Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2022-1780.NASL
HistoryApr 27, 2022 - 12:00 a.m.

Amazon Linux 2 : libtiff (ALAS-2022-1780)

2022-04-2700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23

8 High

AI Score

Confidence

High

JSON

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1780 advisory.

  • Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532)

  • A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. (CVE-2020-35521)

  • In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. (CVE-2020-35522)

  • An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)

  • A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)

  • Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
    (CVE-2022-0561)

  • Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
    (CVE-2022-0865)

  • Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. (CVE-2022-0907)

  • Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
    (CVE-2022-0908)

  • Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
    (CVE-2022-0909)

  • Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
    (CVE-2022-0924)

  • LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. (CVE-2022-22844)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1780.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(160258);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/31");

  script_cve_id(
    "CVE-2016-9532",
    "CVE-2020-35521",
    "CVE-2020-35522",
    "CVE-2020-35523",
    "CVE-2020-35524",
    "CVE-2022-0561",
    "CVE-2022-0865",
    "CVE-2022-0907",
    "CVE-2022-0908",
    "CVE-2022-0909",
    "CVE-2022-0924",
    "CVE-2022-22844"
  );
  script_xref(name:"ALAS", value:"2022-1780");

  script_name(english:"Amazon Linux 2 : libtiff (ALAS-2022-1780)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2022-1780 advisory.

  - Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows
    remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532)

  - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can
    lead to an abort, resulting in denial of service. (CVE-2020-35521)

  - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an
    abort, resulting in a remote denial of service attack. (CVE-2020-35522)

  - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an
    attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat
    from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)

  - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's
    TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from
    this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)

  - Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in
    tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF
    file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
    (CVE-2022-0561)

  - Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted
    tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
    (CVE-2022-0865)

  - Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause
    a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
    available with commit f2b656e2. (CVE-2022-0907)

  - Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in
    tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
    (CVE-2022-0908)

  - Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
    crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
    (CVE-2022-0909)

  - Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
    crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
    (CVE-2022-0924)

  - LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a
    custom tag and 0x0200 as the second word of the DE field. (CVE-2022-22844)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2022-1780.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2016-9532.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-35521.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-35522.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-35523.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-35524.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-0561.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-0865.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-0907.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-0908.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-0909.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-0924.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-22844.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update libtiff' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-35524");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libtiff-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
var os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'libtiff-4.0.3-35.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-4.0.3-35.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-4.0.3-35.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-debuginfo-4.0.3-35.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-debuginfo-4.0.3-35.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-debuginfo-4.0.3-35.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-devel-4.0.3-35.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-devel-4.0.3-35.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-devel-4.0.3-35.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-static-4.0.3-35.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-static-4.0.3-35.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-static-4.0.3-35.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-tools-4.0.3-35.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-tools-4.0.3-35.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-tools-4.0.3-35.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-debuginfo / libtiff-devel / etc");
}
VendorProductVersionCPE
amazonlinuxlibtiffp-cpe:/a:amazon:linux:libtiff
amazonlinuxlibtiff-debuginfop-cpe:/a:amazon:linux:libtiff-debuginfo
amazonlinuxlibtiff-develp-cpe:/a:amazon:linux:libtiff-devel
amazonlinuxlibtiff-staticp-cpe:/a:amazon:linux:libtiff-static
amazonlinuxlibtiff-toolsp-cpe:/a:amazon:linux:libtiff-tools
amazonlinux2cpe:/o:amazon:linux:2

