{"id": "OPENSUSE-2018-443.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : tiff (openSUSE-2018-443)", "description": "This update for tiff fixes the following issues :\n\n - CVE-2017-9935: There was a heap-based buffer overflow in\n the t2p_write_pdf function in tools/tiff2pdf.c. This\n heap overflow could lead to different damages. For\n example, a crafted TIFF document can lead to an\n out-of-bounds read in TIFFCleanup, an invalid free in\n TIFFClose or t2p_free, memory corruption in\n t2p_readwrite_pdf_image, or a double free in t2p_free.\n Given these possibilities, it probably could cause\n arbitrary code execution (bsc#1046077)\n\n - CVE-2017-17973: There is a heap-based use-after-free in\n the t2p_writeproc function in tiff2pdf.c. (bsc#1074318)\n\n - CVE-2018-5784: There is an uncontrolled resource\n consumption in the TIFFSetDirectory function of\n tif_dir.c. Remote attackers could leverage this\n vulnerability to cause a denial of service via a crafted\n tif file. This occurs because the declared number of\n directory entries is not validated against the actual\n number of directory entries (bsc#1081690)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "published": "2018-05-11T00:00:00", "modified": "2018-05-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/109716", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1081690", "https://bugzilla.opensuse.org/show_bug.cgi?id=1046077", "https://bugzilla.opensuse.org/show_bug.cgi?id=1074318"], "cvelist": ["CVE-2017-17973", "CVE-2018-5784", "CVE-2017-9935"], "type": "nessus", "lastseen": "2021-01-20T12:37:31", "edition": 16, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-17973", "CVE-2018-5784", "CVE-2017-9935"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_B38E8150053511E896AB0800271D4B9C.NASL", "PHOTONOS_PHSA-2018-2_0-0016_LIBTIFF.NASL", "PHOTONOS_PHSA-2017-2_0-0007_LIBTIFF.NASL", "PHOTONOS_PHSA-2018-2_0-0013_LIBTIFF.NASL", "FEDORA_2018-E6A51E99A4.NASL", "DEBIAN_DLA-1206.NASL", "SUSE_SU-2018-1180-1.NASL", "EULEROS_SA-2019-1683.NASL", "EULEROS_SA-2019-1700.NASL", "FEDORA_2018-7A0F7F5768.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191857", "OPENVAS:1361412562310874303", "OPENVAS:1361412562311220192056", "OPENVAS:1361412562311220191700", "OPENVAS:1361412562310874656", "OPENVAS:1361412562310874385", "OPENVAS:1361412562310891391", "OPENVAS:1361412562310874681", "OPENVAS:1361412562310843483", "OPENVAS:1361412562311220191683"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4349-1:DA7EF", "DEBIAN:DSA-4100-1:12A86", "DEBIAN:DLA-1206-1:26213", "DEBIAN:DLA-1391-1:510FC", "DEBIAN:DLA-1411-1:A79C4"]}, {"type": "fedora", "idList": ["FEDORA:471E6607126F", "FEDORA:EA1BA60A9A95", "FEDORA:4E0E1604D2DA", "FEDORA:B0007604D9B4", "FEDORA:2BC6B6076968", "FEDORA:87EA260C6161", "FEDORA:E77A46090E70", "FEDORA:9A70A612DEE8", "FEDORA:CF74160AEBD4", "FEDORA:3617360769EA"]}, {"type": "freebsd", "idList": ["B38E8150-0535-11E8-96AB-0800271D4B9C"]}, {"type": "archlinux", "idList": ["ASA-201811-17", "ASA-201811-18"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:419C347150598833F1C493E269FE4871", "CFOUNDRY:B5964D2AB72D599E586D491432260541"]}, {"type": "ubuntu", "idList": ["USN-3606-1", "USN-3602-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3370-1", "OPENSUSE-SU-2018:3371-1"]}], "modified": "2021-01-20T12:37:31", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2021-01-20T12:37:31", "rev": 2}, "vulnersScore": 7.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-443.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109716);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-17973\", \"CVE-2017-9935\", \"CVE-2018-5784\");\n\n script_name(english:\"openSUSE Security Update : tiff (openSUSE-2018-443)\");\n script_summary(english:\"Check for the openSUSE-2018-443 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tiff fixes the following issues :\n\n - CVE-2017-9935: There was a heap-based buffer overflow in\n the t2p_write_pdf function in tools/tiff2pdf.c. This\n heap overflow could lead to different damages. For\n example, a crafted TIFF document can lead to an\n out-of-bounds read in TIFFCleanup, an invalid free in\n TIFFClose or t2p_free, memory corruption in\n t2p_readwrite_pdf_image, or a double free in t2p_free.\n Given these possibilities, it probably could cause\n arbitrary code execution (bsc#1046077)\n\n - CVE-2017-17973: There is a heap-based use-after-free in\n the t2p_writeproc function in tiff2pdf.c. (bsc#1074318)\n\n - CVE-2018-5784: There is an uncontrolled resource\n consumption in the TIFFSetDirectory function of\n tif_dir.c. Remote attackers could leverage this\n vulnerability to cause a denial of service via a crafted\n tif file. This occurs because the declared number of\n directory entries is not validated against the actual\n number of directory entries (bsc#1081690)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081690\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtiff-devel-4.0.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtiff5-4.0.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtiff5-debuginfo-4.0.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tiff-4.0.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tiff-debuginfo-4.0.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tiff-debugsource-4.0.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-4.0.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.9-28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel-32bit / libtiff-devel / libtiff5-32bit / libtiff5 / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "109716", "cpe": ["p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:tiff", "p-cpe:/a:novell:opensuse:tiff-debugsource", "p-cpe:/a:novell:opensuse:libtiff5-32bit", "p-cpe:/a:novell:opensuse:tiff-debuginfo", "p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff5-debuginfo", "p-cpe:/a:novell:opensuse:libtiff5", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-10-03T13:07:40", "description": "** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-29T21:29:00", "title": "CVE-2017-17973", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17973"], "modified": "2018-02-12T02:29:00", "cpe": ["cpe:/a:libtiff:libtiff:4.0.8"], "id": "CVE-2017-17973", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17973", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:4.