Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-2009-1:97403
HistoryNov 26, 2019 - 9:24 p.m.

[SECURITY] [DLA 2009-1] tiff security update

2019-11-2621:24:54
lists.debian.org
47

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.1%

JSON

Package : tiff
Version : 4.0.3-12.3+deb8u10
CVE ID : CVE-2017-17095 CVE-2018-12900 CVE-2018-18661
CVE-2019-6128 CVE-2019-17546

Several issues have been found in tiff, a Tag Image File Format library.

CVE-2019-17546

 The RGBA interface contains an integer overflow that might lead
 to heap buffer overflow write.

CVE-2019-6128

 A memory leak exists due to missing cleanup code.

CVE-2018-18661

 In case of exhausted memory there is a null pointer dereference
 in tiff2bw.

CVE-2018-12900

 Fix for heap-based buffer overflow, that could be used to crash an
 application or even to execute arbitrary code (with the permission
 of the user running this application).

CVE-2017-17095

 A crafted tiff file could lead to a heap buffer overflow in pal2rgb.

For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u10.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8armhflibtiff5< 4.0.3-12.3+deb8u10libtiff5_4.0.3-12.3+deb8u10_armhf.deb
Debian8i386libtiff-opengl< 4.0.3-12.3+deb8u10libtiff-opengl_4.0.3-12.3+deb8u10_i386.deb
Debian8i386libtiffxx5< 4.0.3-12.3+deb8u10libtiffxx5_4.0.3-12.3+deb8u10_i386.deb
Debian8amd64libtiff-opengl< 4.0.3-12.3+deb8u10libtiff-opengl_4.0.3-12.3+deb8u10_amd64.deb
Debian8armellibtiff-tools< 4.0.3-12.3+deb8u10libtiff-tools_4.0.3-12.3+deb8u10_armel.deb
Debian8armhflibtiff-opengl< 4.0.3-12.3+deb8u10libtiff-opengl_4.0.3-12.3+deb8u10_armhf.deb
Debian8amd64libtiffxx5< 4.0.3-12.3+deb8u10libtiffxx5_4.0.3-12.3+deb8u10_amd64.deb
Debian8i386libtiff-tools< 4.0.3-12.3+deb8u10libtiff-tools_4.0.3-12.3+deb8u10_i386.deb
Debian8armhflibtiff5-dev< 4.0.3-12.3+deb8u10libtiff5-dev_4.0.3-12.3+deb8u10_armhf.deb
Debian8i386libtiff5< 4.0.3-12.3+deb8u10libtiff5_4.0.3-12.3+deb8u10_i386.deb
Rows per page:
1-10 of 221

