{"id": "MANDRIVA_MDVSA-2011-043.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : libtiff (MDVSA-2011:043)", "description": "A buffer overflow was discovered in libtiff which allows remote\nattackers to execute arbitrary code or cause a denial of service\n(application crash) via a crafted TIFF image with CCITT Group 4\nencoding (CVE-2011-0192).\n\nAdditionally it was discovered that the fixes for CVE-2009-2347 and\nCVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2 and\nbeing resolved as well.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "published": "2011-03-09T00:00:00", "modified": "2011-03-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/52592", "reporter": "This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.", "references": ["https://support.apple.com/en-us/HT4554"], "cvelist": ["CVE-2009-2347", "CVE-2010-2065", "CVE-2011-0192"], "type": "nessus", "lastseen": "2021-01-07T11:53:06", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0192", "CVE-2010-2065", "CVE-2009-2347"]}, {"type": "openvas", "idList": ["OPENVAS:65077", "OPENVAS:1361412562310862987", "OPENVAS:1361412562310831349", "OPENVAS:136141256231065077", "OPENVAS:136141256231067655", "OPENVAS:862162", "OPENVAS:1361412562310862162", "OPENVAS:831349", "OPENVAS:862987", "OPENVAS:136141256231065707"]}, {"type": "fedora", "idList": ["FEDORA:F2A6D1109DB", "FEDORA:B403410F8C2", "FEDORA:23C8D110D22", "FEDORA:3FA1E110C4D", "FEDORA:D2FE310F89B"]}, {"type": "freebsd", "idList": ["8816BF3A-7929-11DF-BCCE-0018F3E2EB82"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10048", "SECURITYVULNS:DOC:22155"]}, {"type": "seebug", "idList": ["SSV:11812"]}, {"type": "nessus", "idList": ["FEDORA_2009-7724.NASL", "SUSE9_12470.NASL", "SUSE_LIBTIFF-6407.NASL", "UBUNTU_USN-801-1.NASL", "SUSE_11_1_LIBTIFF-DEVEL-090807.NASL", "SUSE_LIBTIFF-DEVEL-6406.NASL", "FREEBSD_PKG_8816BF3A792911DFBCCE0018F3E2EB82.NASL", "SUSE_11_0_LIBTIFF-DEVEL-090807.NASL", "FEDORA_2009-7775.NASL", "SUSE_11_LIBTIFF-DEVEL-090807.NASL"]}, {"type": "ubuntu", "idList": ["USN-801-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0318", "ELSA-2011-0392", "ELSA-2009-1159"]}, {"type": "redhat", "idList": ["RHSA-2009:1159", "RHSA-2011:0318"]}, {"type": "centos", "idList": ["CESA-2011:0318", "CESA-2009:1159"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1835-1:250B9"]}, {"type": "gentoo", "idList": ["GLSA-200908-03"]}], "modified": "2021-01-07T11:53:06", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2021-01-07T11:53:06", "rev": 2}, "vulnersScore": 7.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:043. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52592);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2347\", \"CVE-2010-2065\", \"CVE-2011-0192\");\n script_bugtraq_id(35652, 41011, 46658);\n script_xref(name:\"MDVSA\", value:\"2011:043\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtiff (MDVSA-2011:043)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in libtiff which allows remote\nattackers to execute arbitrary code or cause a denial of service\n(application crash) via a crafted TIFF image with CCITT Group 4\nencoding (CVE-2011-0192).\n\nAdditionally it was discovered that the fixes for CVE-2009-2347 and\nCVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2 and\nbeing resolved as well.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.apple.com/en-us/HT4554\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tiff3-3.8.2-12.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tiff3-devel-3.8.2-12.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tiff3-static-devel-3.8.2-12.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"libtiff-progs-3.8.2-12.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtiff3-3.8.2-12.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtiff3-devel-3.8.2-12.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtiff3-static-devel-3.8.2-12.4mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64tiff-devel-3.9.1-4.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64tiff-static-devel-3.9.1-4.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64tiff3-3.9.1-4.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtiff-devel-3.9.1-4.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"libtiff-progs-3.9.1-4.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtiff-static-devel-3.9.1-4.3mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtiff3-3.9.1-4.3mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64tiff-devel-3.9.2-2.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64tiff-static-devel-3.9.2-2.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64tiff3-3.9.2-2.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libtiff-devel-3.9.2-2.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libtiff-progs-3.9.2-2.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libtiff-static-devel-3.9.2-2.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libtiff3-3.9.2-2.3mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "52592", "cpe": ["p-cpe:/a:mandriva:linux:libtiff3-static-devel", "p-cpe:/a:mandriva:linux:lib64tiff3-devel", "p-cpe:/a:mandriva:linux:lib64tiff-devel", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:libtiff-devel", "p-cpe:/a:mandriva:linux:libtiff3-devel", "p-cpe:/a:mandriva:linux:libtiff-progs", "p-cpe:/a:mandriva:linux:lib64tiff-static-devel", "p-cpe:/a:mandriva:linux:libtiff-static-devel", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:lib64tiff3", "p-cpe:/a:mandriva:linux:libtiff3", "p-cpe:/a:mandriva:linux:lib64tiff3-static-devel"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:34:39", "description": "Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.", "edition": 5, "cvss3": {}, "published": "2010-06-24T12:30:00", "title": "CVE-2010-2065", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2065"], "modified": "2013-05-15T03:09:00", "cpe": ["cpe:/a:libtiff:libtiff:3.6.1", "cpe:/a:libtiff:libtiff:3.9.2", "cpe:/a:libtiff:libtiff:3.8.2", "cpe:/a:libtiff:libtiff:3.9.1", "cpe:/a:libtiff:libtiff:3.5.1", "cpe:/a:libtiff:libtiff:3.5.4", "cpe:/a:libtiff:libtiff:3.4", "cpe:/a:libtiff:libtiff:3.9", "cpe:/a:libtiff:libtiff:3.6.0", "cpe:/a:libtiff:libtiff:3.7.4", "cpe:/a:libtiff:libtiff:3.7.3", "cpe:/a:libtiff:libtiff:3.7.1", "cpe:/a:libtiff:libtiff:3.7.0", "cpe:/a:libtiff:libtiff:3.5.3", "cpe:/a:libtiff:libtiff:3.5.7", "cpe:/a:libtiff:libtiff:3.9.0", "cpe:/a:libtiff:libtiff:3.8.1", "cpe:/a:libtiff:libtiff:3.5.6", "cpe:/a:libtiff:libtiff:3.5.2", "cpe:/a:libtiff:libtiff:3.5.5", "cpe:/a:libtiff:libtiff:3.8.0", "cpe:/a:libtiff:libtiff:3.7.2"], "id": "CVE-2010-2065", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2065", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:15", "description": "Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.", "edition": 3, "cvss3": {}, "published": "2009-07-14T20:30:00", "title": "CVE-2009-2347", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2347"], "modified": "2018-10-10T19:39:00", "cpe": ["cpe:/a:libtiff:libtiff:3.8.2", "cpe:/a:libtiff:libtiff:3.9", "cpe:/a:libtiff:libtiff:3.8.1", "cpe:/a:libtiff:libtiff:3.8.0", "cpe:/a:libtiff:libtiff:4.0"], "id": "CVE-2009-2347", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2347", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:03", "description": "Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.", "edition": 5, "cvss3": {}, "published": "2011-03-03T20:00:00", "title": "CVE-2011-0192", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0192"], "modified": "2014-02-21T04:39:00", "cpe": ["cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.4", "cpe:/a:apple:itunes:7.5", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:4.7", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:8.0.2", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:5.0", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:8.1.1", "cpe:/a:apple:itunes:4.6", "cpe:/a:apple:itunes:8.2.1", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:8.2", "cpe:/a:apple:itunes:8.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:6.0.4.2", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:4.5", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:7.6", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:7.7", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:8.0.0"], "id": "CVE-2011-0192", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0192", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:55:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347", "CVE-2010-2065", "CVE-2011-0192"], "description": "Check for the Version of libtiff", "modified": "2017-07-06T00:00:00", "published": "2011-03-15T00:00:00", "id": "OPENVAS:831349", "href": "http://plugins.openvas.org/nasl.php?oid=831349", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2011:043 (libtiff)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2011:043 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer overflow was discovered in libtiff which allows remote\n attackers to execute arbitrary code or cause a denial of service\n (application crash) via a crafted TIFF image with CCITT Group 4\n encoding (CVE-2011-0192).