Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM592E7567704F70248FD908EA6BBEC036A4473DD7C178641CF9C5BFB5A9A6DF4A
HistoryFeb 28, 2024 - 10:30 p.m.

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Libtiff

2024-02-2822:30:09
www.ibm.com
6
ibm watson discovery cartridge
ibm cloud pak for data
libtiff vulnerability
denial of service
buffer overflow
sensitive information
null pointer dereference

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

47.7%

JSON

Summary

IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Libtiff.

Vulnerability Details

CVEID:CVE-2023-30774
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow related to TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS value. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253190 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-3316
**DESCRIPTION:**Libtiff is vulnerable to a denial of service, caused by a NULL pointer dereference in TIFFClose(). By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3570
**DESCRIPTION:**LibTIFF could allow a remote attacker to obtain sensitive information, caused by multiple heap-based buffer overflows in tiffcrop.c utility. By persuading a victim to open a specially-crafted TIFF image file, an attacker could exploit this vulnerability to obtain sensitive information or cause the application to crash.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239178 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

CVEID:CVE-2023-30086
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the tiffcp function in tiffcp.c. A local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255416 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-26966
**DESCRIPTION:**Libtiff is vulnerable to a denial of service, caused by a buffer overflow in uv_encode(). By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259560 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-2908
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in tif_dir.c. By persuading a victim to open a specially crafted TIFF image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259556 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-30775
**DESCRIPTION:**libtiff is vulnerable to a denial of service, caused by a heap-based buffer overflow in extractContigSamples32bits in tiffcrop.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255836 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3598
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write flaw in the extractContigSamplesShifted24bits function in tools/tiffcrop.c. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239181 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3599
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the writeSingleSection function in tools/tiffcrop.c. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239182 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-3576
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a memory leak in tiffcrop.c. By persuading a victim to open a specially crafted TIFF image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261300 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-26965
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the loadImage() function in /libtiff/tools/tiffcrop.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258196 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Watson Discovery 4.0.0-4.8.2

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.8.3

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

Workarounds and Mitigations

None

Related

openvas 36
nessus 52
almalinux 2
osv 14
oraclelinux 2
redhat 2
mageia 2
ubuntucve 10
ubuntu 3
cloudfoundry 1
redos 1
debian 1
ibm 3
cnvd 3
cve 9
debiancve 10
prion 8
veracode 9
redhatcve 10
amazon 6
photon 3
cbl_mariner 10
alpinelinux 2
openvas
openvas
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-2918)
2023-10-10 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-3055)
2023-10-31 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-2813)
2023-09-11 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : libtiff (EulerOS-SA-2023-2813)
2024-01-16 00:00:00
EulerOS Virtualization 2.10.1 : libtiff (EulerOS-SA-2023-2918)
2024-01-16 00:00:00
EulerOS Virtualization 2.11.1 : libtiff (EulerOS-SA-2023-3055)
2024-01-16 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-11-07 00:00:00
Moderate: libtiff security update
2023-05-09 00:00:00
osv
osv
Moderate: libtiff security update
2023-11-07 00:00:00
tiff vulnerabilities
2023-07-13 17:32:04
Moderate: libtiff security update
2023-05-09 00:00:00
oraclelinux
oraclelinux
libtiff security update
2023-11-11 00:00:00
libtiff security update
2023-05-15 00:00:00
redhat
redhat
(RHSA-2023:6575) Moderate: libtiff security update
2023-11-07 06:08:53
(RHSA-2023:2340) Moderate: libtiff security update
2023-05-09 05:07:52
mageia
mageia
Updated libtiff packages fix security vulnerability
2023-09-11 16:07:54
Updated libtiff packages fix security vulnerability
2022-11-08 22:44:28
ubuntucve
ubuntucve
CVE-2023-30086
2023-05-09 00:00:00
CVE-2023-30774
2023-05-19 00:00:00
CVE-2023-30775
2023-05-19 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2023-07-13 00:00:00
LibTIFF vulnerabilities
2022-10-27 00:00:00
LibTIFF vulnerabilities
2023-08-15 00:00:00
cloudfoundry
cloudfoundry
USN-6229-1: LibTIFF vulnerabilities | Cloud Foundry
2023-08-10 00:00:00
redos
redos
ROS-20230621-02
2023-06-21 00:00:00
debian
debian
[SECURITY] [DLA 3513-1] tiff security update
2023-07-31 23:56:20
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Datacap
2023-12-08 13:45:04
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities in libtiff
2023-07-27 15:49:30
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-3576]
2023-07-28 14:36:37
cnvd
cnvd
LibTIFF Buffer Overflow Vulnerability (CNVD-2023-40601)
2023-05-18 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72093)
2022-10-25 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72094)
2022-10-25 00:00:00
cve
cve
CVE-2023-30086
2023-05-09 16:15:14
CVE-2023-30774
2023-05-19 15:15:08
CVE-2023-30775
2023-05-19 15:15:08
debiancve
debiancve
CVE-2023-30086
2023-05-09 16:15:14
CVE-2023-30775
2023-05-19 15:15:08
CVE-2023-30774
2023-05-19 15:15:08
prion
prion
Buffer overflow
2023-05-09 16:15:00
Heap overflow
2023-05-19 15:15:00
Heap overflow
2023-05-19 15:15:00
veracode
veracode
Denial Of Service (DoS)
2023-05-15 11:50:55
Heap-based Buffer Overflow
2023-05-18 06:26:26
Heap-based Buffer Overflow
2023-05-18 07:02:10
redhatcve
redhatcve
CVE-2023-30086
2023-05-15 04:22:12
CVE-2023-30774
2023-04-17 05:30:41
CVE-2023-30775
2023-04-17 05:30:51
amazon
amazon
Medium: libtiff
2023-09-27 22:15:00
Medium: libtiff
2023-07-17 17:39:00
Medium: libtiff
2023-07-19 22:14:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0610
2023-07-07 00:00:00
Moderate Photon OS Security Update - PHSA-2023-0307
2023-01-04 00:00:00
Moderate Photon OS Security Update - PHSA-2023-0516
2023-01-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-26966 affecting package libtiff 4.5.0-3
2023-07-28 23:16:55
CVE-2023-26966 affecting package libtiff 4.5.0-3
2023-08-03 02:51:21
CVE-2023-26965 affecting package libtiff 4.5.0-3
2023-08-03 02:51:21
alpinelinux
alpinelinux
CVE-2023-3316
2023-06-19 12:15:09
CVE-2022-3599
2022-10-21 16:15:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

47.7%

JSON
Related for 592E7567704F70248FD908EA6BBEC036A4473DD7C178641CF9C5BFB5A9A6DF4A
openvas36nessus52almalinux2osv14oraclelinux2redhat2mageia2ubuntucve10ubuntu3cloudfoundry1redos1debian1ibm3cnvd3cve9debiancve10prion8veracode9redhatcve10amazon6photon3cbl_mariner10alpinelinux2