Related

openvas 37
nessus 61
osv 12
altlinux 1
gentoo 1
suse 4
alpinelinux 4
mageia 6
redhat 4
prion 6
cve 6
redhatcve 6
veracode 4
ubuntucve 6
ibm 2
debiancve 6
rocky 1
debian 4
oraclelinux 4
almalinux 1
cloudfoundry 2
ubuntu 3
amazon 2
fedora 2
centos 2
photon 8
archlinux 2
slackware 1
f5 1
openvas
openvas
Debian: Security Advisory (DLA-2009-1)
2019-11-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3911-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for tiff (openSUSE-SU-2018:3947-1)
2018-12-04 00:00:00
nessus
nessus
Debian DLA-2009-1 : tiff security update
2019-11-27 00:00:00
GLSA-202003-25 : libTIFF: Multiple vulnerabilities
2020-03-16 00:00:00
SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:3911-1)
2018-11-27 00:00:00
osv
osv
tiff - security update
2019-11-26 00:00:00
CVE-2018-18661
2018-10-26 14:29:02
gdal - security update
2020-03-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.1.0-alt1
2019-11-14 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2020-03-15 00:00:00
suse
suse
Security update for tiff (moderate)
2018-11-30 00:09:39
Security update for tiff (moderate)
2018-11-30 00:10:39
Security update for tiff (important)
2022-02-17 00:00:00
alpinelinux
alpinelinux
CVE-2018-18661
2018-10-26 14:29:00
CVE-2017-17095
2017-12-02 06:29:00
CVE-2019-6128
2019-01-11 05:29:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2019-12-06 17:15:42
Updated libtiff packages fix security vulnerability
2018-11-12 00:09:54
Updated libtiff packages fix security vulnerability
2019-02-13 14:08:25
redhat
redhat
(RHSA-2020:4634) Moderate: libtiff security update
2020-11-03 12:22:21
(RHSA-2019:3419) Moderate: libtiff security update
2019-11-05 17:43:50
(RHSA-2020:3902) Moderate: libtiff security update
2020-09-29 07:42:07
prion
prion
Null pointer dereference
2018-10-26 14:29:00
Integer overflow
2019-10-14 02:15:00
Heap overflow
2017-12-02 06:29:00
cve
cve
CVE-2018-18661
2018-10-26 14:29:00
CVE-2019-17546
2019-10-14 02:15:00
CVE-2017-17095
2017-12-02 06:29:00
redhatcve
redhatcve
CVE-2017-17095
2017-12-11 07:19:38
CVE-2018-18661
2020-01-22 15:56:44
CVE-2019-17546
2019-10-25 19:21:00
veracode
veracode
Denial Of Service (DoS)
2019-10-15 04:59:30
Denial Of Service (DoS)
2021-07-07 08:58:09
Information Disclosure
2019-02-11 05:02:30
ubuntucve
ubuntucve
CVE-2018-18661
2018-10-26 00:00:00
CVE-2019-17546
2019-10-14 00:00:00
CVE-2017-17095
2017-12-02 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2021-04-03 02:03:00
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF
2023-12-07 22:45:02
debiancve
debiancve
CVE-2018-18661
2018-10-26 14:29:00
CVE-2019-17546
2019-10-14 02:15:00
CVE-2017-17095
2017-12-02 06:29:00
rocky
rocky
libtiff security update
2020-11-03 12:22:21
debian
debian
[SECURITY] [DLA 2147-1] gdal security update
2020-03-18 20:47:13
[SECURITY] [DSA 4670-1] tiff security update
2020-04-29 21:12:38
[SECURITY] [DSA 4670-1] tiff security update
2020-04-29 21:12:38
oraclelinux
oraclelinux
libtiff security update
2020-11-10 00:00:00
libtiff security update
2019-11-14 00:00:00
libtiff security update
2020-10-06 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2020-11-03 12:22:21
cloudfoundry
cloudfoundry
USN-3906-1: LibTIFF vulnerabilities | Cloud Foundry
2019-03-21 00:00:00
USN-4158-1: LibTIFF vulnerabilities | Cloud Foundry
2021-03-09 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2019-03-12 00:00:00
LibTIFF vulnerabilities
2019-10-17 00:00:00
LibTIFF vulnerabilities
2019-03-18 00:00:00
amazon
amazon
Medium: libtiff
2020-10-22 18:24:00
Medium: libtiff
2020-11-14 01:23:00
fedora
fedora
[SECURITY] Fedora 31 Update: libtiff-4.0.10-8.fc31
2020-03-04 21:31:32
[SECURITY] Fedora 30 Update: libtiff-4.0.10-8.fc30
2020-03-04 21:38:46
centos
centos
libtiff security update
2020-10-20 18:24:55
libtiff security update
2019-08-30 03:31:24
photon
photon
Important Photon OS Security Update - PHSA-2019-0044
2019-11-28 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0131
2019-02-19 00:00:00
Important Photon OS Security Update - PHSA-2019-3.0-0044
2019-11-28 00:00:00
archlinux
archlinux
[ASA-201911-13] libtiff: denial of service
2019-11-13 00:00:00
[ASA-201811-17] libtiff: multiple issues
2018-11-20 00:00:00
slackware
slackware
[slackware-security] libtiff
2019-11-04 22:37:12
f5
f5
K04185528 : LibTIFF vulnerabilities CVE-2016-3186 CVE-2018-10779 CVE-2018-10963 CVE-2018-12900 CVE-2018-17100 CVE-2018-17101 CVE-2018-18661 CVE-2018-7456 CVE-2018-8905
2022-02-17 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.1%

JSON
Related for DEBIAN:DLA-2009-1:97403
openvas37nessus61osv12altlinux1gentoo1suse4alpinelinux4mageia6redhat4prion6cve6redhatcve6veracode4ubuntucve6ibm2debiancve6rocky1debian4oraclelinux4almalinux1cloudfoundry2ubuntu3amazon2fedora2centos2photon8archlinux2slackware1f51