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:39", "description": "In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-26T12:29:00", "title": "CVE-2017-9935", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9935"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:libtiff:libtiff:4.0.8", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-9935", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9935", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-10-03T13:20:24", "description": "In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-19T08:29:00", "title": "CVE-2018-5784", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5784"], "modified": "2019-04-22T16:19:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:libtiff:libtiff:4.0.9", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-5784", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5784", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "nessus": [{"lastseen": "2021-01-14T06:12:07", "description": "This update for tiff fixes the following issues :\n\n - CVE-2017-9935: There was a heap-based buffer overflow in\n the t2p_write_pdf function in tools/tiff2pdf.c. This\n heap overflow could lead to different damages. For\n example, a crafted TIFF document can lead to an\n out-of-bounds read in TIFFCleanup, an invalid free in\n TIFFClose or t2p_free, memory corruption in\n t2p_readwrite_pdf_image, or a double free in t2p_free.\n Given these possibilities, it probably could cause\n arbitrary code execution (bsc#1046077)\n\n - CVE-2017-17973: There is a heap-based use-after-free in\n the t2p_writeproc function in tiff2pdf.c. (bsc#1074318)\n\n - CVE-2018-5784: There is an uncontrolled resource\n consumption in the TIFFSetDirectory function of\n tif_dir.c. Remote attackers could leverage this\n vulnerability to cause a denial of service via a crafted\n tif file. This occurs because the declared number of\n directory entries is not validated against the actual\n number of directory entries (bsc#1081690)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-10T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:1180-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17973", "CVE-2018-5784", "CVE-2017-9935"], "modified": "2018-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libtiff5", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:tiff-debugsource", "p-cpe:/a:novell:suse_linux:tiff", "p-cpe:/a:novell:suse_linux:libtiff5-debuginfo", "p-cpe:/a:novell:suse_linux:tiff-debuginfo"], "id": "SUSE_SU-2018-1180-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109675", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1180-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109675);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-17973\", \"CVE-2017-9935\", \"CVE-2018-5784\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:1180-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for tiff fixes the following issues :\n\n - CVE-2017-9935: There was a heap-based buffer overflow in\n the t2p_write_pdf function in tools/tiff2pdf.c. This\n heap overflow could lead to different damages. For\n example, a crafted TIFF document can lead to an\n out-of-bounds read in TIFFCleanup, an invalid free in\n TIFFClose or t2p_free, memory corruption in\n t2p_readwrite_pdf_image, or a double free in t2p_free.\n Given these possibilities, it probably could cause\n arbitrary code execution (bsc#1046077)\n\n - CVE-2017-17973: There is a heap-based use-after-free in\n the t2p_writeproc function in tiff2pdf.c. (bsc#1074318)\n\n - CVE-2018-5784: There is an uncontrolled resource\n consumption in the TIFFSetDirectory function of\n tif_dir.c. Remote attackers could leverage this\n vulnerability to cause a denial of service via a crafted\n tif file. This occurs because the declared number of\n directory entries is not validated against the actual\n number of directory entries (bsc#1081690)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17973/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9935/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5784/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181180-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e0a3b03\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-822=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-822=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-822=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtiff5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tiff-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtiff5-32bit-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtiff5-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtiff5-debuginfo-32bit-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtiff5-debuginfo-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tiff-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tiff-debuginfo-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tiff-debugsource-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtiff5-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tiff-debuginfo-4.0.9-44.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tiff-debugsource-4.0.9-44.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:58:40", "description": "According to the version of the libtiff packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - In LibTIFF 4.0.8, there is a heap-based buffer overflow\n in the t2p_write_pdf function in tools/tiff2pdf.c. This\n heap overflow could lead to different damages. For\n example, a crafted TIFF document can lead to an\n out-of-bounds read in TIFFCleanup, an invalid free in\n TIFFClose or t2p_free, memory corruption in\n t2p_readwrite_pdf_image, or a double free in t2p_free.\n Given these possibilities, it probably could cause\n arbitrary code execution.(CVE-2017-9935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-02T00:00:00", "title": "EulerOS 2.0 SP5 : libtiff (EulerOS-SA-2019-1683)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9935"], "modified": "2019-07-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff-devel", "p-cpe:/a:huawei:euleros:libtiff", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1683.NASL", "href": "https://www.tenable.com/plugins/nessus/126424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126424);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9935\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libtiff (EulerOS-SA-2019-1683)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libtiff packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - In LibTIFF 4.0.8, there is a heap-based buffer overflow\n in the t2p_write_pdf function in tools/tiff2pdf.c. This\n heap overflow could lead to different damages. For\n example, a crafted TIFF document can lead to an\n out-of-bounds read in TIFFCleanup, an invalid free in\n TIFFClose or t2p_free, memory corruption in\n t2p_readwrite_pdf_image, or a double free in t2p_free.