MiracleLinux 4 : libtiff-3.9.4-18.AXS4 (AXSA:2016-585:01)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 libtiff advisory fixes multiple CVEs including remote denial of service.

Reporter	Title	Published	Views	Family All 552
FreeBSD	tiff -- buffer overflow	28 Jun 201600:00	–	freebsd
FreeBSD	tiff -- out-of-bounds read in CIE Lab image format	25 Dec 201500:00	–	freebsd
FreeBSD	tiff -- out-of-bounds read in tif_getimage.c	24 Dec 201500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libtiff affect PowerKVM	18 Jun 201801:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in tiff affect IBM Flex System Manager(FSM)	18 Jun 201801:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: Libtiff vulnerabilities affect IBM SmartClound Entry	19 Jul 202000:49	–	ibm
Tenable Nessus	Mac OS X < 10.10.4 Multiple Vulnerabilities	12 Oct 201500:00	–	nessus
Tenable Nessus	Apple iOS < 8.4 Multiple Vulnerabilities	12 Oct 201500:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libtiff (ALAS-2015-553)	25 Jun 201500:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/7017
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2016-585:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289603);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id(
    "CVE-2014-8127",
    "CVE-2014-8129",
    "CVE-2014-8130",
    "CVE-2014-9330",
    "CVE-2014-9655",
    "CVE-2015-1547",
    "CVE-2015-7554",
    "CVE-2015-8665",
    "CVE-2015-8668",
    "CVE-2015-8683",
    "CVE-2015-8781",
    "CVE-2015-8782",
    "CVE-2015-8783",
    "CVE-2015-8784",
    "CVE-2016-3632",
    "CVE-2016-3945",
    "CVE-2016-3990",
    "CVE-2016-3991"
  );

  script_name(english:"MiracleLinux 4 : libtiff-3.9.4-18.AXS4 (AXSA:2016-585:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2016-585:01 advisory.

    The libtiff package contains a library of functions for manipulating
    TIFF (Tagged Image File Format) image format files.  TIFF is a widely
    used file format for bitmapped images.  TIFF files usually end in the
    .tif extension and they are often quite large.
    The libtiff package should be installed if you need to manipulate TIFF
    format image files.
    Security issues fixed with this release:
    CVE-2014-8127
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2014-8129
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2014-8130
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2014-9330
    Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows
    remote attackers to cause a denial of service (crash) via crafted BMP
    image, related to dimensions, which triggers an out-of-bounds read.
    CVE-2014-9655
    The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2)
    NeXTDecode function in tif_next.c in LibTIFF allows remote attackers
    to cause a denial of service (uninitialized memory access) via a
    crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and
    libtiff-cvs-2.tif.
    CVE-2015-1547
    The NeXTDecode function in tif_next.c in LibTIFF allows remote
    attackers to cause a denial of service (uninitialized memory access)
    via a crafted TIFF image, as demonstrated by libtiff5.tif.
    CVE-2015-7554
    The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows
    attackers to cause a denial of service (invalid memory write and
    crash) or possibly have unspecified other impact via crafted field
    data in an extension tag in a TIFF image.
    CVE-2015-8665
    tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a
    denial of service (out-of-bounds read) via the SamplesPerPixel tag in
    a TIFF image.
    CVE-2015-8668
    Heap-based buffer overflow in the PackBitsPreEncode function in
    tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote
    attackers to execute arbitrary code or cause a denial of service via a
    large width field in a BMP image.
    CVE-2015-8683
    The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6
    allows remote attackers to cause a denial of service (out-of-bounds
    read) via a packed TIFF image.
    CVE-2015-8781
    tif_luv.c in libtiff allows attackers to cause a denial of service
    (out-of-bounds write) via an invalid number of samples per pixel in a
    LogL compressed TIFF image, a different vulnerability than
    CVE-2015-8782.
    CVE-2015-8782
    tif_luv.c in libtiff allows attackers to cause a denial of service
    (out-of-bounds writes) via a crafted TIFF image, a different
    vulnerability than CVE-2015-8781.
    CVE-2015-8783
    tif_luv.c in libtiff allows attackers to cause a denial of service
    (out-of-bounds reads) via a crafted TIFF image.
    CVE-2015-8784
    The NeXTDecode function in tif_next.c in LibTIFF allows remote
    attackers to cause a denial of service (out-of-bounds write) via a
    crafted TIFF image, as demonstrated by libtiff5.tif.
    CVE-2016-3632
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2016-3945
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2016-3990
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2016-3991
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.
    CVE-2016-5320
    ** RESERVED **
    This candidate has been reserved by an organization or individual that
    will use it when announcing a new security problem.  When the
    candidate has been publicized, the details for this candidate will be
    provided.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/7017");
  script_set_attribute(attribute:"solution", value:
"Update the affected libtiff and / or libtiff-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8668");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libtiff");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'libtiff-3.9.4-18.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libtiff-3.9.4-18.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libtiff-devel-3.9.4-18.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libtiff-devel-3.9.4-18.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff / libtiff-devel');
}

16 Jan 2026 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 27.5

CVSS 39.8

CVSS 3.19.8

EPSS0.0671