\n\n Additionally it was discovered that the fixes for CVE-2009-2347 and\n CVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2\n and being resolved as well.\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libtiff on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-03/msg00005.php\");\n script_id(831349);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-15 14:58:18 +0100 (Tue, 15 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:043\");\n script_cve_id(\"CVE-2011-0192\", \"CVE-2009-2347\", \"CVE-2010-2065\");\n script_name(\"Mandriva Update for libtiff MDVSA-2011:043 (libtiff)\");\n\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347", "CVE-2010-2065", "CVE-2011-0192"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-03-15T00:00:00", "id": "OPENVAS:1361412562310831349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831349", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2011:043 (libtiff)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2011:043 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-03/msg00005.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831349\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-15 14:58:18 +0100 (Tue, 15 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:043\");\n script_cve_id(\"CVE-2011-0192\", \"CVE-2009-2347\", \"CVE-2010-2065\");\n script_name(\"Mandriva Update for libtiff MDVSA-2011:043 (libtiff)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2010\\.0|2009\\.0)\");\n script_tag(name:\"affected\", value:\"libtiff on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A buffer overflow was discovered in libtiff which allows remote\n attackers to execute arbitrary code or cause a denial of service\n (application crash) via a crafted TIFF image with CCITT Group 4\n encoding (CVE-2011-0192).\n\n Additionally it was discovered that the fixes for CVE-2009-2347 and\n CVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2\n and being resolved as well.\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.2~2.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.1~4.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:54:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347", "CVE-2010-2065", "CVE-2009-2285", "CVE-2010-1411"], "description": "Check for the Version of libtiff", "modified": "2017-12-22T00:00:00", "published": "2010-06-25T00:00:00", "id": "OPENVAS:1361412562310862162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862162", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2010-10359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2010-10359\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libtiff on Fedora 11\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043399.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862162\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-25 12:25:26 +0200 (Fri, 25 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-10359\");\n script_cve_id(\"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2009-2347\", \"CVE-2009-2285\");\n script_name(\"Fedora Update for libtiff FEDORA-2010-10359\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~15.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347", "CVE-2010-2065", "CVE-2009-2285", "CVE-2010-1411"], "description": "Check for the Version of libtiff", "modified": "2017-12-13T00:00:00", "published": "2010-06-25T00:00:00", "id": "OPENVAS:862162", "href": "http://plugins.openvas.org/nasl.php?oid=862162", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2010-10359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2010-10359\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libtiff on Fedora 11\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043399.html\");\n script_id(862162);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-25 12:25:26 +0200 (Fri, 25 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-10359\");\n script_cve_id(\"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2009-2347\", \"CVE-2009-2285\");\n script_name(\"Fedora Update for libtiff FEDORA-2010-10359\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~15.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2065", "CVE-2011-1167", "CVE-2010-1411", "CVE-2010-2067", "CVE-2011-0192"], "description": "Check for the Version of libtiff", "modified": "2017-07-10T00:00:00", "published": "2011-04-19T00:00:00", "id": "OPENVAS:862987", "href": "http://plugins.openvas.org/nasl.php?oid=862987", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2011-3827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2011-3827\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libtiff on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html\");\n script_id(862987);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-19 07:58:39 +0200 (Tue, 19 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-3827\");\n script_cve_id(\"CVE-2011-0192\", \"CVE-2011-1167\", \"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2010-2067\");\n script_name(\"Fedora Update for libtiff FEDORA-2011-3827\");\n\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~4.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2065", "CVE-2011-1167", "CVE-2010-1411", "CVE-2010-2067", "CVE-2011-0192"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-04-19T00:00:00", "id": "OPENVAS:1361412562310862987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862987", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2011-3827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2011-3827\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862987\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-19 07:58:39 +0200 (Tue, 19 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-3827\");\n script_cve_id(\"CVE-2011-0192\", \"CVE-2011-1167\", \"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2010-2067\");\n script_name(\"Fedora Update for libtiff FEDORA-2011-3827\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~4.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-26T08:55:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tiff\n libtiff\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5055840 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65077", "href": "http://plugins.openvas.org/nasl.php?oid=65077", "type": "openvas", "title": "SLES9: Security update for libtiff", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5055840.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for libtiff\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tiff\n libtiff\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5055840 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65077);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-2347\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for libtiff\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.6.1~38.41\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libtiff3\n tiff\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:136141256231065707", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065707", "type": "openvas", "title": "SLES11: Security update for libtiff", "sourceData": "#\n#VID ac9a395c3876a17a1dea5f9f475054d1\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libtiff\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libtiff3\n tiff\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=519796\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65707\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-2347\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for libtiff\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~141.8.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~141.8.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libtiff3\n tiff\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:65707", "href": "http://plugins.openvas.org/nasl.php?oid=65707", "type": "openvas", "title": "SLES11: Security update for libtiff", "sourceData": "#\n#VID ac9a395c3876a17a1dea5f9f475054d1\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libtiff\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libtiff3\n tiff\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=519796\");\n script_id(65707);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-2347\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for libtiff\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~141.8.