Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201402-21
HistoryFeb 21, 2014 - 12:00 a.m.

libTIFF: Multiple vulnerabilities

2014-02-2100:00:00
Gentoo Foundation
security.gentoo.org
15

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.7%

JSON

Background

libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.

Description

Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF 4.* users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.3-r6"

All libTIFF 3.* users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.7-r1:3"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/tiff< 4.0.3-r6UNKNOWN

Related

openvas 55
nessus 57
fedora 14
slackware 1
f5 2
oraclelinux 3
centos 3
redhat 4
veracode 9
securityvulns 7
osv 3
debian 4
amazon 3
ubuntu 3
mageia 2
altlinux 1
ubuntucve 7
prion 7
debiancve 7
cve 7
openvas
openvas
Gentoo Security Advisory GLSA 201402-21
2015-09-29 00:00:00
Fedora Update for mingw-libtiff FEDORA-2014-6831
2014-06-17 00:00:00
Fedora Update for libtiff FEDORA-2013-15673
2013-09-24 00:00:00
nessus
nessus
GLSA-201402-21 : libTIFF: Multiple vulnerabilities
2014-02-23 00:00:00
Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)
2013-10-20 00:00:00
F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K16715)
2015-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: libtiff-4.0.3-9.fc18
2013-09-18 12:58:47
[SECURITY] Fedora 20 Update: mingw-libtiff-4.0.3-4.fc20
2014-06-10 02:56:35
[SECURITY] Fedora 19 Update: mingw-libtiff-4.0.3-4.fc19
2014-06-10 03:14:08
slackware
slackware
[slackware-security] libtiff
2013-10-18 19:38:32
f5
f5
SOL16715 - Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
K16715 : Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
oraclelinux
oraclelinux
libtiff security update
2014-02-27 00:00:00
libtiff security update
2014-02-27 00:00:00
libtiff security update
2012-12-18 00:00:00
centos
centos
libtiff security update
2014-02-28 00:37:27
libtiff security update
2014-02-28 00:43:50
libtiff security update
2012-12-19 01:20:39
redhat
redhat
(RHSA-2014:0223) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0222) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0339) Important: rhev-hypervisor6 security update
2014-03-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
securityvulns
securityvulns
libtiff multiple security vulnerabilities
2013-08-28 00:00:00
[SECURITY] [DSA 2744-1] tiff security update
2013-08-28 00:00:00
libtiff buffer overflow
2012-11-18 00:00:00
osv
osv
tiff - several
2013-08-27 00:00:00
tiff - buffer overflow
2013-06-18 00:00:00
tiff - buffer overflow
2012-10-21 00:00:00
debian
debian
[SECURITY] [DSA 2744-1] tiff security update
2013-08-27 15:27:12
[SECURITY] [DSA 2698-1] tiff security update
2013-06-18 19:39:25
[SECURITY] [DSA 2575-1] tiff security update
2012-11-18 14:22:07
amazon
amazon
Medium: libtiff
2014-03-13 18:13:00
Medium: libtiff
2014-06-26 10:31:00
Medium: libtiff
2012-12-20 13:55:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2014-05-06 00:00:00
LibTIFF vulnerabilities
2012-11-15 00:00:00
LibTIFF vulnerabilities
2013-05-21 00:00:00
mageia
mageia
Updated libtiff packagess fix multiple security vulnerabilities
2013-08-22 22:20:56
Updated libtiff packages fix CVE-2013-4244
2013-08-30 21:40:20
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.0.10.0.57.f9fc01c3-alt1
2019-04-09 00:00:00
ubuntucve
ubuntucve
CVE-2012-4564
2012-11-11 00:00:00
CVE-2013-4232
2013-09-10 00:00:00
CVE-2013-4231
2014-01-19 00:00:00
prion
prion
Integer overflow
2012-11-11 13:00:00
Heap overflow
2012-10-28 15:55:00
Buffer overflow
2014-01-19 17:16:00
debiancve
debiancve
CVE-2012-4564
2012-11-11 13:00:00
CVE-2013-4232
2013-09-10 19:55:00
CVE-2013-4231
2014-01-19 17:16:00
cve
cve
CVE-2012-4564
2012-11-11 13:00:00
CVE-2013-4232
2013-09-10 19:55:00
CVE-2013-4231
2014-01-19 17:16:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.7%

JSON
Related for GLSA-201402-21
openvas55nessus57fedora14slackware1f52oraclelinux3centos3redhat4veracode9securityvulns7osv3debian4amazon3ubuntu3mageia2altlinux1ubuntucve7prion7debiancve7cve7