Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2024-634.NASLHistoryMay 28, 2024 - 12:00 a.m.
Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2024-634)
2024-05-2800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
amazon linux 2023
libtiff
heap buffer overflow
application crash
information disclosure
cve-2022-3570
security advisory
nessus
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.8%
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-634 advisory.
2024-06-06: CVE-2022-48281 was added to this advisory.
2024-06-06: CVE-2023-41175 was added to this advisory.
2024-06-06: CVE-2023-40745 was added to this advisory.
2024-06-06: CVE-2023-30775 was added to this advisory.
2024-06-06: CVE-2022-3598 was added to this advisory.
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., WRITE of size 307203) via a crafted TIFF image. (CVE-2022-48281)
A vulnerability was found in libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c (CVE-2023-30775)
Multiple potential integer overflow in tiffcp.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow. (CVE-2023-40745)
Multiple potential integer overflow in raw2tiff.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow. (CVE-2023-41175)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2024-634.
##
include('compat.inc');
if (description)
{
script_id(197968);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/10");
script_cve_id(
"CVE-2022-3570",
"CVE-2022-3598",
"CVE-2022-48281",
"CVE-2023-30775",
"CVE-2023-40745",
"CVE-2023-41175"
);
script_name(english:"Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2024-634)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-634 advisory.
2024-06-06: CVE-2022-48281 was added to this advisory.
2024-06-06: CVE-2023-41175 was added to this advisory.
2024-06-06: CVE-2023-40745 was added to this advisory.
2024-06-06: CVE-2023-30775 was added to this advisory.
2024-06-06: CVE-2022-3598 was added to this advisory.
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to
trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into
application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,
allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff
from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g.,
WRITE of size 307203) via a crafted TIFF image. (CVE-2022-48281)
A vulnerability was found in libtiff library. This security flaw causes a heap buffer overflow in
extractContigSamples32bits, tiffcrop.c (CVE-2023-30775)
Multiple potential integer overflow in tiffcp.c in libtiff <= 4.5.1 can allow remote attackers to cause a
denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which
triggers a heap-based buffer overflow. (CVE-2023-40745)
Multiple potential integer overflow in raw2tiff.c in libtiff <= 4.5.1 can allow remote attackers to cause
a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image
which triggers a heap-based buffer overflow. (CVE-2023-41175)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3570.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3598.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-48281.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-30775.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-40745.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-41175.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update libtiff --releasever 2023.4.20240528' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-41175");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/21");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'libtiff-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-debuginfo-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-debuginfo-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-debugsource-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-debugsource-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-devel-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-devel-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-static-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-static-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-tools-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-tools-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.16', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-debugsource / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | libtiff | p-cpe:/a:amazon:linux:libtiff |
| amazon | linux | libtiff-debuginfo | p-cpe:/a:amazon:linux:libtiff-debuginfo |
| amazon | linux | libtiff-debugsource | p-cpe:/a:amazon:linux:libtiff-debugsource |
| amazon | linux | 2023 | cpe:/o:amazon:linux:2023 |
| amazon | linux | libtiff-tools-debuginfo | p-cpe:/a:amazon:linux:libtiff-tools-debuginfo |
| amazon | linux | libtiff-tools | p-cpe:/a:amazon:linux:libtiff-tools |
| amazon | linux | libtiff-static | p-cpe:/a:amazon:linux:libtiff-static |
| amazon | linux | libtiff-devel | p-cpe:/a:amazon:linux:libtiff-devel |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
alas.aws.amazon.com/AL2023/ALAS-2024-634.html
alas.aws.amazon.com/cve/html/CVE-2022-3570.html
alas.aws.amazon.com/cve/html/CVE-2022-3598.html
alas.aws.amazon.com/cve/html/CVE-2022-48281.html
alas.aws.amazon.com/cve/html/CVE-2023-30775.html
alas.aws.amazon.com/cve/html/CVE-2023-40745.html
alas.aws.amazon.com/cve/html/CVE-2023-41175.html
alas.aws.amazon.com/faqs.html
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2022:4411-1)
2022-12-13 00:00:00
Ubuntu 16.04 ESM : LibTIFF vulnerabilities (USN-5705-1)
2022-10-28 00:00:00
redos
redos
ROS-20240329-21
2024-03-29 00:00:00
ROS-20230124-03
2023-01-24 00:00:00
ROS-20230621-02
2023-06-21 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerabilities
2024-03-21 00:19:08
Updated libtiff packages fix security vulnerability
2023-02-07 03:06:39
Updated libtiff packages fix security vulnerability
2022-11-08 22:44:28
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0077)
2024-04-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0060-1)
2023-01-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4411-1)
2022-12-13 00:00:00
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DSA 5567-1] tiff security update
2023-11-27 05:04:24
[SECURITY] [DLA 3297-1] tiff security update
2023-01-30 21:44:57
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-10-27 00:00:00
LibTIFF vulnerabilities
2023-02-02 00:00:00
LibTIFF vulnerabilities
2022-11-08 00:00:00
osv
osv
tiff vulnerabilities
2022-10-27 19:27:40
tiff - security update
2023-11-27 00:00:00
CVE-2023-41175
2023-10-05 19:15:11
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0125
2023-10-25 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0497
2023-10-25 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0673
2023-10-26 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2024-04-30 00:00:00
Moderate: libtiff security update
2023-06-27 00:00:00
Moderate: libtiff security update
2023-05-09 00:00:00
debiancve
debiancve
redhat
redhat
(RHSA-2024:2289) Moderate: libtiff security update
2024-04-30 06:15:17
(RHSA-2023:3827) Moderate: libtiff security update
2023-06-27 13:35:37
(RHSA-2023:2340) Moderate: libtiff security update
2023-05-09 05:07:52
prion
prion
Integer overflow
2023-10-05 19:15:00
Integer overflow
2023-10-05 19:15:00
Heap overflow
2023-05-19 15:15:00
cvelist
cvelist
CVE-2023-41175 Libtiff: potential integer overflow in raw2tiff.c
2023-10-05 18:55:26
CVE-2023-40745 Libtiff: integer overflow in tiffcp.c
2023-10-05 18:55:26
CVE-2023-30775
2023-05-19 00:00:00
oraclelinux
oraclelinux
libtiff security update
2024-05-02 00:00:00
libtiff security update
2023-06-29 00:00:00
libtiff security update
2023-05-15 00:00:00
nvd
nvd
cbl_mariner
cbl_mariner
CVE-2023-40745 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2023-41175 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2022-48281 affecting package libtiff for versions less than 4.4.0-7
2023-02-24 01:54:12
amazon
amazon
Medium: libtiff
2023-09-27 22:15:00
redhatcve
redhatcve
veracode
veracode
Integer Overflow
2023-10-10 06:34:43
Heap-based Buffer Overflow
2023-05-18 07:02:10
Integer Overflow
2023-10-10 06:25:30
cve
cve
rocky
rocky
libtiff security update
2023-08-31 16:54:34
ibm
ibm
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2023-07-26 20:21:44
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Libtiff
2024-02-28 22:30:09
Security Bulletin: Multiple Vulnerabilities in IBM Datacap
2024-06-03 19:44:41
cnvd
cnvd
LibTIFF Buffer Overflow Vulnerability (CNVD-2023-29695)
2023-02-03 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72094)
2022-10-25 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72096)
2022-10-25 00:00:00
alpinelinux
alpinelinux
rosalinux
rosalinux
Advisory ROSA-SA-2023-2264
2023-10-22 05:35:45
cloudfoundry
cloudfoundry
USN-5714-1: LibTIFF vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.8%
Related for AL2023_ALAS2023-2024-634.NASL