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tiff\", rpm:\"tiff~3.8.2~141.8.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:54:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-01-08T00:00:00", "published": "2010-07-06T00:00:00", "id": "OPENVAS:136141256231067655", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067655", "type": "openvas", "title": "FreeBSD Ports: tiff", "sourceData": "#\n#VID 8816bf3a-7929-11df-bcce-0018f3e2eb82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 8816bf3a-7929-11df-bcce-0018f3e2eb82\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n tiff\n linux-tiff\n\nCVE-2009-2347\nMultiple integer overflows in inter-color spaces conversion tools in\nlibtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent\nattackers to execute arbitrary code via a TIFF image with large (1)\nwidth and (2) height values, which triggers a heap-based buffer\noverflow in the (a) cvt_whole_image function in tiff2rgba and (b)\ntiffcvt function in rgb2ycbcr.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.remotesensing.org/libtiff/v3.9.4.html\nhttp://www.ocert.org/advisories/ocert-2009-012.html\nhttp://www.vuxml.org/freebsd/8816bf3a-7929-11df-bcce-0018f3e2eb82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67655\");\n script_version(\"$Revision: 8314 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 09:01:01 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 02:35:12 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2347\");\n script_name(\"FreeBSD Ports: tiff\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tiff\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.9.4\")<0) {\n txt += 'Package tiff version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-tiff\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.9.4\")<0) {\n txt += 'Package linux-tiff version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1411", "CVE-2010-2065", "CVE-2010-2067", "CVE-2011-0192", "CVE-2011-1167"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2011-04-11T20:58:53", "published": "2011-04-11T20:58:53", "id": "FEDORA:23C8D110D22", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: libtiff-3.9.4-4.fc13", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0192"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2011-03-07T21:06:23", "published": "2011-03-07T21:06:23", "id": "FEDORA:3FA1E110C4D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: libtiff-3.9.4-3.fc14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0192"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2011-03-12T04:41:24", "published": "2011-03-12T04:41:24", "id": "FEDORA:F2A6D1109DB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libtiff-3.9.4-3.fc15", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2285", "CVE-2009-2347"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2009-07-19T10:30:18", "published": "2009-07-19T10:30:18", "id": "FEDORA:D2FE310F89B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: libtiff-3.8.2-14.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2285", "CVE-2009-2347"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2009-07-19T10:12:56", "published": "2009-07-19T10:12:56", "id": "FEDORA:B403410F8C2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: libtiff-3.8.2-14.fc10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0192", "CVE-2011-1167"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2011-04-08T23:19:15", "published": "2011-04-08T23:19:15", "id": "FEDORA:EB6BC111F2E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: libtiff-3.9.4-4.fc14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:07:31", "description": "CVE-2009-2347 libtiff: integer overflows in various inter-color spaces\nconversion tools (crash, ACE) Not the same as last week's libtiff\nsecurity issue ...\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-07-20T00:00:00", "title": "Fedora 11 : libtiff-3.8.2-14.fc11 (2009-7775)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-07-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-7775.NASL", "href": "https://www.tenable.com/plugins/nessus/39864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-7775.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39864);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2347\");\n script_bugtraq_id(35652);\n script_xref(name:\"FEDORA\", value:\"2009-7775\");\n\n script_name(english:\"Fedora 11 : libtiff-3.8.2-14.fc11 (2009-7775)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2347 libtiff: integer overflows in various inter-color spaces\nconversion tools (crash, ACE) Not the same as last week's libtiff\nsecurity issue ...\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=510041\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026653.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6aa2a0d3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"libtiff-3.8.2-14.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:25", "description": "This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : libtiff (YOU Patch Number 12470)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12470.NASL", "href": "https://www.tenable.com/plugins/nessus/41320", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41320);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2347\");\n\n script_name(english:\"SuSE9 Security Update : libtiff (YOU Patch Number 12470)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2347.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12470.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libtiff-3.6.1-38.41\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"tiff-3.6.1-38.41\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libtiff-32bit-9-200908071506\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:39", "description": "Tielei Wang and Tom Lane discovered that the TIFF library did not\ncorrectly handle certain malformed TIFF images. If a user or automated\nsystem were tricked into processing a malicious image, an attacker\ncould execute arbitrary code with the privileges of the user invoking\nthe program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2009-07-14T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : tiff vulnerability (USN-801-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-07-14T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtiff4", "p-cpe:/a:canonical:ubuntu_linux:libtiffxx0c2", "p-cpe:/a:canonical:ubuntu_linux:libtiff-doc", "p-cpe:/a:canonical:ubuntu_linux:libtiff-opengl", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libtiff-tools", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libtiff4-dev", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-801-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39788", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-801-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39788);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2347\");\n script_bugtraq_id(35652);\n script_xref(name:\"USN\", value:\"801-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : tiff vulnerability (USN-801-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tielei Wang and Tom Lane discovered that the TIFF library did not\ncorrectly handle certain malformed TIFF images. If a user or automated\nsystem were tricked into processing a malicious image, an attacker\ncould execute arbitrary code with the privileges of the user invoking\nthe program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/801-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiffxx0c2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiff-opengl\", pkgver:\"3.7.4-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiff-tools\", pkgver:\"3.7.4-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiff4\", pkgver:\"3.7.4-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiff4-dev\", pkgver:\"3.7.4-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtiffxx0c2\", pkgver:\"3.7.4-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff-opengl\", pkgver:\"3.8.2-7ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff-tools\", pkgver:\"3.8.2-7ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff4\", pkgver:\"3.8.2-7ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff4-dev\", pkgver:\"3.8.2-7ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiffxx0c2\", pkgver:\"3.8.2-7ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtiff-doc\", pkgver:\"3.8.2-11ubuntu0.8.10.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtiff-opengl\", pkgver:\"3.8.2-11ubuntu0.8.10.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtiff-tools\", pkgver:\"3.8.2-11ubuntu0.8.10.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtiff4\", pkgver:\"3.8.2-11ubuntu0.8.10.