CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.8%
IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in libTIFF.
CVEID: CVE-2016-10094 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by an off-by-one error flaw in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c. By persuading a victim to open a specially-crafted image file, a remote attacker could overflow a buffer and cause unspecified impact on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123427> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-10093 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by a flaw in the readContigStripsIntoBuffer function in tif_unix.c. By persuading a victim to open a specially-crafted image file, a remote attacker could overflow a buffer and cause unspecified impact on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123426> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-10092 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by an integer overflow flaw in tools/tiffcp.c. By persuading a victim to open a specially-crafted image file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123425> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-10779 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer over-read in the TIFFWriteScanline function in tif_write.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142940> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-17942 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the function PackBitsEncode in tif_packbits.c. A local attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136935> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-5319 DESCRIPTION: libTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in tif_packbits.c. By persuading a victim to open a specially-crafted bmp file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125599> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2015-8668 DESCRIPTION: LibTIFF could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bmp2tiff function within tif_packbits.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109279> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)
CVEID: CVE-2018-17795 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the function t2p_write_pdf in tiff2pdf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150646> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-17100 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a int32 overflow flaw in the multiply_ms function in tools/ppm2tiff.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149974> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-17101 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in cpTags in tools/tiff2bw.c and tools/pal2rgb.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149976> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16335 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-baesd buffer overflow in the newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149245> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9935 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the t2p_write_pdf function in tools/tiff2pdf.c. By persuading a victim to open a specially-crafted TIFF document, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127712> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-11613 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a flaw in the TIFFOpen function. By using a specially-crafted file, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129463> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-8905 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the LZWDecodeCompat function in tif_lzw.c. By persuading a victim to open a specially crafted TIFF file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140633> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-7456 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in TIFFPrintDirectory function in tif_print.c. By persuaded a victim to use the tiffinfo tool to print specially crafted TIFF information, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139536> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-5225 DESCRIPTION: Libtiff is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tools/tiffcp function. By sending a specially-crafted BitsPerSample value, an attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121024> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2017-11613 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a flaw in the TIFFOpen function. By using a specially-crafted file, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129463> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-9540 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds write in tools/tiffcp.c. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119237> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-9535 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by assertion error in tif_predict.h and tif_predict.c. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119242> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-8331 DESCRIPTION: LibTIFF could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of TIFF images in LibTIFF tag extension function. By persuading a victim to open a specially crafted TIFF document delivered to the application using LibTIFF’'s tag extension functionality, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118423> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-5318 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by stack-based buffer overflow in the _TIFFVGetField function. By persuading a victim to open a specially-crafted tiff file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125598> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-3632 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in the _TIFFVGetField function in tif_getimage.c. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112109> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-10266 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a divide-by-zero error in libtiff/tif_read.c. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123949> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-10095 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c. By persuading a victim to open a specially-crafted TIFF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123428> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2015-7554 DESCRIPTION: LibTIFF could allow a remote attacker to bypass security restrictions, caused by an error in field_passcount variable. By sending a specially-crafted request, an attacker could exploit this vulnerability to write data.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109280> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2014-8128 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bound write error in multiple tools. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101449> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Product
|
Affected Version
—|—
IBM Dynamic System Analysis (DSA) Preboot
|
9.6
Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>
Product
|
Fix Version
—|—
IBM Dynamic System Analysis (DSA) Preboot
(ibm_fw_dsa_dsyte2z-9.65_anyos_32-64)
|
dsyte2z-9.65
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | flex_system_manager | any | cpe:2.3:a:ibm:flex_system_manager:any:*:*:*:*:*:*:* |
ibm | system_x_idataplex_dx360_m2_server | any | cpe:2.3:h:ibm:system_x_idataplex_dx360_m2_server:any:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.8%