Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2017-802
HistoryMar 06, 2017 - 2:00 p.m.

Medium: libtiff, compat-libtiff3

2017-03-0614:00:00
alas.aws.amazon.com
10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.4%

JSON

Issue Overview:

Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)

Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)

Affected Packages:

libtiff, compat-libtiff3

Issue Correction:
Run yum update libtiff to update your system.
Run yum update compat-libtiff3 to update your system.

New Packages:

i686:  
    libtiff-devel-4.0.3-27.29.amzn1.i686  
    libtiff-debuginfo-4.0.3-27.29.amzn1.i686  
    libtiff-static-4.0.3-27.29.amzn1.i686  
    libtiff-4.0.3-27.29.amzn1.i686  
    compat-libtiff3-debuginfo-3.9.4-21.15.amzn1.i686  
    compat-libtiff3-3.9.4-21.15.amzn1.i686  
  
src:  
    libtiff-4.0.3-27.29.amzn1.src  
    compat-libtiff3-3.9.4-21.15.amzn1.src  
  
x86_64:  
    libtiff-static-4.0.3-27.29.amzn1.x86_64  
    libtiff-4.0.3-27.29.amzn1.x86_64  
    libtiff-devel-4.0.3-27.29.amzn1.x86_64  
    libtiff-debuginfo-4.0.3-27.29.amzn1.x86_64  
    compat-libtiff3-debuginfo-3.9.4-21.15.amzn1.x86_64  
    compat-libtiff3-3.9.4-21.15.amzn1.x86_64

Additional References

Red Hat: CVE-2015-8870, CVE-2016-5652, CVE-2016-9533, CVE-2016-9534, CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9540

Mitre: CVE-2015-8870, CVE-2016-5652, CVE-2016-9533, CVE-2016-9534, CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9540

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686libtiff-devel< 4.0.3-27.29.amzn1libtiff-devel-4.0.3-27.29.amzn1.i686.rpm
Amazon Linux1i686libtiff-debuginfo< 4.0.3-27.29.amzn1libtiff-debuginfo-4.0.3-27.29.amzn1.i686.rpm
Amazon Linux1i686libtiff-static< 4.0.3-27.29.amzn1libtiff-static-4.0.3-27.29.amzn1.i686.rpm
Amazon Linux1i686libtiff< 4.0.3-27.29.amzn1libtiff-4.0.3-27.29.amzn1.i686.rpm
Amazon Linux1i686compat-libtiff3-debuginfo< 3.9.4-21.15.amzn1compat-libtiff3-debuginfo-3.9.4-21.15.amzn1.i686.rpm
Amazon Linux1i686compat-libtiff3< 3.9.4-21.15.amzn1compat-libtiff3-3.9.4-21.15.amzn1.i686.rpm
Amazon Linux1x86_64libtiff-static< 4.0.3-27.29.amzn1libtiff-static-4.0.3-27.29.amzn1.x86_64.rpm
Amazon Linux1x86_64libtiff< 4.0.3-27.29.amzn1libtiff-4.0.3-27.29.amzn1.x86_64.rpm
Amazon Linux1x86_64libtiff-devel< 4.0.3-27.29.amzn1libtiff-devel-4.0.3-27.29.amzn1.x86_64.rpm
Amazon Linux1x86_64libtiff-debuginfo< 4.0.3-27.29.amzn1libtiff-debuginfo-4.0.3-27.29.amzn1.x86_64.rpm
Rows per page:
1-10 of 121

