Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2016-733
HistoryAug 17, 2016 - 1:30 p.m.

Important: libtiff

2016-08-1713:30:00
alas.aws.amazon.com
20

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.057 Low

EPSS

Percentile

93.3%

JSON

Issue Overview:

Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

Affected Packages:

libtiff

Issue Correction:
Run yum update libtiff to update your system.

New Packages:

i686:  
    libtiff-devel-4.0.3-25.27.amzn1.i686  
    libtiff-4.0.3-25.27.amzn1.i686  
    libtiff-static-4.0.3-25.27.amzn1.i686  
    libtiff-debuginfo-4.0.3-25.27.amzn1.i686  
  
src:  
    libtiff-4.0.3-25.27.amzn1.src  
  
x86_64:  
    libtiff-devel-4.0.3-25.27.amzn1.x86_64  
    libtiff-4.0.3-25.27.amzn1.x86_64  
    libtiff-static-4.0.3-25.27.amzn1.x86_64  
    libtiff-debuginfo-4.0.3-25.27.amzn1.x86_64

Additional References

Red Hat: CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320

Mitre: CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320

Related

nessus 54
redhat 2
ibm 3
oraclelinux 2
openvas 37
centos 2
f5 7
amazon 2
debian 8
cloudfoundry 1
ubuntu 4
securityvulns 3
osv 6
mageia 3
ubuntucve 14
prion 12
debiancve 10
cve 11
fedora 4
gentoo 1
altlinux 1
veracode 10
freebsd 1
alpinelinux 1
nessus
nessus
EulerOS 2.0 SP1 : libtiff (EulerOS-SA-2016-1034)
2017-05-01 00:00:00
RHEL 7 : libtiff (RHSA-2016:1546)
2016-08-03 00:00:00
Scientific Linux Security Update : libtiff on SL7.x x86_64 (20160802)
2016-08-04 00:00:00
redhat
redhat
(RHSA-2016:1546) Important: libtiff security update
2016-08-02 14:26:49
(RHSA-2016:1547) Important: libtiff security update
2016-08-02 14:27:54
ibm
ibm
Security Bulletin: Libtiff vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in libtiff affect PowerKVM
2018-06-18 01:33:05
Security Bulletin: Multiple vulnerabilities in tiff affect IBM Flex System Manager(FSM)
2018-06-18 01:32:21
oraclelinux
oraclelinux
libtiff security update
2016-08-02 00:00:00
libtiff security update
2016-08-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2016-1034)
2020-01-23 00:00:00
RedHat Update for libtiff RHSA-2016:1547-01
2016-08-04 00:00:00
CentOS Update for libtiff CESA-2016:1546 centos7
2016-08-08 00:00:00
centos
centos
libtiff security update
2016-08-02 21:57:58
libtiff security update
2016-08-02 15:06:00
f5
f5
K35155453 : Multiple LibTIFF vulnerabilities
2016-11-08 00:00:00
SOL35155453 - Multiple LibTIFF vulnerabilities
2016-11-08 00:00:00
K89096577 : LibTIFF vulnerabilities CVE-2016-5314 and CVE-2015-8784
2016-11-08 00:00:00
amazon
amazon
Important: compat-libtiff3
2016-08-17 13:30:00
Medium: libtiff
2015-06-22 15:07:00
debian
debian
[SECURITY] [DSA 3467-1] tiff security update
2016-02-06 07:39:28
[SECURITY] [DSA 3467-1] tiff security update
2016-02-06 07:39:28
[SECURITY] [DLA 405-1] tiff security update
2016-01-30 13:24:07
cloudfoundry
cloudfoundry
USN-2939-1 LibTIFF vulnerabilities | Cloud Foundry
2016-03-24 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2016-03-23 00:00:00
LibTIFF vulnerabilities
2015-03-31 00:00:00
LibTIFF regression
2015-04-01 00:00:00
securityvulns
securityvulns
LibTIFF multiple security vulnerabilities
2015-04-13 00:00:00
[USN-2553-1] LibTIFF vulnerabilities
2015-04-09 00:00:00
[ MDVSA-2015:147-1 ] libtiff
2015-04-13 00:00:00
osv
osv
tiff - security update
2016-01-30 00:00:00
tiff - security update
2015-05-25 00:00:00
tiff - security update
2015-05-16 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerabilities
2015-03-23 00:42:09
Updated libtiff package fixes security vulnerabilities
2016-01-14 04:44:39
The updated packages fix libtiff security vulnerabilities
2016-10-21 01:35:16
ubuntucve
ubuntucve
CVE-2015-8683
2015-12-31 00:00:00
CVE-2015-8783
2016-02-01 00:00:00
CVE-2015-8782
2016-02-01 00:00:00
prion
prion
Out-of-bounds
2016-02-01 21:59:00
Out-of-bounds
2016-02-01 21:59:00
Code injection
2016-04-13 17:59:00
debiancve
debiancve
CVE-2015-8781
2016-02-01 21:59:00
CVE-2015-8782
2016-02-01 21:59:00
CVE-2015-8665
2016-04-13 17:59:00
cve
cve
CVE-2015-8781
2016-02-01 21:59:00
CVE-2015-8782
2016-02-01 21:59:00
CVE-2015-8665
2016-04-13 17:59:00
fedora
fedora
[SECURITY] Fedora 22 Update: libtiff-4.0.3-20.fc22
2015-06-02 15:14:07
[SECURITY] Fedora 21 Update: libtiff-4.0.3-20.fc21
2015-05-30 15:55:39
[SECURITY] Fedora 22 Update: mingw-libtiff-4.0.3-6.fc22
2015-05-01 16:38:10
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2017-01-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.0.10.0.57.f9fc01c3-alt1
2019-04-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-08-01 06:37:08
Invalid Write
2018-05-23 06:23:51
Denial Of Service (DoS)
2018-08-01 03:24:51
freebsd
freebsd
tiff -- out-of-bounds read in tif_getimage.c
2015-12-24 00:00:00
alpinelinux
alpinelinux
CVE-2014-8127
2017-06-26 15:29:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.057 Low

EPSS

Percentile

93.3%

JSON
Related for ALAS-2016-733
nessus54redhat2ibm3oraclelinux2openvas37centos2f57amazon2debian8cloudfoundry1ubuntu4securityvulns3osv6mageia3ubuntucve14prion12debiancve10cve11fedora4gentoo1altlinux1veracode10freebsd1alpinelinux1