Lucene search

K
ibmIBMAFC88E550B6899AB50B41FE6D888AB57146D76F8E3B4D34C479A605C233ED6FB
HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF

2023-12-0722:45:03
www.ibm.com
8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.097 Low

EPSS

Percentile

94.7%

Summary

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in libTIFF.

Vulnerability Details

CVEID: CVE-2016-10094 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by an off-by-one error flaw in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c. By persuading a victim to open a specially-crafted image file, a remote attacker could overflow a buffer and cause unspecified impact on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123427&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-10093 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by a flaw in the readContigStripsIntoBuffer function in tif_unix.c. By persuading a victim to open a specially-crafted image file, a remote attacker could overflow a buffer and cause unspecified impact on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123426&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-10092 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by an integer overflow flaw in tools/tiffcp.c. By persuading a victim to open a specially-crafted image file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123425&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-10779 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer over-read in the TIFFWriteScanline function in tif_write.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142940&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-17942 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the function PackBitsEncode in tif_packbits.c. A local attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136935&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5319 DESCRIPTION: libTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in tif_packbits.c. By persuading a victim to open a specially-crafted bmp file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125599&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-8668 DESCRIPTION: LibTIFF could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bmp2tiff function within tif_packbits.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109279&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)

CVEID: CVE-2018-17795 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the function t2p_write_pdf in tiff2pdf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150646&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-17100 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a int32 overflow flaw in the multiply_ms function in tools/ppm2tiff.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149974&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-17101 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in cpTags in tools/tiff2bw.c and tools/pal2rgb.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149976&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-16335 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-baesd buffer overflow in the newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149245&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-9935 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the t2p_write_pdf function in tools/tiff2pdf.c. By persuading a victim to open a specially-crafted TIFF document, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127712&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-11613 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a flaw in the TIFFOpen function. By using a specially-crafted file, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129463&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-8905 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the LZWDecodeCompat function in tif_lzw.c. By persuading a victim to open a specially crafted TIFF file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140633&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-7456 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in TIFFPrintDirectory function in tif_print.c. By persuaded a victim to use the tiffinfo tool to print specially crafted TIFF information, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139536&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-5225 DESCRIPTION: Libtiff is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tools/tiffcp function. By sending a specially-crafted BitsPerSample value, an attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121024&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-11613 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a flaw in the TIFFOpen function. By using a specially-crafted file, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129463&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-9540 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds write in tools/tiffcp.c. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119237&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-9535 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by assertion error in tif_predict.h and tif_predict.c. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119242&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-8331 DESCRIPTION: LibTIFF could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of TIFF images in LibTIFF tag extension function. By persuading a victim to open a specially crafted TIFF document delivered to the application using LibTIFF’'s tag extension functionality, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118423&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5318 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by stack-based buffer overflow in the _TIFFVGetField function. By persuading a victim to open a specially-crafted tiff file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125598&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-3632 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in the _TIFFVGetField function in tif_getimage.c. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112109&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-10266 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a divide-by-zero error in libtiff/tif_read.c. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123949&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-10095 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c. By persuading a victim to open a specially-crafted TIFF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123428&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-7554 DESCRIPTION: LibTIFF could allow a remote attacker to bypass security restrictions, caused by an error in field_passcount variable. By sending a specially-crafted request, an attacker could exploit this vulnerability to write data.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109280&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2014-8128 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bound write error in multiple tools. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101449&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Product

|

Affected Version

—|—

IBM Dynamic System Analysis (DSA) Preboot

|

9.6

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Product

|

Fix Version

—|—

IBM Dynamic System Analysis (DSA) Preboot
(ibm_fw_dsa_dsyte2z-9.65_anyos_32-64)

|

dsyte2z-9.65

Workarounds and Mitigations

None

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.097 Low

EPSS

Percentile

94.7%