Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/9966B2DA13808ADDAE15C12704854F32
HistoryApr 09, 2019 - 12:00 a.m.

Security fix for the ALT Linux 10 package libtiff version 4.0.10.0.57.f9fc01c3-alt1

2019-04-0900:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
6

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

April 9, 2019 Vladimir D. Seleznev 4.0.10.0.57.f9fc01c3-alt1

- Updated to v4.0.10-57-gf9fc01c3 (ALT [#36575](<https://bugzilla.altlinux.org/36575>), [#34677](<https://bugzilla.altlinux.org/34677>)).
- Applied SUSE patches:
  + tiff-4.0.3-seek.patch;
  + tiff-4.0.3-compress-warning.patch;
  + tiff-CVE-2018-12900.patch.
- Built with support of:
  + libjbig;
  + libwebp;
  + libzstd.
- Fixes:
  + CVE-2012-4564 Zero size buffer exploit in ppm2tiff;
  + CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip();
  + CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image();
  + CVE-2013-4243 Heap-based buffer overflow in the readgifimage();
  + CVE-2013-4244 DoS or possible RCE via crafted GIF image;
  + CVE-2014-8127 Out-of-bounds read with malformed TIFF image in multiple tool;
  + CVE-2014-8129 Out-of-bounds read/write with malformed TIFF image in tiff2pdf;
  + CVE-2014-8130 Divide-by-zero error in _TIFFmalloc();
  + CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif;
  + CVE-2015-8870 Integer overflow in tools/bmp2tiff.c (DoS or information leak);
  + CVE-2018-5360 Heap-based buffer overflow in the ReadTIFFImage().
OSVersionArchitecturePackageVersionFilename
ALT Linux10srclibtiff-4.4.0-alt2.src.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiff-4.4.0-alt2.src.rpm
ALT Linux10x86_64libtiff-devel-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiff-devel-4.4.0-alt2.x86_64.rpm
ALT Linux10x86_64libtiff-utils-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiff-utils-4.4.0-alt2.x86_64.rpm
ALT Linux10x86_64libtiff-utils-debuginfo-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiff-utils-debuginfo-4.4.0-alt2.x86_64.rpm
ALT Linux10x86_64libtiff5-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiff5-4.4.0-alt2.x86_64.rpm
ALT Linux10x86_64libtiff5-debuginfo-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiff5-debuginfo-4.4.0-alt2.x86_64.rpm
ALT Linux10x86_64libtiffxx-devel-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiffxx-devel-4.4.0-alt2.x86_64.rpm
ALT Linux10x86_64libtiffxx5-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiffxx5-4.4.0-alt2.x86_64.rpm
ALT Linux10x86_64libtiffxx5-debuginfo-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1libtiffxx5-debuginfo-4.4.0-alt2.x86_64.rpm
ALT Linux10x86_64tiffgt-4.4.0-alt2.x86_64.rpm< 4.0.10.0.57.f9fc01c3-alt1tiffgt-4.4.0-alt2.x86_64.rpm
Rows per page:
1-10 of 551

Related

openvas 47
nessus 41
ubuntu 3
securityvulns 7
fedora 8
f5 4
centos 2
oraclelinux 3
redhat 4
amazon 2
veracode 12
debian 8
gentoo 1
mageia 2
osv 8
slackware 1
ubuntucve 11
debiancve 11
prion 10
cve 11
alpinelinux 2
redhatcve 1
openvas
openvas
Ubuntu: Security Advisory (USN-2553-1)
2015-04-01 00:00:00
Ubuntu: Security Advisory (USN-2553-2)
2015-04-02 00:00:00
Fedora Update for mingw-libtiff FEDORA-2014-6831
2014-06-17 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : LibTIFF regression (USN-2553-2)
2015-04-02 00:00:00
Ubuntu 14.04 LTS : LibTIFF vulnerabilities (USN-2553-1)
2015-04-01 00:00:00
Oracle Linux 5 : libtiff (ELSA-2014-0223)
2014-02-28 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2015-03-31 00:00:00
LibTIFF regression
2015-04-01 00:00:00
LibTIFF vulnerabilities
2014-05-06 00:00:00
securityvulns
securityvulns
[USN-2553-1] LibTIFF vulnerabilities
2015-04-09 00:00:00
LibTIFF multiple security vulnerabilities
2015-04-13 00:00:00
[ MDVSA-2015:147-1 ] libtiff
2015-04-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-libtiff-4.0.3-4.fc20
2014-06-10 02:56:35
[SECURITY] Fedora 19 Update: mingw-libtiff-4.0.3-4.fc19
2014-06-10 03:14:08
[SECURITY] Fedora 19 Update: libtiff-4.0.3-10.fc19
2014-06-10 03:07:40
f5
f5
SOL16715 - Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
K16715 : Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
SOL35155453 - Multiple LibTIFF vulnerabilities
2016-11-08 00:00:00
centos
centos
libtiff security update
2014-02-28 00:37:27
libtiff security update
2014-02-28 00:43:50
oraclelinux
oraclelinux
libtiff security update
2014-02-27 00:00:00
libtiff security update
2014-02-27 00:00:00
libtiff security update
2016-08-02 00:00:00
redhat
redhat
(RHSA-2014:0223) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0222) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0339) Important: rhev-hypervisor6 security update
2014-03-31 00:00:00
amazon
amazon
Medium: libtiff
2014-06-26 10:31:00
Medium: libtiff
2014-03-13 18:13:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
debian
debian
[SECURITY] [DSA 3273-1] tiff security update
2015-05-25 20:54:54
[SECURITY] [DSA 2744-1] tiff security update
2013-08-27 15:27:12
[SECURITY] [DLA 221-1] tiff security update
2015-05-16 01:31:54
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2014-02-21 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerabilities
2015-03-23 00:42:09
Updated libtiff package fixes security vulnerability
2013-09-25 01:43:52
osv
osv
tiff - security update
2015-05-25 00:00:00
tiff - several
2013-08-27 00:00:00
tiff - security update
2015-05-16 00:00:00
slackware
slackware
[slackware-security] libtiff
2013-10-18 19:38:32
ubuntucve
ubuntucve
CVE-2018-5360
2018-01-14 00:00:00
CVE-2015-8870
2016-12-06 00:00:00
CVE-2012-4564
2012-11-11 00:00:00
debiancve
debiancve
CVE-2015-8870
2016-12-06 18:59:00
CVE-2012-4564
2012-11-11 13:00:00
CVE-2014-8129
2018-03-12 02:29:00
prion
prion
Integer overflow
2016-12-06 18:59:00
Integer overflow
2015-01-20 15:59:00
Integer overflow
2012-11-11 13:00:00
cve
cve
CVE-2015-8870
2016-12-06 18:59:00
CVE-2014-8129
2018-03-12 02:29:00
CVE-2012-4564
2012-11-11 13:00:00
alpinelinux
alpinelinux
CVE-2014-8127
2017-06-26 15:29:00
CVE-2018-12900
2018-06-26 22:29:00
redhatcve
redhatcve
CVE-2018-5360
2018-01-17 14:23:48

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for 9966B2DA13808ADDAE15C12704854F32
openvas47nessus41ubuntu3securityvulns7fedora8f54centos2oraclelinux3redhat4amazon2veracode12debian8gentoo1mageia2osv8slackware1ubuntucve11debiancve11prion10cve11alpinelinux2redhatcve1