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtiff4-dev\", pkgver:\"3.8.2-11ubuntu0.8.10.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtiffxx0c2\", pkgver:\"3.8.2-11ubuntu0.8.10.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtiff-doc\", pkgver:\"3.8.2-11ubuntu0.9.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtiff-opengl\", pkgver:\"3.8.2-11ubuntu0.9.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtiff-tools\", pkgver:\"3.8.2-11ubuntu0.9.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtiff4\", pkgver:\"3.8.2-11ubuntu0.9.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtiff4-dev\", pkgver:\"3.8.2-11ubuntu0.9.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtiffxx0c2\", pkgver:\"3.8.2-11ubuntu0.9.04.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-doc / libtiff-opengl / libtiff-tools / libtiff4 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:46:53", "description": "Tielei Wang :\n\nMultiple integer overflows in inter-color spaces conversion tools in\nlibtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent\nattackers to execute arbitrary code via a TIFF image with large (1)\nwidth and (2) height values, which triggers a heap-based buffer\noverflow in the (a) cvt_whole_image function in tiff2rgba and (b)\ntiffcvt function in rgb2ycbcr.", "edition": 25, "published": "2010-06-17T00:00:00", "title": "FreeBSD : tiff -- Multiple integer overflows (8816bf3a-7929-11df-bcce-0018f3e2eb82)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2010-06-17T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-tiff", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tiff", "p-cpe:/a:freebsd:freebsd:linux-f10-tiff"], "id": "FREEBSD_PKG_8816BF3A792911DFBCCE0018F3E2EB82.NASL", "href": "https://www.tenable.com/plugins/nessus/47033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47033);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2347\");\n\n script_name(english:\"FreeBSD : tiff -- Multiple integer overflows (8816bf3a-7929-11df-bcce-0018f3e2eb82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tielei Wang :\n\nMultiple integer overflows in inter-color spaces conversion tools in\nlibtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent\nattackers to execute arbitrary code via a TIFF image with large (1)\nwidth and (2) height values, which triggers a heap-based buffer\noverflow in the (a) cvt_whole_image function in tiff2rgba and (b)\ntiffcvt function in rgb2ycbcr.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.remotesensing.org/libtiff/v3.9.4.html\"\n );\n # http://www.ocert.org/advisories/ocert-2009-012.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ocert.org/advisories/ocert-2009-012.html\"\n );\n # https://vuxml.freebsd.org/freebsd/8816bf3a-7929-11df-bcce-0018f3e2eb82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a5f4332\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tiff<3.9.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-tiff<3.9.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-tiff<3.9.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:31", "description": "This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)", "edition": 23, "published": "2009-10-06T00:00:00", "title": "openSUSE 10 Security Update : libtiff-devel (libtiff-devel-6406)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-10-06T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:tiff", "p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff3-32bit", "p-cpe:/a:novell:opensuse:libtiff3", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit"], "id": "SUSE_LIBTIFF-DEVEL-6406.NASL", "href": "https://www.tenable.com/plugins/nessus/42018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libtiff-devel-6406.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42018);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2347\");\n\n script_name(english:\"openSUSE 10 Security Update : libtiff-devel (libtiff-devel-6406)\");\n script_summary(english:\"Check for the libtiff-devel-6406 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libtiff-devel-3.8.2-68.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libtiff3-3.8.2-68.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tiff-3.8.2-68.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.8.2-68.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-68.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel / libtiff-devel-32bit / libtiff3 / libtiff3-32bit / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:30", "description": "This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : libtiff (ZYPP Patch Number 6407)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBTIFF-6407.NASL", "href": "https://www.tenable.com/plugins/nessus/41553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41553);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2347\");\n\n script_name(english:\"SuSE 10 Security Update : libtiff (ZYPP Patch Number 6407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2347.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6407.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libtiff-3.8.2-5.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libtiff-devel-3.8.2-5.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"tiff-3.8.2-5.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libtiff-3.8.2-5.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libtiff-devel-3.8.2-5.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"tiff-3.8.2-5.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.8.2-5.16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:13:26", "description": "This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : libtiff (SAT Patch Number 1172)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:tiff", "p-cpe:/a:novell:suse_linux:11:libtiff3-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libtiff3"], "id": "SUSE_11_LIBTIFF-DEVEL-090807.NASL", "href": "https://www.tenable.com/plugins/nessus/41430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41430);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2347\");\n\n script_name(english:\"SuSE 11 Security Update : libtiff (SAT Patch Number 1172)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2347.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1172.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtiff3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libtiff3-3.8.2-141.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libtiff3-3.8.2-141.8.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libtiff3-3.8.2-141.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"tiff-3.8.2-141.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libtiff3-32bit-3.8.2-141.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:50", "description": "This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)", "edition": 23, "published": "2009-08-20T00:00:00", "title": "openSUSE Security Update : libtiff-devel (libtiff-devel-1176)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-08-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tiff", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff3-32bit", "p-cpe:/a:novell:opensuse:libtiff3", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit"], "id": "SUSE_11_1_LIBTIFF-DEVEL-090807.NASL", "href": "https://www.tenable.com/plugins/nessus/40653", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libtiff-devel-1176.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40653);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2347\");\n\n script_name(english:\"openSUSE Security Update : libtiff-devel (libtiff-devel-1176)\");\n script_summary(english:\"Check for the libtiff-devel-1176 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519796\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libtiff-devel-3.8.2-133.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libtiff3-3.8.2-133.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tiff-3.8.2-133.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.8.2-133.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-133.37.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel / libtiff-devel-32bit / libtiff3 / libtiff3-32bit / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:32", "description": "This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)", "edition": 23, "published": "2009-08-20T00:00:00", "title": "openSUSE Security Update : libtiff-devel (libtiff-devel-1176)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-08-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tiff", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff3-32bit", "p-cpe:/a:novell:opensuse:libtiff3", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit"], "id": "SUSE_11_0_LIBTIFF-DEVEL-090807.NASL", "href": "https://www.tenable.com/plugins/nessus/40646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libtiff-devel-1176.