Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2023-2340.NASL
HistoryMay 14, 2023 - 12:00 a.m.

AlmaLinux 9 : libtiff (ALSA-2023:2340)

2023-05-1400:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2340 advisory.

  • Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)

  • LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3597)

  • LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)

  • LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. (CVE-2022-3599)

  • LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3626)

  • LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3627)

  • A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)

  • LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. (CVE-2022-4645)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2023:2340.
##

include('compat.inc');

if (description)
{
  script_id(175637);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/14");

  script_cve_id(
    "CVE-2022-3570",
    "CVE-2022-3597",
    "CVE-2022-3598",
    "CVE-2022-3599",
    "CVE-2022-3626",
    "CVE-2022-3627",
    "CVE-2022-3970",
    "CVE-2022-4645",
    "CVE-2023-30774",
    "CVE-2023-30775"
  );
  script_xref(name:"ALSA", value:"2023:2340");

  script_name(english:"AlmaLinux 9 : libtiff (ALSA-2023:2340)");

  script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2023:2340 advisory.

  - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to
    trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into
    application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from
    extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted
    tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3597)

  - LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,
    allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff
    from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)

  - LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers
    to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix
    is available with commit e8131125. (CVE-2022-3599)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from
    processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a
    crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3626)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from
    extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted
    tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3627)

  - A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function
    TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is
    possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to
    fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a
    denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
    available with commit e8131125. (CVE-2022-4645)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/9/ALSA-2023-2340.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected libtiff, libtiff-devel and / or libtiff-tools packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3970");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(119, 122, 125, 680);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libtiff");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libtiff-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::appstream");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::baseos");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::crb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::highavailability");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::nfv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::realtime");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::resilientstorage");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap_hana");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::supplementary");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alma Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);

if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);

var pkgs = [
    {'reference':'libtiff-4.4.0-7.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-devel-4.4.0-7.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libtiff-tools-4.4.0-7.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff / libtiff-devel / libtiff-tools');
}
VendorProductVersionCPE
almalinuxlibtiffp-cpe:/a:alma:linux:libtiff
almalinuxlibtiff-develp-cpe:/a:alma:linux:libtiff-devel
almalinuxlibtiff-toolsp-cpe:/a:alma:linux:libtiff-tools
almalinux9cpe:/o:alma:linux:9
almalinux9cpe:/o:alma:linux:9::appstream
almalinux9cpe:/o:alma:linux:9::crb
almalinux9cpe:/o:alma:linux:9::baseos
almalinux9cpe:/o:alma:linux:9::nfv
almalinux9cpe:/o:alma:linux:9::realtime
almalinux9cpe:/o:alma:linux:9::highavailability
Rows per page:
1-10 of 141