\n Given these possibilities, it probably could cause\n arbitrary code execution.(CVE-2017-9935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1683\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?464814a8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.3-27.h9.eulerosv2r7\",\n \"libtiff-devel-4.0.3-27.h9.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:38:52", "description": "In LibTIFF 4.0.8, there is a heap-based buffer overflow in the\nt2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could\nlead to different damages. For example, a crafted TIFF document can\nlead to an out-of-bounds read in TIFFCleanup, an invalid free in\nTIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image,\nor a double free in t2p_free. Given these possibilities, it probably\ncould cause arbitrary code execution.\n\nThis overflow is linked to an underlying assumption that all pages in\na tiff document will have the same transfer function. There is nothing\nin the tiff standard that says this needs to be the case.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.0.2-6+deb7u17.\n\nWe recommend that you upgrade your tiff packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-13T00:00:00", "title": "Debian DLA-1206-1 : tiff security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9935"], "modified": "2017-12-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libtiff5-dev", "p-cpe:/a:debian:debian_linux:libtiff5", "p-cpe:/a:debian:debian_linux:libtiffxx5", "p-cpe:/a:debian:debian_linux:libtiff-doc", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libtiff5-alt-dev", "p-cpe:/a:debian:debian_linux:libtiff-tools", "p-cpe:/a:debian:debian_linux:libtiff-opengl"], "id": "DEBIAN_DLA-1206.NASL", "href": "https://www.tenable.com/plugins/nessus/105194", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1206-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105194);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-9935\");\n\n script_name(english:\"Debian DLA-1206-1 : tiff security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In LibTIFF 4.0.8, there is a heap-based buffer overflow in the\nt2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could\nlead to different damages. For example, a crafted TIFF document can\nlead to an out-of-bounds read in TIFFCleanup, an invalid free in\nTIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image,\nor a double free in t2p_free. Given these possibilities, it probably\ncould cause arbitrary code execution.\n\nThis overflow is linked to an underlying assumption that all pages in\na tiff document will have the same transfer function. There is nothing\nin the tiff standard that says this needs to be the case.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.0.2-6+deb7u17.\n\nWe recommend that you upgrade your tiff packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tiff\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff5-alt-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiffxx5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-doc\", reference:\"4.0.2-6+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-opengl\", reference:\"4.0.2-6+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-tools\", reference:\"4.0.2-6+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5\", reference:\"4.0.2-6+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5-alt-dev\", reference:\"4.0.2-6+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5-dev\", reference:\"4.0.2-6+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiffxx5\", reference:\"4.0.2-6+deb7u17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:58:48", "description": "According to the version of the libtiff package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - In LibTIFF 4.0.8, there is a heap-based buffer overflow\n in the t2p_write_pdf function in tools/tiff2pdf.c. This\n heap overflow could lead to different damages. For\n example, a crafted TIFF document can lead to an\n out-of-bounds read in TIFFCleanup, an invalid free in\n TIFFClose or t2p_free, memory corruption in\n t2p_readwrite_pdf_image, or a double free in t2p_free.\n Given these possibilities, it probably could cause\n arbitrary code execution.(CVE-2017-9935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-09T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : libtiff (EulerOS-SA-2019-1700)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9935"], "modified": "2019-07-09T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:libtiff"], "id": "EULEROS_SA-2019-1700.NASL", "href": "https://www.tenable.com/plugins/nessus/126542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126542);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9935\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : libtiff (EulerOS-SA-2019-1700)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libtiff package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - In LibTIFF 4.0.8, there is a heap-based buffer overflow\n in the t2p_write_pdf function in tools/tiff2pdf.c. This\n heap overflow could lead to different damages. For\n example, a crafted TIFF document can lead to an\n out-of-bounds read in TIFFCleanup, an invalid free in\n TIFFClose or t2p_free, memory corruption in\n t2p_readwrite_pdf_image, or a double free in t2p_free.\n Given these possibilities, it probably could cause\n arbitrary code execution.(CVE-2017-9935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1700\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?535bfae9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.3-27.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:18:53", "description": "Added fix for **CVE-2018-5784**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : libtiff (2018-7a0f7f5768)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5784"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-7A0F7F5768.NASL", "href": "https://www.tenable.com/plugins/nessus/120550", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7a0f7f5768.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120550);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-5784\");\n script_xref(name:\"FEDORA\", value:\"2018-7a0f7f5768\");\n\n script_name(english:\"Fedora 28 : libtiff (2018-7a0f7f5768)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Added fix for **CVE-2018-5784**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7a0f7f5768\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"libtiff-4.0.9-7.