Related

nessus 31
openvas 17
redhat 1
centos 1
oraclelinux 1
freebsd 1
f5 2
ubuntucve 8
debian 5
osv 6
veracode 9
cve 9
prion 9
debiancve 8
redhatcve 7
checkpoint_advisories 1
seebug 1
alpinelinux 1
talos 1
ubuntu 2
cloudfoundry 1
threatpost 1
archlinux 2
ibm 2
altlinux 1
slackware 1
suse 1
apple 2
mageia 1
gentoo 1
nessus
nessus
FreeBSD : tiff -- multiple vulnerabilities (fb74eacc-ec8a-11e6-bc8a-0011d823eebd)
2017-02-07 00:00:00
CentOS 6 / 7 : libtiff (CESA-2017:0225)
2017-02-02 00:00:00
EulerOS 2.0 SP1 : libtiff (EulerOS-SA-2017-1019)
2017-05-01 00:00:00
openvas
openvas
CentOS Update for libtiff CESA-2017:0225 centos6
2017-02-03 00:00:00
RedHat Update for libtiff RHSA-2017:0225-01
2017-02-03 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2017-1020)
2020-01-23 00:00:00
redhat
redhat
(RHSA-2017:0225) Moderate: libtiff security update
2017-02-01 07:02:26
centos
centos
libtiff security update
2017-02-01 12:51:43
oraclelinux
oraclelinux
libtiff security update
2017-02-01 00:00:00
freebsd
freebsd
tiff -- multiple vulnerabilities
2016-11-19 00:00:00
f5
f5
K45593826 : LibTIFF vulnerabilities CVE-2015-8870, CVE-2016-5652, CVE-2016-9536, CVE-2016-9537, and CVE-2016-9540
2017-04-12 00:00:00
K34527393 : LibTIFF vulnerabilities CVE-2016-9533, CVE-2016-9534, and CVE-2016-9535
2017-04-12 00:00:00
ubuntucve
ubuntucve
CVE-2016-9536
2016-11-22 00:00:00
CVE-2016-9534
2016-11-22 00:00:00
CVE-2016-9537
2016-11-22 00:00:00
debian
debian
[SECURITY] [DLA 795-1] tiff security update
2017-01-23 23:01:22
[SECURITY] [DLA 880-1] tiff3 security update
2017-03-30 19:36:30
[SECURITY] [DSA 3762-1] tiff security update
2017-01-13 15:45:16
osv
osv
tiff - security update
2017-01-23 00:00:00
tiff3 - security update
2017-03-30 00:00:00
CVE-2016-5652
2017-01-06 21:59:01
veracode
veracode
Out-of-bounds Write
2019-05-02 06:09:59
Out-of-bounds Write
2019-05-02 06:09:59
Denial Of Service (DoS)
2019-01-15 09:15:37
cve
cve
CVE-2016-9537
2016-11-22 19:59:00
CVE-2016-9534
2016-11-22 19:59:00
CVE-2015-8870
2016-12-06 18:59:00
prion
prion
Integer overflow
2016-12-06 18:59:00
Heap overflow
2016-11-22 19:59:00
Heap overflow
2016-11-22 19:59:00
debiancve
debiancve
CVE-2015-8870
2016-12-06 18:59:00
CVE-2016-9537
2016-11-22 19:59:00
CVE-2016-9534
2016-11-22 19:59:00
redhatcve
redhatcve
CVE-2016-9534
2016-11-23 17:18:57
CVE-2016-9537
2016-11-23 17:19:02
CVE-2016-9536
2016-11-23 17:19:09
checkpoint_advisories
checkpoint_advisories
LibTIFF tiffcrop Integer Overflow (CVE-2016-9537)
2017-06-05 00:00:00
seebug
seebug
LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability(CVE-2016-5652)
2017-10-12 00:00:00
alpinelinux
alpinelinux
CVE-2016-5652
2017-01-06 21:59:00
talos
talos
LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability
2016-10-25 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2017-07-19 00:00:00
LibTIFF vulnerabilities
2017-02-27 00:00:00
cloudfoundry
cloudfoundry
USN-3212-1: LibTIFF vulnerabilities | Cloud Foundry
2017-03-17 00:00:00
threatpost
threatpost
Remote Code Execution Vulnerabilities Plague LibTIFF Library
2016-10-26 12:34:20
archlinux
archlinux
[ASA-201611-26] libtiff: multiple issues
2016-11-25 00:00:00
[ASA-201611-27] lib32-libtiff: multiple issues
2016-11-25 00:00:00
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF
2023-12-07 22:45:03
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF
2023-12-07 22:45:02
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.0.10.0.57.f9fc01c3-alt1
2019-04-09 00:00:00
slackware
slackware
[slackware-security] libtiff
2017-04-08 20:11:36
suse
suse
Security update for tiff (important)
2016-12-07 15:08:51
apple
apple
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support
2017-08-29 02:52:03
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
2017-03-27 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2017-07-01 10:04:05
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2017-01-09 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.4%

JSON
Related for ALAS-2017-802
nessus31openvas17redhat1centos1oraclelinux1freebsd1f52ubuntucve8debian5osv6veracode9cve9prion9debiancve8redhatcve7checkpoint_advisories1seebug1alpinelinux1talos1ubuntu2cloudfoundry1threatpost1archlinux2ibm2altlinux1slackware1suse1apple2mageia1gentoo1