6 allows remote\n attackers to cause a denial of service (divide-by-zero\n error and application crash) via a crafted Tiff\n image.(CVE-2016-5323)The DumpModeDecode function in\n libtiff 4.0.6 and earlier allows attackers to cause a\n denial of service (invalid read and crash) via a\n crafted tiff image.(CVE-2016-5321)The TIFFReadRawStrip1\n and TIFFReadRawTile1 functions in tif_read.c in libtiff\n before 4.0.7 allows remote attackers to cause a denial\n of service (crash) or possibly obtain sensitive\n information via a negative index in a file-content\n buffer.(CVE-2016-6223)Integer overflow in the\n writeBufferToSeparateStrips function in tiffcrop.c in\n LibTIFF before 4.0.7 allows remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n tif file.(CVE-2016-9532)The TIFFWriteDirectorySec()\n function in tif_dirwrite.c in LibTIFF through 4.0.9\n allows remote attackers to cause a denial of service\n (assertion failure and application crash) via a crafted\n file, a different vulnerability than\n CVE-2017-13726.(CVE-2018-10963)Heap-based buffer\n overflow in the cpSeparateBufToContigBuf function in\n tiffcp.c in LibTIFF 4.0.9 allows remote attackers to\n cause a denial of service (crash) or possibly have\n unspecified other impact via a crafted TIFF\n file.(CVE-2018-12900)An issue was discovered in LibTIFF\n 4.0.9. There are two out-of-bounds writes in cpTags in\n tools/tiff2bw.c and tools/pal2rgb.c, which can cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted image\n file.(CVE-2018-17101)LibTIFF 4.0.9 (with JBIG enabled)\n decodes arbitrarily-sized JBIG into a buffer, ignoring\n the buffer size, which leads to a tif_jbig.c JBIGDecode\n out-of-bounds write.(CVE-2018-18557)In LibTIFF 4.0.9,\n there is a NULL pointer dereference in the\n TIFFWriteDirectorySec function in tif_dirwrite.c that\n will lead to a denial of service attack, as\n demonstrated by tiffset.(CVE-2018-19210)The TIFFFdOpen\n function in tif_unix.c in LibTIFF 4.0.10 has a memory\n leak, as demonstrated by pal2rgb.(CVE-2019-6128)An\n Invalid Address dereference was discovered in\n TIFFWriteDirectoryTagTransferfunction in\n libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the\n cpSeparateBufToContigBuf function in tiffcp.c. Remote\n attackers could leverage this vulnerability to cause a\n denial-of-service via a crafted tiff file. This is\n different from CVE-2018-12900.(CVE-2019-7663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2466\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fc9e3a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.3-27.h18\",\n \"libtiff-devel-4.0.3-27.h18\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2023-06-05T18:23:47", "description": "Arch Linux Security Advisory ASA-201704-10\n==========================================\n\nSeverity: Medium\nDate : 2017-04-28\nCVE-ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595\nCVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599\nCVE-2017-7600 CVE-2017-7601 CVE-2017-7602\nPackage : libtiff\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-237\n\nSummary\n=======\n\nThe package libtiff before version 4.0.7-3 is vulnerable to multiple\nissues including denial of service and information disclosure.\n\nResolution\n==========\n\nUpgrade to 4.0.7-3.\n\n# pacman -Syu \"libtiff>=4.0.7-3\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-7592 (denial of service)\n\nA security issue has been found in libtiff <= 4.0.7, where a crafted\nTIFF file can trigger an undefined behavior in putagreytile().\n\n- CVE-2017-7593 (information disclosure)\n\nA security issue has been found in libtiff < 4.0.7, where a crafted\ntiff image can cause a unitialized-memory access in tif_rawdata(),\nleading to information leakage.\n\n- CVE-2017-7594 (denial of service)\n\nA security issue has been found in libtiff < 4.0.7, where a crafted\ntiff image can cause a memory leak in\nOJPEGReadHeaderInfoSecTablesAcTable().\n\n- CVE-2017-7595 (denial of service)\n\nA security issue has been found in libtiff < 4.0.7, where a crafted\ntiff image can cause a division by zero in JPEGSetupEncode(), leading\nto denial of service.\n\n- CVE-2017-7596 (denial of service)\n\nA security issue has been found in libtiff <= 4.0.7, where a crafted\nTIFF file can trigger an undefined behavior.\n\n- CVE-2017-7597 (denial of service)\n\nA security issue has been found in libtiff <= 4.0.7, where a crafted\nTIFF file can trigger an undefined behavior.\n\n- CVE-2017-7598 (denial of service)\n\nA security issue has been found in libtiff <= 4.0.7, where a crafted\nTIFF file can trigger a division by zero in\nTIFFReadDirEntryCheckedRational() or\nTIFFReadDirEntryCheckedSrational(), leading to denial of service\n\n- CVE-2017-7599 (denial of service)\n\nA security issue has been found in libtiff <= 4.0.7, where a crafted\nTIFF file can trigger an undefined behavior.\n\n- CVE-2017-7600 (denial of service)\n\nA security issue has been found in libtiff <= 4.0.7, where a crafted\nTIFF file can trigger an undefined behavior.\n\n- CVE-2017-7601 (denial of service)\n\nA security issue has been found in libtiff <= 4.0.7, where a crafted\nTIFF file can trigger an undefined behavior (invalid shift exponent) in\nJPEGSetupEncode().\n\n- CVE-2017-7602 (denial of service)\n\nA security issue has been found in libtiff <= 4.0.7, where a crafted\nTIFF file can trigger an undefined behavior in TIFFReadRawStrip1().