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:22:04", "description": "Added fix for **CVE-2018-5784**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-03-29T00:00:00", "title": "Fedora 27 : libtiff (2018-e6a51e99a4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5784"], "modified": "2018-03-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-E6A51E99A4.NASL", "href": "https://www.tenable.com/plugins/nessus/108702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-e6a51e99a4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108702);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-5784\");\n script_xref(name:\"FEDORA\", value:\"2018-e6a51e99a4\");\n\n script_name(english:\"Fedora 27 : libtiff (2018-e6a51e99a4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Added fix for **CVE-2018-5784**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e6a51e99a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libtiff-4.0.9-7.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T02:44:39", "description": "Debian Security Advisory reports :\n\nMultiple vulnerabilities have been discovered in the libtiff library\nand the included tools, which may result in denial of service or the\nexecution of arbitrary code.", "edition": 22, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-02-09T00:00:00", "title": "FreeBSD : tiff -- multiple vulnerabilities (b38e8150-0535-11e8-96ab-0800271d4b9c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-18013", "CVE-2017-9935"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tiff"], "id": "FREEBSD_PKG_B38E8150053511E896AB0800271D4B9C.NASL", "href": "https://www.tenable.com/plugins/nessus/106700", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106700);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:47\");\n\n script_cve_id(\"CVE-2017-18013\", \"CVE-2017-9935\");\n script_bugtraq_id(225544);\n\n script_name(english:\"FreeBSD : tiff -- multiple vulnerabilities (b38e8150-0535-11e8-96ab-0800271d4b9c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Debian Security Advisory reports :\n\nMultiple vulnerabilities have been discovered in the libtiff library\nand the included tools, which may result in denial of service or the\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.maptools.org/show_bug.cgi?id=2704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.maptools.org/show_bug.cgi?id=2770\"\n );\n # https://vuxml.freebsd.org/freebsd/b38e8150-0535-11e8-96ab-0800271d4b9c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?490ae2a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tiff<=4.0.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:39:39", "description": "An update of the libtiff package has been released.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 2.0: Libtiff PHSA-2018-2.0-0016", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-9935"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libtiff", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0016_LIBTIFF.NASL", "href": "https://www.tenable.com/plugins/nessus/121917", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0016. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121917);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-9935\");\n\n script_name(english:\"Photon OS 2.0: Libtiff PHSA-2018-2.0-0016\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libtiff package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-16.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8817\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-4.0.9-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-debuginfo-4.0.9-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-devel-4.0.9-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:39:25", "description": "An update of the libtiff package has been released.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 2.0: Libtiff PHSA-2017-2.0-0007", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-15088", "CVE-2017-9935"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libtiff", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2017-2_0-0007_LIBTIFF.NASL", "href": "https://www.tenable.com/plugins/nessus/121790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-2.0-0007. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121790);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-9935\");\n\n script_name(english:\"Photon OS 2.0: Libtiff PHSA-2017-2.0-0007\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libtiff package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-7.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-4.0.8-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-debuginfo-4.0.8-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-devel-4.0.8-7.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:39:38", "description": "An update of the libtiff package has been released.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 2.0: Libtiff PHSA-2018-2.0-0013", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9937", "CVE-2017-17973", "CVE-2017-18013", "CVE-2017-17790"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libtiff", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0013_LIBTIFF.NASL", "href": "https://www.tenable.com/plugins/nessus/121910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0013. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121910);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-9937\", \"CVE-2017-17973\", \"CVE-2017-18013\");\n\n script_name(english:\"Photon OS 2.0: Libtiff PHSA-2018-2.0-0013\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libtiff package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-13.