7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.8%
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-634 advisory.
2024-06-06: CVE-2022-48281 was added to this advisory.
2024-06-06: CVE-2023-41175 was added to this advisory.
2024-06-06: CVE-2023-40745 was added to this advisory.
2024-06-06: CVE-2023-30775 was added to this advisory.
2024-06-06: CVE-2022-3598 was added to this advisory.
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., WRITE of size 307203) via a crafted TIFF image. (CVE-2022-48281)
A vulnerability was found in libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c (CVE-2023-30775)
Multiple potential integer overflow in tiffcp.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow. (CVE-2023-40745)
Multiple potential integer overflow in raw2tiff.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow. (CVE-2023-41175)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2024-634.
##
include('compat.inc');
if (description)
{
script_id(197968);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/10");
script_cve_id(
"CVE-2022-3570",
"CVE-2022-3598",
"CVE-2022-48281",
"CVE-2023-30775",
"CVE-2023-40745",
"CVE-2023-41175"
);
script_name(english:"Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2024-634)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-634 advisory.
2024-06-06: CVE-2022-48281 was added to this advisory.
2024-06-06: CVE-2023-41175 was added to this advisory.
2024-06-06: CVE-2023-40745 was added to this advisory.
2024-06-06: CVE-2023-30775 was added to this advisory.
2024-06-06: CVE-2022-3598 was added to this advisory.
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to
trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into
application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,
allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff
from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g.,
WRITE of size 307203) via a crafted TIFF image. (CVE-2022-48281)
A vulnerability was found in libtiff library. This security flaw causes a heap buffer overflow in
extractContigSamples32bits, tiffcrop.c (CVE-2023-30775)
Multiple potential integer overflow in tiffcp.c in libtiff <= 4.5.1 can allow remote attackers to cause a
denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which
triggers a heap-based buffer overflow. (CVE-2023-40745)
Multiple potential integer overflow in raw2tiff.c in libtiff <= 4.5.1 can allow remote attackers to cause
a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image
which triggers a heap-based buffer overflow. (CVE-2023-41175)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3570.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3598.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-48281.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-30775.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-40745.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-41175.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update libtiff --releasever 2023.4.20240528' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-41175");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/21");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'libtiff-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-debuginfo-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-debuginfo-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-debugsource-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-debugsource-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-devel-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-devel-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-static-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-static-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-tools-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-tools-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-debugsource / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
amazon | linux | libtiff | p-cpe:/a:amazon:linux:libtiff |
amazon | linux | libtiff-debuginfo | p-cpe:/a:amazon:linux:libtiff-debuginfo |
amazon | linux | libtiff-debugsource | p-cpe:/a:amazon:linux:libtiff-debugsource |
amazon | linux | 2023 | cpe:/o:amazon:linux:2023 |
amazon | linux | libtiff-tools-debuginfo | p-cpe:/a:amazon:linux:libtiff-tools-debuginfo |
amazon | linux | libtiff-tools | p-cpe:/a:amazon:linux:libtiff-tools |
amazon | linux | libtiff-static | p-cpe:/a:amazon:linux:libtiff-static |
amazon | linux | libtiff-devel | p-cpe:/a:amazon:linux:libtiff-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
alas.aws.amazon.com/AL2023/ALAS-2024-634.html
alas.aws.amazon.com/cve/html/CVE-2022-3570.html
alas.aws.amazon.com/cve/html/CVE-2022-3598.html
alas.aws.amazon.com/cve/html/CVE-2022-48281.html
alas.aws.amazon.com/cve/html/CVE-2023-30775.html
alas.aws.amazon.com/cve/html/CVE-2023-40745.html
alas.aws.amazon.com/cve/html/CVE-2023-41175.html
alas.aws.amazon.com/faqs.html
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.8%