Related

nessus 44
osv 16
oraclelinux 2
almalinux 2
redhat 2
openvas 36
photon 4
mageia 3
ubuntucve 9
redos 2
ubuntu 2
ibm 2
altlinux 1
debian 1
amazon 2
cloudfoundry 1
debiancve 7
prion 8
cve 8
veracode 9
redhatcve 8
rosalinux 1
fedora 3
alpinelinux 7
cbl_mariner 12
cnvd 6
f5 1
nessus
nessus
Oracle Linux 9 : libtiff (ELSA-2023-2340)
2023-05-15 00:00:00
RHEL 9 : libtiff (RHSA-2023:2340)
2023-05-13 00:00:00
EulerOS 2.0 SP10 : libtiff (EulerOS-SA-2023-1363)
2023-02-10 00:00:00
osv
osv
Moderate: libtiff security update
2023-05-09 00:00:00
tiff vulnerabilities
2022-10-27 19:27:40
Moderate: libtiff security update
2023-05-16 00:00:00
oraclelinux
oraclelinux
libtiff security update
2023-05-15 00:00:00
libtiff security update
2023-05-24 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-05-09 00:00:00
Moderate: libtiff security update
2023-05-16 00:00:00
redhat
redhat
(RHSA-2023:2340) Moderate: libtiff security update
2023-05-09 05:07:52
(RHSA-2023:2883) Moderate: libtiff security update
2023-05-16 05:57:15
openvas
openvas
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-1363)
2023-02-10 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-1391)
2023-02-10 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-1326)
2023-02-09 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-0307
2023-01-04 00:00:00
Moderate Photon OS Security Update - PHSA-2023-0516
2023-01-14 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0516
2023-01-14 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2022-11-13 05:25:20
Updated libtiff packages fix security vulnerability
2023-03-24 08:55:49
Updated libtiff packages fix security vulnerability
2022-11-08 22:44:28
ubuntucve
ubuntucve
CVE-2023-30774
2023-05-19 00:00:00
CVE-2023-30775
2023-05-19 00:00:00
CVE-2022-4645
2023-03-03 00:00:00
redos
redos
ROS-20230621-02
2023-06-21 00:00:00
ROS-20221118-01
2022-11-18 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-10-27 00:00:00
LibTIFF vulnerabilities
2022-11-08 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Libtiff
2024-02-28 22:30:09
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2023-06-28 20:55:31
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.4.0-alt2
2022-12-27 00:00:00
debian
debian
[SECURITY] [DLA 3278-1] tiff security update
2023-01-20 22:37:38
amazon
amazon
Medium: libtiff
2023-08-17 11:58:00
Medium: libtiff
2023-09-27 22:15:00
cloudfoundry
cloudfoundry
USN-5714-1: LibTIFF vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
debiancve
debiancve
CVE-2023-30775
2023-05-19 15:15:08
CVE-2023-30774
2023-05-19 15:15:08
CVE-2022-3599
2022-10-21 16:15:00
prion
prion
Heap overflow
2023-05-19 15:15:00
Heap overflow
2023-05-19 15:15:00
Out-of-bounds
2022-10-21 16:15:00
cve
cve
CVE-2023-30774
2023-05-19 15:15:08
CVE-2023-30775
2023-05-19 15:15:08
CVE-2022-4645
2023-03-03 16:15:00
veracode
veracode
Heap-based Buffer Overflow
2023-05-18 06:26:26
Heap-based Buffer Overflow
2023-05-18 07:02:10
Denial Of Service (DoS)
2023-03-08 13:44:51
redhatcve
redhatcve
CVE-2023-30774
2023-04-17 05:30:41
CVE-2023-30775
2023-04-17 05:30:51
CVE-2022-3599
2022-11-15 06:56:13
rosalinux
rosalinux
Advisory ROSA-SA-2023-2264
2023-10-22 05:35:45
fedora
fedora
[SECURITY] Fedora 36 Update: tkimg-1.4.14-3.fc36
2023-03-16 18:20:31
[SECURITY] Fedora 38 Update: tkimg-1.4.14-3.fc38
2023-03-11 04:08:42
[SECURITY] Fedora 37 Update: tkimg-1.4.14-3.fc37
2023-03-16 18:34:41
alpinelinux
alpinelinux
CVE-2022-4645
2023-03-03 16:15:00
CVE-2022-3599
2022-10-21 16:15:00
CVE-2022-3626
2022-10-21 16:15:00
cbl_mariner
cbl_mariner
CVE-2022-4645 affecting package libtiff 4.4.0-9
2023-03-16 03:40:02
CVE-2022-4645 affecting package libtiff 4.4.0-8
2023-04-16 01:04:22
CVE-2022-3626 affecting package libtiff 4.4.0-4
2022-11-24 00:45:37
cnvd
cnvd
LibTIFF out-of-bounds read vulnerability (CNVD-2023-15744)
2023-03-07 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72093)
2022-10-25 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72092)
2022-10-25 00:00:00
f5
f5
K37923932 : libTIFF vulnerability CVE-2022-3970
2022-12-09 00:00:00
JSON
Related for ALMA_LINUX_ALSA-2023-2340.NASL
nessus44osv16oraclelinux2almalinux2redhat2openvas36photon4mageia3ubuntucve9redos2ubuntu2ibm2altlinux1debian1amazon2cloudfoundry1debiancve7prion8cve8veracode9redhatcve8rosalinux1fedora3alpinelinux7cbl_mariner12cnvd6f51