References

Related

amazon 2
nessus 69
openvas 47
rocky 2
oraclelinux 3
redhat 3
almalinux 3
gentoo 2
altlinux 1
fedora 3
osv 15
debian 4
archlinux 1
redos 8
photon 5
mageia 2
suse 2
ubuntu 4
cloudfoundry 3
ubuntucve 2
ibm 2
cve 3
prion 1
veracode 2
debiancve 2
redhatcve 2
cnvd 1
cbl_mariner 4
alpinelinux 1
amazon
amazon
Medium: libtiff
2022-04-25 22:56:00
Medium: libtiff
2022-07-28 20:38:00
nessus
nessus
Amazon Linux AMI : libtiff (ALAS-2022-1625)
2022-08-05 00:00:00
GLSA-202104-06 : libTIFF: Multiple vulnerabilities
2021-05-03 00:00:00
EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2021-1754)
2021-04-15 00:00:00
openvas
openvas
Fedora: Security Advisory for libtiff (FEDORA-2021-1bf4f2f13a)
2021-04-23 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2021-1951)
2021-06-07 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2021-2003)
2021-07-01 00:00:00
rocky
rocky
libtiff security and bug fix update
2021-11-09 08:50:38
libtiff security update
2022-11-08 06:23:40
oraclelinux
oraclelinux
libtiff security and bug fix update
2021-11-16 00:00:00
libtiff security update
2022-11-15 00:00:00
libtiff security update
2022-11-22 00:00:00
redhat
redhat
(RHSA-2021:4241) Moderate: libtiff security and bug fix update
2021-11-09 08:50:38
(RHSA-2022:7585) Moderate: libtiff security update
2022-11-08 06:23:40
(RHSA-2022:8194) Moderate: libtiff security update
2022-11-15 06:18:19
almalinux
almalinux
Moderate: libtiff security and bug fix update
2021-11-09 08:50:38
Moderate: libtiff security update
2022-11-08 00:00:00
Moderate: libtiff security update
2022-11-15 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2021-04-30 00:00:00
LibTIFF: Multiple Vulnerabilities
2022-10-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.2.0-alt1
2020-12-25 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: libtiff-4.1.0-8.fc33
2021-04-21 21:41:44
[SECURITY] Fedora 36 Update: libtiff-4.3.0-6.fc36
2022-04-03 00:15:59
[SECURITY] Fedora 35 Update: libtiff-4.3.0-6.fc35
2022-03-31 01:15:26
osv
osv
Moderate: libtiff security and bug fix update
2021-11-09 08:50:38
Moderate: libtiff security and bug fix update
2021-11-09 08:50:38
tiff - security update
2022-03-24 00:00:00
debian
debian
[SECURITY] [DSA 5108-1] tiff security update
2022-03-24 18:55:21
[SECURITY] [DSA 4869-1] tiff security update
2021-03-12 21:40:55
[SECURITY] [DLA 2694-1] tiff security update
2021-06-27 23:03:55
archlinux
archlinux
[ASA-202204-6] libtiff: multiple issues
2022-04-05 00:00:00
redos
redos
ROS-2-598
2021-09-08 00:00:00
ROS-2-452
2021-09-08 00:00:00
ROS-2-576
2021-09-08 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0400
2022-06-04 00:00:00
Critical Photon OS Security Update - PHSA-2022-0185
2022-05-18 00:00:00
Moderate Photon OS Security Update - PHSA-2022-3.0-0400
2022-06-04 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerabilities
2021-03-04 15:26:19
Updated libtiff packages fix security vulnerability
2022-03-28 19:23:37
suse
suse
Security update for tiff (important)
2022-02-17 00:00:00
Security update for tiff (important)
2022-05-30 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-07-19 00:00:00
LibTIFF vulnerabilities
2022-09-12 00:00:00
LibTIFF vulnerabilities
2021-02-25 00:00:00
cloudfoundry
cloudfoundry
USN-5523-2: LibTIFF vulnerabilities | Cloud Foundry
2022-09-29 00:00:00
USN-4755-1: LibTIFF vulnerabilities | Cloud Foundry
2021-03-02 00:00:00
USN-5421-1: LibTIFF vulnerabilities | Cloud Foundry
2022-07-29 00:00:00
ubuntucve
ubuntucve
CVE-2020-35521
2021-03-09 00:00:00
CVE-2016-9532
2017-02-06 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2021-12-17 04:20:27
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2023-01-30 16:29:59
cve
cve
CVE-2016-9532
2017-02-06 17:59:00
CVE-2020-35521
2021-03-09 20:15:00
CVE-2020-35522
2021-03-09 20:15:00
prion
prion
Integer overflow
2017-02-06 17:59:00
veracode
veracode
Denial Of Service (DoS)
2018-05-24 04:15:05
Denial Of Service (DoS)
2021-03-16 17:03:53
debiancve
debiancve
CVE-2016-9532
2017-02-06 17:59:00
CVE-2020-35522
2021-03-09 20:15:00
redhatcve
redhatcve
CVE-2016-9532
2016-11-23 17:18:43
CVE-2020-35521
2021-02-23 20:03:21
cnvd
cnvd
LibTIFF Memory Allocation Failure Vulnerability (CNVD-2022-05533)
2021-03-10 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-35521 affecting package libtiff 4.1.0-3
2022-04-09 06:51:55
CVE-2020-35524 affecting package libtiff 4.1.0-3
2021-03-29 02:55:01
CVE-2020-35522 affecting package libtiff 4.1.0-3
2021-03-29 02:55:01
alpinelinux
alpinelinux
CVE-2020-35522
2021-03-09 20:15:00

8 High

AI Score

Confidence

High

JSON
Related for AL2_ALAS-2022-1780.NASL
amazon2nessus69openvas47rocky2oraclelinux3redhat3almalinux3gentoo2altlinux1fedora3osv15debian4archlinux1redos8photon5mageia2suse2ubuntu4cloudfoundry3ubuntucve2ibm2cve3prion1veracode2debiancve2redhatcve2cnvd1cbl_mariner4alpinelinux1