IBM778E9BCBB0C6BA17B28ABCBD1DAB3618758C7342EEF15BA587F9695C5C403BEBSecurity Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.318 Low
EPSS
Percentile
96.9%
Summary
IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in libTIFF.
Vulnerability Details
CVEID: CVE-2018-18661 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in the LZWDecode function in tif_lzw.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152035> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-12900 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145464> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9147 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an invalid read in the _TIFFVGetField function. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127484> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-9117 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by the processing of BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input. By using a specially crafted BMP image, attacker could overflow a buffer in bmp2tiff and execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126280> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2017-17942 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the function PackBitsEncode in tif_packbits.c. A local attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136935> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-9273 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by tiffsplit. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and cause the application to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122213> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-5319 DESCRIPTION: libTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in tif_packbits.c. By persuading a victim to open a specially-crafted bmp file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125599> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-3621 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in the LZWEncode function in tif_lzw.c. By persuading a victim to open a specially crafted BMP file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112049> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-3620 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in the ZIPEncode function in tif_zip.c. By persuading a victim to open a specially crafted BMP file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112048> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-3619 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in the bmp2tiff function DumpModeEncode. By persuading a victim to open a specially crafted BMP file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112019> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-8870 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an integer overflow in tools/bmp2tiff.c. By using a specially-crafted BMP file, an attacker could exploit this vulnerability to cause the a denial of service, or obtain sensitive information from the process memory.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120073> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)
Affected Products and Versions
Product
|
Affected Version
—|—
IBM Dynamic System Analysis (DSA) Preboot
|
9.6
Remediation/Fixes
Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>
Product
|
Fix Version
—|—
IBM Dynamic System Analysis (DSA) Preboot
(ibm_fw_dsa_dsyte2z-9.65_anyos_32-64)
|
dsyte2z-9.65
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| pureflex system & flex system | eq | any | |
| system x->microsoft datacenter | eq | any |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.318 Low
EPSS
Percentile
96.9%