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40646);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2347\");\n\n script_name(english:\"openSUSE Security Update : libtiff-devel (libtiff-devel-1176)\");\n script_summary(english:\"Check for the libtiff-devel-1176 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the tiff package fixes various integer overflows in the\ntools. (CVE-2009-2347)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519796\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libtiff-devel-3.8.2-108.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libtiff3-3.8.2-108.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tiff-3.8.2-108.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.8.2-108.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-108.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel / libtiff-devel-32bit / libtiff3 / libtiff3-32bit / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:30", "description": "CVE-2009-2347 libtiff: integer overflows in various inter-color spaces\nconversion tools (crash, ACE) Not the same as last week's libtiff\nsecurity issue ...\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-07-20T00:00:00", "title": "Fedora 10 : libtiff-3.8.2-14.fc10 (2009-7724)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2347"], "modified": "2009-07-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:libtiff"], "id": "FEDORA_2009-7724.NASL", "href": "https://www.tenable.com/plugins/nessus/39858", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-7724.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39858);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2347\");\n script_bugtraq_id(35652);\n script_xref(name:\"FEDORA\", value:\"2009-7724\");\n\n script_name(english:\"Fedora 10 : libtiff-3.8.2-14.fc10 (2009-7724)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2347 libtiff: integer overflows in various inter-color spaces\nconversion tools (crash, ACE) Not the same as last week's libtiff\nsecurity issue ...\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=510041\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026592.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9499139c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"libtiff-3.8.2-14.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2347"], "description": "\nTielei Wang:\n\nMultiple integer overflows in inter-color spaces conversion\n\t tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow\n\t context-dependent attackers to execute arbitrary code via a\n\t TIFF image with large (1) width and (2) height values, which\n\t triggers a heap-based buffer overflow in the (a) cvt_whole_image\n\t function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.\n\n", "edition": 4, "modified": "2009-05-22T00:00:00", "published": "2009-05-22T00:00:00", "id": "8816BF3A-7929-11DF-BCCE-0018F3E2EB82", "href": "https://vuxml.freebsd.org/freebsd/8816bf3a-7929-11df-bcce-0018f3e2eb82.html", "title": "tiff -- Multiple integer overflows", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-2347"], "description": "\r\n#2009-012 libtiff tools integer overflows\r\n\r\nDescription:\r\n\r\nThe libtiff image library tools suffer from integer overflows which may lead to\r\na potentially exploitable heap overflow and result in arbitrary code execution.\r\n\r\nThe libtiff package ships a library, for reading and writing TIFF, as well as a\r\nsmall collection of tools for manipulating TIFF images. The cvt_whole_image\r\nfunction used in the tiff2rgba tool and the tiffcvt function used in the\r\nrgb2ycbcr tool do not properly validate the width and height of the image.\r\nSpecific TIFF images with large width and height can be crafted to trigger the\r\nvulnerability.\r\n\r\nA patch has been made available by the maintainer and further improved by Tom\r\nLane of Red Hat.\r\n\r\nAffected version:\r\n\r\nlibtiff &lt;= 3.8.2, &lt;= 3.9 &#40;stable&#41;, &lt;= 4.0 &#40;development&#41;\r\n\r\nFixed version:\r\n\r\nlibtiff, N/A &#40;patch has been made available and it&#39;s expected to be committed\r\nto libtiff CVS&#41;\r\n\r\nCredit: vulnerability report and PoC code received from Tielei Wang &lt;wangtielei\r\n [at] icst [dot] pku [dot] edu [dot] cn&gt;, ICST-ERCIS.\r\n\r\nCVE: CVE-2009-2347\r\n\r\nTimeline:\r\n\r\n2009-05-22: vulnerability report received\r\n2009-05-22: contacted libtiff maintainer\r\n2009-06-30: report resent to maintainer due to lack of response\r\n2009-07-01: maintainer provides patch\r\n2009-07-04: reporter confirm fixes\r\n2009-07-04: oCERT requests one week embargo for vendor notification\r\n2009-07-04: maintainer confirms embargo\r\n2009-07-07: contacted affected vendors\r\n2009-07-07: assigned CVE\r\n2009-07-07: improved patch contributed by Tom Lane of Red Hat\r\n2009-07-04: reporter acknowledges patch\r\n2009-07-13: advisory release\r\n\r\nReferences:\r\nhttps://bugzilla.redhat.com/attachment.cgi?id=35132\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2009-012.html\r\n\r\n-- \r\nAndrea Barisani | Founder &amp; Project Coordinator\r\n oCERT | Open Source Computer Emergency Response Team\r\n\r\n&lt;lcars@ocert.org&gt; http://www.ocert.org\r\n 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E\r\n &quot;Pluralitas non est ponenda sine necessitate&quot;", "edition": 1, "modified": "2009-07-14T00:00:00", "published": "2009-07-14T00:00:00", "id": "SECURITYVULNS:DOC:22155", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22155", "title": "[oCERT-2009-012] libtiff tools integer overflows", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-2347", "CVE-2009-2285"], "description": "Crash on LZWDecodeCompat. Potantial integer overflows in tiff2rgba and rgb2ycbcr.", "edition": 1, "modified": "2009-07-14T00:00:00", "published": "2009-07-14T00:00:00", "id": "SECURITYVULNS:VULN:10048", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10048", "title": "libtiff multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:43:53", "description": "BUGTRAQ ID: 35652\r\nCVE(CAN) ID: CVE-2009-2347\r\n\r\nLibTiff\u662f\u8d1f\u8d23\u5bf9TIFF\u56fe\u8c61\u683c\u5f0f\u8fdb\u884c\u7f16\u7801/\u89e3\u7801\u7684\u5e94\u7528\u5e93\u3002\r\n\r\nlibtiff\u8f6f\u4ef6\u628a\u4e2d\u6346\u7ed1\u4e86\u4e00\u4e9b\u7528\u4e8e\u64cd\u63a7TIFF\u56fe\u5f62\u7684\u5de5\u5177\u96c6\uff0c\u5176\u4e2dtiff2rgba\u5de5\u5177\u6240\u4f7f\u7528\u7684cvt_whole_image\u51fd\u6570\u548c rgb2ycbcr\u5de5\u5177\u6240\u4f7f\u7528\u7684tiffcvt\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u56fe\u5f62\u7684\u5bbd\u5ea6\u548c\u9ad8\u5ea6\uff0c\u5728\u4f7f\u7528\u5bbd\u5ea6\u548c\u9ad8\u5ea6\u503c\u8ba1\u7b97raster\u7f13\u51b2\u533a\u5927\u5c0f\u65f6\u53ef\u80fd\u51fa\u73b0\u6700\u7ec8\u53ef\u5bfc\u81f4\u5806\u6ea2\u51fa\u7684\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u7578\u5f62\u7684TIFF\u56fe\u5f62\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u8f6c\u6362\u5de5\u5177\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nLibTIFF LibTIFF 4.0\r\nLibTIFF LibTIFF 3.9\r\nLibTIFF LibTIFF 3.8.2\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLibTIFF\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/", "published": "2009-07-14T00:00:00", "type": "seebug", "title": "LibTIFF\u5e93tiff2rgba\u548crgb2ycbcr\u8f6c\u6362\u5de5\u5177\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2347"], "modified": "2009-07-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11812", "id": "SSV:11812", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:20:10", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2347"], "description": "Tielei Wang and Tom Lane discovered that the TIFF library did not correctly \nhandle certain malformed TIFF images. If a user or automated system were \ntricked into processing a malicious image, an attacker could execute \narbitrary code with the privileges of the user invoking the program.", "edition": 5, "modified": "2009-07-13T00:00:00", "published": "2009-07-13T00:00:00", "id": "USN-801-1", "href": "https://ubuntu.com/security/notices/USN-801-1", "title": "tiff vulnerability", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0192"], "description": "[3.9.4-1.el6_0.1]\n- Add fix for CVE-2011-0192\nResolves: #679298", "edition": 4, "modified": "2011-03-03T00:00:00", "published": "2011-03-03T00:00:00", "id": "ELSA-2011-0318", "href": "http://linux.oracle.com/errata/ELSA-2011-0318.html", "title": "libtiff security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2347", "CVE-2009-2285"], "description": "[3.8.2-7.el5.4]\n- Fix buffer overrun risks caused by unchecked integer overflow (CVE-2009-2347)\nResolves: #507725\n[3.8.2-7.el5.3]\n- Fix some more LZW decoding vulnerabilities (CVE-2009-2285)\nResolves: #507725\n- Update upstream URL ", "edition": 4, "modified": "2009-07-16T00:00:00", "published": "2009-07-16T00:00:00", "id": "ELSA-2009-1159", "href": "http://linux.oracle.com/errata/ELSA-2009-1159.html", "title": "libtiff security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1167", "CVE-2011-0192"], "description": "[3.9.4-1.el6_0.2]\n- Fix incorrect fix for CVE-2011-0192\nResolves: #688829\n- Add fix for CVE-2011-1167\nResolves: #688742", "edition": 4, "modified": "2011-03-28T00:00:00", "published": "2011-03-28T00:00:00", "id": "ELSA-2011-0392", "href": "http://linux.oracle.com/errata/ELSA-2011-0392.html", "title": "libtiff security and bug fix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0192"], "description": "The libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff processed\ncertain TIFF Internet Fax image files, compressed with the CCITT Group 4\ncompression algorithm. An attacker could use this flaw to create a\nspecially-crafted TIFF file that, when opened, would cause an application\nlinked against libtiff to crash or, possibly, execute arbitrary code.