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-17790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-4.0.9-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-4.0.9-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-4.0.9-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-debuginfo-4.0.9-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-debuginfo-4.0.9-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-debuginfo-4.0.9-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-devel-4.0.9-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-devel-4.0.9-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-devel-4.0.9-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-27T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9935"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191683", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191683", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-1683)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1683\");\n script_version(\"2020-01-23T12:19:56+0000\");\n script_cve_id(\"CVE-2017-9935\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:19:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:19:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-1683)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1683\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1683\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2019-1683 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.(CVE-2017-9935)\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h9.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~4.0.3~27.h9.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9935"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191700", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191700", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-1700)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1700\");\n script_version(\"2020-01-23T12:20:19+0000\");\n script_cve_id(\"CVE-2017-9935\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:19 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-1700)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1700\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1700\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2019-1700 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.(CVE-2017-9935)\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h9\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10963", "CVE-2018-8905", "CVE-2018-5784", "CVE-2017-18013", "CVE-2017-9935", "CVE-2018-7456"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-07T00:00:00", "id": "OPENVAS:1361412562310874656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874656", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2018-44c6f91560", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_44c6f91560_libtiff_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libtiff FEDORA-2018-44c6f91560\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874656\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-07 05:58:11 +0200 (Thu, 07 Jun 2018)\");\n script_cve_id(\"CVE-2017-9935\", \"CVE-2017-18013\", \"CVE-2018-8905\", \"CVE-2018-10963\",\n \"CVE-2018-7456\", \"CVE-2018-5784\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libtiff FEDORA-2018-44c6f91560\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-44c6f91560\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3MTRC34TJBJGOIZGX7FW5GTMKLHNQD3V\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.9~9.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5784"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-29T00:00:00", "id": "OPENVAS:1361412562310874303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874303", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2018-e6a51e99a4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e6a51e99a4_libtiff_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libtiff FEDORA-2018-e6a51e99a4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874303\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-29 08:48:28 +0200 (Thu, 29 Mar 2018)\");\n script_cve_id(\"CVE-2018-5784\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libtiff FEDORA-2018-e6a51e99a4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e6a51e99a4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWCXMABDYP3A3NZSIAR6ZROJLEFBO2YR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.9~7.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10963", "CVE-2018-8905", "CVE-2018-5784", "CVE-2017-11613", "CVE-2017-18013", "CVE-2017-9935", "CVE-2018-7456"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-16T00:00:00", "id": "OPENVAS:1361412562310874681", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874681", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2018-9e0a37e7a2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9e0a37e7a2_libtiff_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libtiff FEDORA-2018-9e0a37e7a2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874681\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-16 06:01:25 +0200 (Sat, 16 Jun 2018)\");\n script_cve_id(\"CVE-2017-11613\", \"CVE-2017-9935\", \"CVE-2017-18013\", \"CVE-2018-8905\",\n \"CVE-2018-10963\", \"CVE-2018-7456\", \"CVE-2018-5784\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libtiff FEDORA-2018-9e0a37e7a2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\npresent on the target host.\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9e0a37e7a2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DKS6P2KMGC2Q76BTVDB3ABYFNSVKP4E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.9~10.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5784", "CVE-2018-7456"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-25T00:00:00", "id": "OPENVAS:1361412562310874385", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874385", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2018-335aec0507", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_335aec0507_libtiff_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libtiff FEDORA-2018-335aec0507\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874385\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-25 08:52:12 +0200 (Wed, 25 Apr 2018)\");\n script_cve_id(\"CVE-2018-7456\", \"CVE-2018-5784\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libtiff FEDORA-2018-335aec0507\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-335aec0507\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6LK6EDCYCIL2IGCNYUQSBSSNT5O7VQK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.9~8.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:08:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5784", "CVE-2017-11613"], "description": "Multiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service:\n\nCVE-2017-11613\n\nDdenial of service vulnerability in the TIFFOpen function. A crafted\ninput will lead to a denial of service attack and can either make the\nsystem hand or trigger the OOM killer.