\n\nImpact\n======\n\nA remote attacker can access sensitive information and cause an\napplication crash via a crafted TIFF file.\n\nReferences\n==========\n\nhttp://seclists.org/oss-sec/2017/q2/35\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2658\nhttps://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b\nhttp://seclists.org/oss-sec/2017/q2/36\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2651\nhttps://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1\nhttps://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2659\nhttp://seclists.org/oss-sec/2017/q2/37\nhttps://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c/\nhttps://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122\nhttp://seclists.org/oss-sec/2017/q2/38\nhttp://seclists.org/oss-sec/2017/q2/39\nhttps://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490\nhttps://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8\nhttps://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490\nhttps://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4\nhttps://security.archlinux.org/CVE-2017-7592\nhttps://security.archlinux.org/CVE-2017-7593\nhttps://security.archlinux.org/CVE-2017-7594\nhttps://security.archlinux.org/CVE-2017-7595\nhttps://security.archlinux.org/CVE-2017-7596\nhttps://security.archlinux.org/CVE-2017-7597\nhttps://security.archlinux.org/CVE-2017-7598\nhttps://security.archlinux.org/CVE-2017-7599\nhttps://security.archlinux.org/CVE-2017-7600\nhttps://security.archlinux.org/CVE-2017-7601\nhttps://security.archlinux.org/CVE-2017-7602", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-28T00:00:00", "type": "archlinux", "title": "[ASA-201704-10] libtiff: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2017-04-28T00:00:00", "id": "ASA-201704-10", "href": "https://security.archlinux.org/ASA-201704-10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-23T15:10:47", "description": "\n\nNVD reports:\n\nPlease reference CVE/URL list for details\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "freebsd", "title": "tiff -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5225", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2017-04-01T00:00:00", "id": "2A96E498-3234-4950-A9AD-419BC84A839D", "href": "https://vuxml.freebsd.org/freebsd/2a96e498-3234-4950-a9ad-419bc84a839d.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-09-24T09:56:41", "description": "### Background\n\nThe TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. \n\n### Description\n\nMultiple vulnerabilities have been discovered in LibTIFF. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker, by enticing the user to process a specially crafted TIFF file, could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll LibTIFF users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-4.0.8\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-26T00:00:00", "type": "gentoo", "title": "libTIFF: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10267", "CVE-2016-10268", "CVE-2017-5225", "CVE-2017-5563", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9403"], "modified": "2017-09-26T00:00:00", "id": "GLSA-201709-27", "href": "https://security.gentoo.org/glsa/201709-27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:12:03", "description": "\nMultiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service, memory\ndisclosure or the execution of arbitrary code.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u3.\n\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.0.7-6.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.7-6.\n\n\nWe recommend that you upgrade your tiff packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-03T00:00:00", "type": "osv", "title": "tiff - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10266", "CVE-2017-7597", "CVE-2016-3658", "CVE-2016-10270", "CVE-2017-7601", "CVE-2016-9535", "CVE-2017-7600", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-7599", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2016-10267", "CVE-2017-5225"], "modified": "2022-08-10T07:12:00", "id": "OSV:DSA-3844-1", "href": "https://osv.dev/vulnerability/DSA-3844-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-09-24T09:29:40", "description": "Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. (CVE-2016-10092) Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. (CVE-2016-10093) Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. (CVE-2016-10094) Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. (CVE-2016-10095) LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. (CVE-2017-5225) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (CVE-2016-10266) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (CVE-2016-10267) tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 78490\" and libtiff/tif_unix.c:115:23. (CVE-2016-10268) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 512\" and libtiff/tif_unix.c:340:2. (CVE-2016-10269) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 8\" and libtiff/tif_read.c:523:22. (CVE-2016-10270) tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 1\" and libtiff/tif_fax3.c:413:13. (CVE-2016-10271) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"WRITE of size 2048\" and