\n(CVE-2011-0192)\n\nRed Hat would like to thank Apple Product Security for reporting this\nissue.\n\nAll libtiff users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running applications linked\nagainst libtiff must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:30", "published": "2011-03-02T05:00:00", "id": "RHSA-2011:0318", "href": "https://access.redhat.com/errata/RHSA-2011:0318", "type": "redhat", "title": "(RHSA-2011:0318) Important: libtiff security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:40", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2285", "CVE-2009-2347"], "description": "The libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nSeveral integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various libtiff color space conversion tools. An attacker\ncould create a specially-crafted TIFF file, which once opened by an\nunsuspecting user, would cause the conversion tool to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe tool. (CVE-2009-2347)\n\nA buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW)\ncompression algorithm decoder. An attacker could create a specially-crafted\nLZW-encoded TIFF file, which once opened by an unsuspecting user, would\ncause an application linked with libtiff to access an out-of-bounds memory\nlocation, leading to a denial of service (application crash).\n(CVE-2009-2285)\n\nThe CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS,\nPeking University.\n\nAll libtiff users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nall applications linked with the libtiff library (such as Konqueror) must\nbe restarted for the update to take effect.", "modified": "2018-05-26T04:26:18", "published": "2009-07-16T04:00:00", "id": "RHSA-2009:1159", "href": "https://access.redhat.com/errata/RHSA-2009:1159", "type": "redhat", "title": "(RHSA-2009:1159) Moderate: libtiff security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-08-08T11:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0192"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0318\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff processed\ncertain TIFF Internet Fax image files, compressed with the CCITT Group 4\ncompression algorithm. An attacker could use this flaw to create a\nspecially-crafted TIFF file that, when opened, would cause an application\nlinked against libtiff to crash or, possibly, execute arbitrary code.\n(CVE-2011-0192)\n\nRed Hat would like to thank Apple Product Security for reporting this\nissue.\n\nAll libtiff users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running applications linked\nagainst libtiff must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029399.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029400.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-March/029294.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-March/029295.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0318.html", "edition": 5, "modified": "2011-04-14T23:48:12", "published": "2011-03-03T03:27:08", "href": "http://lists.centos.org/pipermail/centos-announce/2011-March/029294.html", "id": "CESA-2011:0318", "title": "libtiff security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-08T11:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2347", "CVE-2009-2285"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1159\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nSeveral integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various libtiff color space conversion tools. An attacker\ncould create a specially-crafted TIFF file, which once opened by an\nunsuspecting user, would cause the conversion tool to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe tool. (CVE-2009-2347)\n\nA buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW)\ncompression algorithm decoder. An attacker could create a specially-crafted\nLZW-encoded TIFF file, which once opened by an unsuspecting user, would\ncause an application linked with libtiff to access an out-of-bounds memory\nlocation, leading to a denial of service (application crash).\n(CVE-2009-2285)\n\nThe CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS,\nPeking University.\n\nAll libtiff users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nall applications linked with the libtiff library (such as Konqueror) must\nbe restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028074.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028075.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028080.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028081.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1159.html", "edition": 7, "modified": "2009-07-28T11:14:13", "published": "2009-07-22T22:35:54", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/028074.html", "id": "CESA-2009:1159", "title": "libtiff security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:14:34", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2347", "CVE-2009-2285"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1835-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 15, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : tiff\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-2285 CVE-2009-2347\nDebian Bug : 534137 \n\nSeveral vulnerabilities have been discovered in the library for the\nTag Image File Format (TIFF). The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-2285\n\n It was discovered that malformed TIFF images can lead to a crash\n in the decompression code, resulting in denial of service.\n\nCVE-2009-2347\n\n Andrea Barisani discovered several integer overflows, which\n can lead to the execution of arbitrary code if malformed\n images are passed to the rgb2ycbcr or tiff2rgba tools.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 3.8.2-7+etch3.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.8.2-11.2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tiff packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch3.dsc\n Size/MD5 checksum: 762 36f73ea87004a60aab14631f13d3471b\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch3.diff.gz\n Size/MD5 checksum: 18868 e052c2395ca6c0f7e3f8af8891a4a58c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_alpha.deb\n Size/MD5 checksum: 296942 111a269342351ea17df42220da828f10\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_alpha.deb\n Size/MD5 checksum: 5150 d30d96aee257911bb31f7b2edc787910\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_alpha.deb\n Size/MD5 checksum: 507488 9116610934053314a4381f45ecb5c74c\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_alpha.deb\n Size/MD5 checksum: 207572 980945ad1d2cb4f850fbfc571ee22881\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_alpha.deb\n Size/MD5 checksum: 11290 04212bd484cc3182dd2032e112e6cb04\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_amd64.deb\n Size/MD5 checksum: 248094 39bddfebcb9817a32c5384dfb00e74f4\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_amd64.deb\n Size/MD5 checksum: 4928 6b3cef2bbed56f07dda4c7030decb885\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_amd64.deb\n Size/MD5 checksum: 10296 f05b715568050045aaa09f5fc0c411ea\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_amd64.deb\n Size/MD5 checksum: 183836 09b83f517d72bb367474ef19fd44745e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_amd64.deb\n Size/MD5 checksum: 489394 938b279275a47560cfc657975cdd891e\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_arm.deb\n Size/MD5 checksum: 9978 