\n\nCVE-2018-5784\n\nThere is an uncontrolled resource consumption in TIFFSetDirectory function\nof src/libtiff/tif_dir.c, which can cause denial of service through a\ncrafted tif file.", "modified": "2020-01-29T00:00:00", "published": "2018-06-04T00:00:00", "id": "OPENVAS:1361412562310891391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891391", "type": "openvas", "title": "Debian LTS: Security Advisory for tiff (DLA-1391-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891391\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-11613\", \"CVE-2018-5784\");\n script_name(\"Debian LTS: Security Advisory for tiff (DLA-1391-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-04 00:00:00 +0200 (Mon, 04 Jun 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"tiff on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.0.2-6+deb7u21.\n\nWe recommend that you upgrade your tiff packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service:\n\nCVE-2017-11613\n\nDdenial of service vulnerability in the TIFFOpen function. A crafted\ninput will lead to a denial of service attack and can either make the\nsystem hand or trigger the OOM killer.\n\nCVE-2018-5784\n\nThere is an uncontrolled resource consumption in TIFFSetDirectory function\nof src/libtiff/tif_dir.c, which can cause denial of service through a\ncrafted tif file.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.2-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.2-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.2-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff5\", ver:\"4.0.2-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff5-alt-dev\", ver:\"4.0.2-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.2-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtiffxx5\", ver:\"4.0.2-6+deb7u21\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10779", "CVE-2017-17095", "CVE-2018-5360", "CVE-2017-9935"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191857", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-1857)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1857\");\n script_version(\"2020-01-23T12:24:51+0000\");\n script_cve_id(\"CVE-2017-17095\", \"CVE-2017-9935\", \"CVE-2018-10779\", \"CVE-2018-5360\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:24:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:24:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-1857)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1857\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1857\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2019-1857 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.(CVE-2017-9935)\n\nLibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.(CVE-2018-5360)\n\ntools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.(CVE-2017-17095)\n\nTIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.(CVE-2018-10779)\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~4.0.3~27.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10779", "CVE-2017-17095", "CVE-2018-5360", "CVE-2017-9935"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192056", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2056)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2056\");\n script_version(\"2020-01-23T12:32:38+0000\");\n script_cve_id(\"CVE-2017-17095\", \"CVE-2017-9935\", \"CVE-2018-10779\", \"CVE-2018-5360\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:32:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:32:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2056)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2056\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2056\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtiff' package(s) announced via the EulerOS-SA-2019-2056 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.(CVE-2017-9935)\n\nLibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.(CVE-2018-5360)\n\ntools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.(CVE-2017-17095)\n\nTIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.(CVE-2018-10779)\");\n\n script_tag(name:\"affected\", value:\"'libtiff' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~27.h11\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~4.0.3~27.h11\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10779", "CVE-2018-10963", "CVE-2018-18557", "CVE-2018-8905", "CVE-2018-5784", "CVE-2017-11613", "CVE-2017-18013", "CVE-2018-17101", "CVE-2018-18661", "CVE-2017-9935", "CVE-2018-17100", "CVE-2018-7456"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310875294", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875294", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2018-399bce9f8f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_399bce9f8f_libtiff_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libtiff FEDORA-2018-399bce9f8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875294\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-17100\", \"CVE-2018-17101\", \"CVE-2018-10779\",\n \"CVE-2017-11613\", \"CVE-2017-9935\", \"CVE-2017-18013\", \"CVE-2018-8905\",\n \"CVE-2018-10963\", \"CVE-2018-7456\", \"CVE-2018-5784\", \"CVE-2018-18661\",\n \"CVE-2018-18557\");\n script_bugtraq_id(106054);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 12:40:41 +0530 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for libtiff FEDORA-2018-399bce9f8f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-399bce9f8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4XDS4ASFUN75CXGD4A6LIXCBAL3H2HN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the FEDORA-2018-399bce9f8f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"libtiff on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.10~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:46", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9935"], "description": "Package : tiff\nVersion : 4.0.2-6+deb7u17\nCVE ID : CVE-2017-9935\nDebian Bug : 866109\n\n\nIn LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf\nfunction in tools/tiff2pdf.c. This heap overflow could lead to different\ndamages. For example, a crafted TIFF document can lead to an out-of-bounds read\nin TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in\nt2p_readwrite_pdf_image, or a double free in t2p_free. Given these\npossibilities, it probably could cause arbitrary code execution.\n\nThis overflow is linked to an underlying assumption that all pages in a tiff\ndocument will have the same transfer function. There is nothing in the tiff\nstandard that says this needs to be the case.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n4.0.2-6+deb7u17.