libtiff/tif_next.c:64:9. (CVE-2016-10272) The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7592) tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. (CVE-2017-7593) The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. (CVE-2017-7594) The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (CVE-2017-7595) LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7596) tif_dirread.c in LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7597) tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (CVE-2017-7598) LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7599) LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7600) LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7601) LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7602) The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. (CVE-2016-3658) tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\" (CVE-2016-9535) libtiff: out-of-bounds write in multiple tools. (CVE-2014-8128) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-01T07:04:05", "type": "mageia", "title": "Updated libtiff packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8128", "CVE-2016-10092", "CVE-2016-10093", "CVE-2016-10094", "CVE-2016-10095", "CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-10271", "CVE-2016-10272", "CVE-2016-3658", "CVE-2016-9535", "CVE-2017-5225", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602"], "modified": "2017-07-01T07:04:05", "id": "MGASA-2017-0199", "href": "https://advisories.mageia.org/MGASA-2017-0199.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-09-18T01:52:13", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * tiff \\- Tag Image File Format (TIFF) library\n\nIt was discovered that LibTIFF incorrectly handled certain malformed \nimages. If a user or automated system were tricked into opening a specially \ncrafted image, a remote attacker could crash the application, leading to a \ndenial of service, or possibly execute arbitrary code with user privileges.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-20T00:00:00", "type": "ubuntu", "title": "LibTIFF vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10371", "CVE-2017-10688", "CVE-2017-11335", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-18013", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9403", "CVE-2017-9404", "CVE-2017-9815", "CVE-2017-9936", "CVE-2018-5784"], "modified": "2018-03-20T00:00:00", "id": "USN-3602-1", "href": "https://ubuntu.com/security/notices/USN-3602-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-09-25T07:37:40", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.192.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.192.0 or later.\n\n# References\n\n * [USN-3602-1](<https://usn.ubuntu.com/3602-1/>)\n * [CVE-2016-10266](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10266>)\n * [CVE-2016-10267](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10267>)\n * [CVE-2016-10268](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10268>)\n * [CVE-2016-10269](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10269>)\n * [CVE-2016-10371](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10371>)\n * [CVE-2017-10688](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10688>)\n * [CVE-2017-11335](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11335>)\n * [CVE-2017-12944](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12944>)\n * [CVE-2017-13726](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13726>)\n * [CVE-2017-13727](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13727>)\n * [CVE-2017-18013](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18013>)\n * [CVE-2017-7592](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7592>)\n * [CVE-2017-7593](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7593>)\n * [CVE-2017-7594](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7594>)\n * [CVE-2017-7595](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7595>)\n * [CVE-2017-7596](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7596>)\n * [CVE-2017-7597](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7597>)\n * [CVE-2017-7598](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7598>)\n * [CVE-2017-7599](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7599>)\n * [CVE-2017-7600](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7600>)\n * [CVE-2017-7601](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7601>)\n * [CVE-2017-7602](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7602>)\n * [CVE-2017-9403](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9403>)\n * [CVE-2017-9404](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9404>)\n * [CVE-2017-9815](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9815>)\n * [CVE-2017-9936](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9936>)\n * [CVE-2018-5784](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5784>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-02T00:00:00", "type": "cloudfoundry", "title": "USN-3602-1: LibTIFF vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10371", "CVE-2017-10688", "CVE-2017-11335", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-18013", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602", "CVE-2017-9403", "CVE-2017-9404", "CVE-2017-9815", "CVE-2017-9936", "CVE-2018-5784"], "modified": "2018-05-02T00:00:00", "id": "CFOUNDRY:B5964D2AB72D599E586D491432260541", "href": "https://www.cloudfoundry.org/blog/usn-3602-1/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}