e56eb8f02f9cda4d3f85087801093bf3\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_arm.deb\n Size/MD5 checksum: 4420 646ec0aab1389b2d15624777e98c3424\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_arm.deb\n Size/MD5 checksum: 236180 14f129fa7e425057ac3150cb25b910dc\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_arm.deb\n Size/MD5 checksum: 499350 d50887f9ad506832583d53fbc2150687\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_arm.deb\n Size/MD5 checksum: 181140 d97dce9dd3c76ac562aca729639bea49\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_hppa.deb\n Size/MD5 checksum: 10886 a8a0b324c7eadbab319d053f5ffa8b75\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_hppa.deb\n Size/MD5 checksum: 196152 e50a64940c53351042db9e354adec121\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_hppa.deb\n Size/MD5 checksum: 267962 143480ae705b8bf34f9857bda9f56db6\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_hppa.deb\n Size/MD5 checksum: 515796 8d3ec336799f358b42581fd92586cf66\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_hppa.deb\n Size/MD5 checksum: 6004 d080e0a85557cc7fca4d07b7c1022e47\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_i386.deb\n Size/MD5 checksum: 5012 5e8b86ed2dc5efe32559556e1abeb59e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_i386.deb\n Size/MD5 checksum: 175630 1ed6abc2557ccbdacfc38ca67290868a\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_i386.deb\n Size/MD5 checksum: 9860 77eed101177448e2eb9c5b696b9f9b05\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_i386.deb\n Size/MD5 checksum: 233494 58ae9a5e29486caed9b27d74395fd69e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_i386.deb\n Size/MD5 checksum: 483206 98ab5ac548af4998db017f6dc568821e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_ia64.deb\n Size/MD5 checksum: 13170 f946d23c3f894b312c7f6d33ded01d4b\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_ia64.deb\n Size/MD5 checksum: 251070 3e6a616ac15acf9baf87327a7bdcb3e6\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_ia64.deb\n Size/MD5 checksum: 326196 95d71750ad5502543377ff0739d6b2a3\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_ia64.deb\n Size/MD5 checksum: 6722 dccfb36e482dd7e8f61a49a7492ab4b5\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_ia64.deb\n Size/MD5 checksum: 552342 ae85fb2298db8aa66f12d45f9e7d0000\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_mips.deb\n Size/MD5 checksum: 10658 ea25cb0f6a6c018d175644da7123c613\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_mips.deb\n Size/MD5 checksum: 485344 b4ee0a92d46408238bd14e2761eb3a60\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_mips.deb\n Size/MD5 checksum: 188386 2ca5227913d149c2c3901dd127ce51c1\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_mips.deb\n Size/MD5 checksum: 264386 0a089d68e60d52945c552a0b91a194d1\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_mips.deb\n Size/MD5 checksum: 5158 8f74f09a323379d1b60de67faf979942\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_mipsel.deb\n Size/MD5 checksum: 188960 7fada9867fb319b84784b7b119603c6f\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_mipsel.deb\n Size/MD5 checksum: 10642 f57ba50e42a8ef4cd45396396990754e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_mipsel.deb\n Size/MD5 checksum: 264576 8e4e6441e12f37b5723847b7765097ad\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_mipsel.deb\n Size/MD5 checksum: 5138 766e8618f1c308ef64b24f5225103901\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_mipsel.deb\n Size/MD5 checksum: 485392 0f554374048d5574dd6860e34e770930\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_powerpc.deb\n Size/MD5 checksum: 504012 c9779c9112652cba3f26bab33afabfc7\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_powerpc.deb\n Size/MD5 checksum: 254060 672b8396f12b9e01434fa077e1611d86\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_powerpc.deb\n Size/MD5 checksum: 203862 afc47f6e981fba5e177bca43ff8b1a7b\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_powerpc.deb\n Size/MD5 checksum: 11812 57eb8b73df7a84bfe9e8fff861ea693f\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_powerpc.deb\n Size/MD5 checksum: 6694 213160fb71e26b30255c544e5e7fd69a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_s390.deb\n Size/MD5 checksum: 10722 6efc6c6950a795f58c6defceebb255ee\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_s390.deb\n Size/MD5 checksum: 5234 dde2c8e4d1c3bf64ff8cfada57450216\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_s390.deb\n Size/MD5 checksum: 248752 c9946c79b44fafcccd7bc4dc442a6392\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_s390.deb\n Size/MD5 checksum: 497694 ae661ad97a3e6847ccf6da0e4da7df8c\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_s390.deb\n Size/MD5 checksum: 182726 29728322bbe8decf9c728ebf3688e7d9\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_sparc.deb\n Size/MD5 checksum: 495792 2dce34c146f793fb8c736b5134c3966d\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_sparc.deb\n Size/MD5 checksum: 238040 96385ebc347e32f74de93a66899e1d17\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_sparc.deb\n Size/MD5 checksum: 10232 65dd91095c8cd47fd76fb45a2da57067\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_sparc.deb\n Size/MD5 checksum: 172004 89717a135257703b170e34ee6c50e407\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_sparc.deb\n Size/MD5 checksum: 4694 f53e42c5430461b3b4890313b00f2f83\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.2.dsc\n Size/MD5 checksum: 1196 c61acedd4493ae0f675ffc611219ae21\n http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.2.diff.gz\n Size/MD5 checksum: 39075 1985df0b4d4b6047d604c18ff9bcb901\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.2_all.deb\n Size/MD5 checksum: 383532 52b6d5fc17bf54e7c9d6327c2f21653d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_alpha.deb\n Size/MD5 checksum: 183988 bd8137753496c3c2b21d91e19b78cc9f\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_alpha.deb\n Size/MD5 checksum: 339004 cb2edeb22053a3e944c81300272871e6\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_alpha.deb\n Size/MD5 checksum: 55812 9b24f1f8601883f4f6430afaf61b7be1\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_alpha.deb\n Size/MD5 checksum: 49812 3833a231e05944f57651d66da9fe5f97\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_alpha.deb\n Size/MD5 checksum: 252810 66c7b7e9f84dc2259f2f7f2776d521c6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_amd64.deb\n Size/MD5 checksum: 170674 5650754622d9598fa65202faba34130e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_amd64.deb\n Size/MD5 checksum: 232172 ace8a6e0347fc01734ebee80a7ef5587\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_amd64.deb\n Size/MD5 checksum: 54760 10c512849acfd403ee07cba11e474c8b\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_amd64.deb\n Size/MD5 checksum: 49680 920043baa061c9dbef860e41a3f1a583\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_amd64.deb\n Size/MD5 checksum: 293354 0af7a3bbc79749794ff48cdcecf4e43c\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_arm.deb\n Size/MD5 checksum: 160320 9d0709f2b4a0da7148204c15382a8858\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_arm.deb\n Size/MD5 checksum: 48126 40ebc4cc7e3cf3dee951965da5bd8cd5\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_arm.deb\n Size/MD5 checksum: 277572 dc61062c6f02e859ed7ac4d624246121\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_arm.deb\n Size/MD5 checksum: 53500 117586c6131cc0ac775dcab14b8c0d5c\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_arm.deb\n Size/MD5 checksum: 226998 113904ba4dc113aaa715617fd61aaeb7\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_armel.deb\n Size/MD5 checksum: 234136 a9347e98a82b04fe6f2f1654d2c6029e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_armel.deb\n Size/MD5 checksum: 161720 4bb949d04e6d28ca9b976233108d2d6a\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_armel.deb\n Size/MD5 checksum: 55974 eb4eb7f937d988488bcdc1f7b64712cf\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_armel.deb\n Size/MD5 checksum: 48504 e3dc565032463e605f72119f4495a419\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_armel.deb\n Size/MD5 checksum: 278336 0b7b73cefac726ee7ac4e00d900227ca\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_hppa.deb\n Size/MD5 checksum: 176202 f6445adc8cb99cee5a472f12cf6fb90e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_hppa.deb\n Size/MD5 checksum: 54680 5a6e9fc86aa6eef314899535100f7105\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_hppa.deb\n Size/MD5 checksum: 240752 555bb7db50f993fdb3849b313842cefe\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_hppa.deb\n Size/MD5 checksum: 309034 