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-12-13T06:01:05", "published": "2017-12-13T06:01:05", "id": "DEBIAN:DLA-1206-1:26213", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201712/msg00008.html", "title": "[SECURITY] [DLA 1206-1] tiff security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5784", "CVE-2017-11613"], "description": "Package : tiff\nVersion : 4.0.2-6+deb7u21\nCVE ID : CVE-2017-11613 CVE-2018-5784\nDebian Bug : #869823 #890441\n\nMultiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service:\n\nCVE-2017-11613\n\n Ddenial of service vulnerability in the TIFFOpen function. A crafted\n input will lead to a denial of service attack and can either make the\n system hand or trigger the OOM killer.\n\nCVE-2018-5784\n\n There is an uncontrolled resource consumption in TIFFSetDirectory function\n of src/libtiff/tif_dir.c, which can cause denial of service through a\n crafted tif file.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n4.0.2-6+deb7u21.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\n-- \ncheers,\n\tHolger\n", "edition": 3, "modified": "2018-05-31T23:23:18", "published": "2018-05-31T23:23:18", "id": "DEBIAN:DLA-1391-1:510FC", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201805/msg00022.html", "title": "[SECURITY] [DLA 1391-1] tiff security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:03:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11335", "CVE-2017-18013", "CVE-2017-12944", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-9935"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4100-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tiff\nCVE ID : CVE-2017-9935 CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 \n CVE-2017-13727 CVE-2017-18013\n\nMultiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service or the\nexecution of arbitrary code.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 4.0.3-12.3+deb8u5.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.0.8-2+deb9u2.\n\nWe recommend that you upgrade your tiff packages.\n\nFor the detailed security status of tiff please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tiff\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2018-01-27T16:48:54", "published": "2018-01-27T16:48:54", "id": "DEBIAN:DSA-4100-1:12A86", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00022.html", "title": "[SECURITY] [DSA 4100-1] tiff security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:51:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10963", "CVE-2018-8905", "CVE-2018-5784", "CVE-2017-11613", "CVE-2017-18013", "CVE-2017-13726", "CVE-2018-7456"], "description": "Package : tiff\nVersion : 4.0.3-12.3+deb8u6\nCVE ID : CVE-2017-11613 CVE-2018-5784 CVE-2018-7456\n CVE-2018-8905 CVE-2018-10963\nDebian Bug : 869823 898348 890441 891288 893806\n\nSeveral issues were discovered in TIFF, the Tag Image File Format\nlibrary, that allowed remote attackers to cause a denial-of-service or\nother unspecified impact via a crafted image file.\n\nCVE-2017-11613: DoS vulnerability\n A crafted input will lead to a denial of service attack. During the\n TIFFOpen process, td_imagelength is not checked. The value of\n td_imagelength can be directly controlled by an input file. In the\n ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc\n function is called based on td_imagelength. If the value of\n td_imagelength is set close to the amount of system memory, it will\n hang the system or trigger the OOM killer.\n\nCVE-2018-10963: DoS vulnerability\n The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF\n allows remote attackers to cause a denial of service (assertion\n failure and application crash) via a crafted file, a different\n vulnerability than CVE-2017-13726.\n\nCVE-2018-5784: DoS vulnerability\n In LibTIFF, there is an uncontrolled resource consumption in the\n TIFFSetDirectory function of tif_dir.c. Remote attackers could\n leverage this vulnerability to cause a denial of service via a\n crafted tif file.\n This occurs because the declared number of directory entries is not\n validated against the actual number of directory entries.\n\nCVE-2018-7456: NULL Pointer Dereference\n A NULL Pointer Dereference occurs in the function TIFFPrintDirectory\n in tif_print.c in LibTIFF when using the tiffinfo tool to print\n crafted TIFF information, a different vulnerability than\n CVE-2017-18013. (This affects an earlier part of the\n TIFFPrintDirectory function that was not addressed by the\n CVE-2017-18013 patch.)\n\nCVE-2018-8905: Heap-based buffer overflow\n In LibTIFF, a heap-based buffer overflow occurs in the function\n LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as\n demonstrated by tiff2ps.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.0.3-12.3+deb8u6.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2018-07-02T14:50:00", "published": "2018-07-02T14:50:00", "id": "DEBIAN:DLA-1411-1:A79C4", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201807/msg00002.html", "title": "[SECURITY] [DLA 1411-1] tiff security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:51:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10963", "CVE-2018-18557", "CVE-2017-17095", "CVE-2018-8905", "CVE-2018-5784", "CVE-2017-11613", "CVE-2018-17101", "CVE-2018-15209", "CVE-2018-16335", "CVE-2018-7456"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4349-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 30, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tiff\nCVE ID : CVE-2017-11613 CVE-2017-17095 CVE-2018-5784\n CVE-2018-7456 CVE-2018-8905 CVE-2018-10963\n\t\t CVE-2018-17101 CVE-2018-18557 CVE-2018-15209\n\t\t CVE-2018-16335\n\nMultiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service or the\nexecution of arbitrary code if malformed image files are processed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.0.8-2+deb9u4.\n\nWe recommend that you upgrade your tiff packages.\n\nFor the detailed security status of tiff please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tiff\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2018-11-30T22:42:09", "published": "2018-11-30T22:42:09", "id": "DEBIAN:DSA-4349-1:DA7EF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00281.html", "title": "[SECURITY] [DSA 4349-1] tiff security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18013", "CVE-2017-9935", "CVE-2018-10963", "CVE-2018-5784", "CVE-2018-7456", "CVE-2018-8905"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-06-06T12:59:38", "published": "2018-06-06T12:59:38", "id": "FEDORA:EA1BA60A9A95", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libtiff-4.0.9-9.