5179d2dcf94f1b10a75caae7be808cc9\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_hppa.deb\n Size/MD5 checksum: 49876 818f43b0c535417d3acaa94ec1ca9844\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_i386.deb\n Size/MD5 checksum: 48826 fc39da66ddff0e33e9b0d51b2248601a\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_i386.deb\n Size/MD5 checksum: 218506 939da912792c676786664fd2996a9745\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_i386.deb\n Size/MD5 checksum: 53384 3c5a7d5ad8f7fcad57441170e7e76702\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_i386.deb\n Size/MD5 checksum: 275694 f3041b4462b8142ef2bf0229ccf4928c\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_i386.deb\n Size/MD5 checksum: 161018 42b1c14eb094d0bc14247fb812a495bb\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_ia64.deb\n Size/MD5 checksum: 229558 d65d3370566c1b3ab9386b27b8fe1ef8\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_ia64.deb\n Size/MD5 checksum: 50526 0334f51430892eb504fa49db6fabd4db\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_ia64.deb\n Size/MD5 checksum: 369350 741d24b7c42e2a44b28934156297ff88\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_ia64.deb\n Size/MD5 checksum: 56920 171af454e1f47761d5e3629a30816cf3\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_ia64.deb\n Size/MD5 checksum: 293788 db7390b4c93157e02f6ee49b6f13f010\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_mips.deb\n Size/MD5 checksum: 164126 fc7a6f5704e49fb631591d3c9089c4d8\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_mips.deb\n Size/MD5 checksum: 307262 9a614840c5a856c721f4322562e97144\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_mips.deb\n Size/MD5 checksum: 228056 8ea8ae92f72428da8d989c229dcfeb4e\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_mips.deb\n Size/MD5 checksum: 54406 033f6bf865b2b07611793376064c69ea\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_mips.deb\n Size/MD5 checksum: 49100 1ae3cf735a53a024473395319241cb18\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_mipsel.deb\n Size/MD5 checksum: 49072 f280e6e5ca2b2ac838de98f6a85a4893\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_mipsel.deb\n Size/MD5 checksum: 54382 86c36d3914ad522339e36e5a71960021\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_mipsel.deb\n Size/MD5 checksum: 307464 fcfbb56d36139c61661bc315c40f1d0d\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_mipsel.deb\n Size/MD5 checksum: 164436 f903e60e9f30f234370c6f7f95c4e395\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_mipsel.deb\n Size/MD5 checksum: 228856 6bd4840b0cf0d3597f02e6489e050c88\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_powerpc.deb\n Size/MD5 checksum: 56962 482b92a6b06ba0f64ef9e32d550ecb35\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_powerpc.deb\n Size/MD5 checksum: 269026 b2289198ee2c5a8337bca51dc994e638\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_powerpc.deb\n Size/MD5 checksum: 298288 efff01b1a658b490b72c86f55116bf0b\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_powerpc.deb\n Size/MD5 checksum: 173366 da8cb4e7f7374ad0a589912fbf33aaf3\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_powerpc.deb\n Size/MD5 checksum: 51416 bd082e1d2672d6e15a5c44f948251994\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_s390.deb\n Size/MD5 checksum: 292956 8251186b6718059bbd6467b9b0c15bda\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_s390.deb\n Size/MD5 checksum: 230810 2ba2bb2867eedef08a36743085d3e8b2\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_s390.deb\n Size/MD5 checksum: 176174 dde8e1d1b15b76136efc54a0fb31ceee\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_s390.deb\n Size/MD5 checksum: 54786 2e0589c84040dd8cf5e383e61440c45b\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_s390.deb\n Size/MD5 checksum: 49062 33e6cd29cfbba31d181a83beae1413b0\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_sparc.deb\n Size/MD5 checksum: 54150 4495237de528ae6098ab72cb5169bf65\n http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_sparc.deb\n Size/MD5 checksum: 222798 e5cd11c6bead4350f603505913d3df13\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_sparc.deb\n Size/MD5 checksum: 280310 49ff3125e71d13a9ac4bebdd0fc9d55f\n http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_sparc.deb\n Size/MD5 checksum: 48336 792f74e17a925458c46327bd767964ab\n http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_sparc.deb\n Size/MD5 checksum: 158624 3dd4698acd3804ca878e90a846b6b659\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n\n\n\n\n\n\n\n\n\n", "edition": 3, "modified": "2009-07-15T19:20:42", "published": "2009-07-15T19:20:42", "id": "DEBIAN:DSA-1835-1:250B9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00149.html", "title": "[SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2347", "CVE-2009-2285"], "description": "### Background\n\nlibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. \n\n### Description\n\nTwo vulnerabilities have been reported in libTIFF: \n\n * wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285). \n * Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF or the tiff2rgba and rgb2ycbcr tools, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libTIFF users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-3.8.2-r8\"", "edition": 1, "modified": "2009-08-07T00:00:00", "published": "2009-08-07T00:00:00", "id": "GLSA-200908-03", "href": "https://security.gentoo.org/glsa/200908-03", "type": "gentoo", "title": "libTIFF: User-assisted execution of arbitrary code", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0192", "CVE-2011-1167"], "description": "New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/libtiff-3.9.4-i486-2_slack13.1.txz: Rebuilt.\n Patched overflows that could lead to arbitrary code execution when parsing\n a malformed image file.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libtiff-3.8.2-i386-3_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libtiff-3.8.2-i486-3_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libtiff-3.8.2-i486-3_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libtiff-3.8.2-i486-3_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libtiff-3.8.2-i486-3_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libtiff-3.8.2-i486-4_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libtiff-3.8.2-i486-5_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libtiff-3.8.2-i486-5_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libtiff-3.8.2-i486-5_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libtiff-3.8.2-i486-5_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libtiff-3.8.2-x86_64-5_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libtiff-3.9.4-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libtiff-3.9.4-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libtiff-3.9.4-i486-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libtiff-3.9.4-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\n12e422015601177213c20fabecdb3dca libtiff-3.8.2-i386-3_slack9.0.tgz\n\nSlackware 9.1 package:\n60824a9f63a4027950adfc2a95b79a8f libtiff-3.8.2-i486-3_slack9.1.tgz\n\nSlackware 10.0 package:\n2e7a80f8831edc8d4d23bb8c9947f34a libtiff-3.8.2-i486-3_slack10.0.tgz\n\nSlackware 10.1 package:\n71e592bb0d6aa91d9f507df2dbe07ec7 libtiff-3.8.2-i486-3_slack10.1.tgz\n\nSlackware 10.2 package:\ne069711795313bcba59be6b17e4f570e libtiff-3.8.2-i486-3_slack10.2.tgz\n\nSlackware 11.0 package:\n5221a6dc0bdf39e94eb98c060811844e libtiff-3.8.2-i486-4_slack11.0.tgz\n\nSlackware 12.0 package:\n33afedaeb6bd3dfc009a6fff697532b5 libtiff-3.8.2-i486-5_slack12.0.tgz\n\nSlackware 12.1 package:\n3b2bd1c0663d635e54dc3bd859ece30a libtiff-3.8.2-i486-5_slack12.1.tgz\n\nSlackware 12.2 package:\n7e587b0f33749947092ffec1557aace0 libtiff-3.8.2-i486-5_slack12.2.tgz\n\nSlackware 13.0 package:\nb35b2ed471ca18b51ac7b3fdb7c61722 libtiff-3.8.2-i486-5_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n45b63bc3d470aab873be4adddc677bba libtiff-3.8.2-x86_64-5_slack13.0.txz\n\nSlackware 13.1 package:\n7eeddc014de94b49752017c56ccc573f libtiff-3.9.4-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n54580a13f5074f62887e1adf3f03fdba libtiff-3.9.4-x86_64-2_slack13.1.txz\n\nSlackware -current package:\nc72b2d22fb7c5593150cb384424df247 libtiff-3.9.4-i486-2.txz\n\nSlackware x86_64 -current package:\nedd9ed456af33471073f69c68f99163a libtiff-3.9.4-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libtiff-3.9.4-i486-2_slack13.1.txz", "modified": "2011-04-11T21:57:06", "published": "2011-04-11T21:57:06", "id": "SSA-2011-098-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820", "type": "slackware", "title": "[slackware-security] libtiff", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}