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5784"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-03-30T13:40:05", "published": "2018-03-30T13:40:05", "id": "FEDORA:471E6607126F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libtiff-4.0.9-7.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5784"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-03-28T23:51:15", "published": "2018-03-28T23:51:15", "id": "FEDORA:87EA260C6161", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libtiff-4.0.9-7.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11613", "CVE-2017-18013", "CVE-2017-9935", "CVE-2018-10963", "CVE-2018-5784", "CVE-2018-7456", "CVE-2018-8905"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-06-15T14:58:59", "published": "2018-06-15T14:58:59", "id": "FEDORA:E77A46090E70", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libtiff-4.0.9-10.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5784", "CVE-2018-7456"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-04-24T04:03:22", "published": "2018-04-24T04:03:22", "id": "FEDORA:B0007604D9B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libtiff-4.0.9-8.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11613", "CVE-2017-18013", "CVE-2017-9935", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-17100", "CVE-2018-17101", "CVE-2018-18557", "CVE-2018-18661", "CVE-2018-5784", "CVE-2018-7456", "CVE-2018-8905"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-11-24T03:21:12", "published": "2018-11-24T03:21:12", "id": "FEDORA:3617360769EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libtiff-4.0.10-1.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18013", "CVE-2017-9935", "CVE-2018-10963", "CVE-2018-7456", "CVE-2018-8905"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-06-06T13:33:54", "published": "2018-06-06T13:33:54", "id": "FEDORA:CF74160AEBD4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libtiff-4.0.9-9.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11613", "CVE-2017-18013", "CVE-2017-9935", "CVE-2018-10963", "CVE-2018-7456", "CVE-2018-8905"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-06-15T15:52:15", "published": "2018-06-15T15:52:15", "id": "FEDORA:4E0E1604D2DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libtiff-4.0.9-10.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11613", "CVE-2017-18013", "CVE-2017-9935", "CVE-2018-10779", "CVE-2018-10801", "CVE-2018-10963", "CVE-2018-17100", "CVE-2018-17101", "CVE-2018-7456", "CVE-2018-8905"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-10-19T16:09:18", "published": "2018-10-19T16:09:18", "id": "FEDORA:9A70A612DEE8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libtiff-4.0.9-13.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11613", "CVE-2017-18013", "CVE-2017-9935", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-17100", "CVE-2018-17101", "CVE-2018-18557", "CVE-2018-18661", "CVE-2018-7456", "CVE-2018-8905"], "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "modified": "2018-11-24T01:56:56", "published": "2018-11-24T01:56:56", "id": "FEDORA:2BC6B6076968", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libtiff-4.0.10-1.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18013", "CVE-2017-9935"], "description": "\nDebian Security Advisory reports:\n\nMultiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.\n\n", "edition": 4, "modified": "2017-06-22T00:00:00", "published": "2017-06-22T00:00:00", "id": "B38E8150-0535-11E8-96AB-0800271D4B9C", "href": "https://vuxml.freebsd.org/freebsd/b38e8150-0535-11e8-96ab-0800271d4b9c.html", "title": "tiff -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11613", "CVE-2017-18013", "CVE-2017-9935", "CVE-2018-10779", "CVE-2018-10963", "CVE-2018-18557", "CVE-2018-18661", "CVE-2018-5784", "CVE-2018-7456", "CVE-2018-8905"], "description": "Arch Linux Security Advisory ASA-201811-18\n==========================================\n\nSeverity: High\nDate : 2018-11-20\nCVE-ID : CVE-2017-9935 CVE-2017-11613 CVE-2017-18013 CVE-2018-5784\nCVE-2018-7456 CVE-2018-8905 CVE-2018-10779 CVE-2018-10963\nCVE-2018-18557 CVE-2018-18661\nPackage : lib32-libtiff\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-791\n\nSummary\n=======\n\nThe package lib32-libtiff before version 4.0.10-1 is vulnerable to\nmultiple issues including arbitrary code execution, denial of service\nand information disclosure.\n\nResolution\n==========\n\nUpgrade to 4.0.10-1.\n\n# pacman -Syu \"lib32-libtiff>=4.0.10-1\"\n\nThe problems have been fixed upstream in version 4.0.10.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-9935 (arbitrary code execution)\n\nIn LibTIFF before 4.0.10, there is a heap-based buffer overflow in the\nt2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could\nlead to different damages. For example, a crafted TIFF document can\nlead to an out-of-bounds read in TIFFCleanup, an invalid free in\nTIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or\na double free in t2p_free. Given these possibilities, it probably could\ncause arbitrary code execution.\n\n- CVE-2017-11613 (denial of service)\n\nIn LibTIFF before 4.0.10, there is a denial of service vulnerability in\nthe TIFFOpen function triggered by resource consumption via crafted\ninput files. During the TIFFOpen process, td_imagelength is not\nchecked. The value of td_imagelength can be directly controlled by an\ninput file. In the ChopUpSingleUncompressedStrip function, the\n_TIFFCheckMalloc function is called based on td_imagelength. If we set\nthe value of td_imagelength close to the amount of system memory, it\nwill hang the system or trigger the OOM killer.\n\n- CVE-2017-18013 (denial of service)\n\nA null-pointer dereference issue has been found in libtiff before\n4.0.10, in the TIFFPrintDirectory() function in tiffinfo.c, while\nparsing the \"1 Strips: \" section of a crafted image, as demonstrated by\na tiffinfo tool crash.\n\n- CVE-2018-5784 (denial of service)\n\nIn LibTIFF before 4.0.10, there is an uncontrolled resource consumption\nin the TIFFSetDirectory function of tif_dir.c. Remote attackers could\nleverage this vulnerability to cause a denial of service via a crafted\ntif file. This occurs because the declared number of directory entries\nis not validated against the actual number of directory entries.\n\n- CVE-2018-7456 (denial of service)\n\nA null pointer dereference occurs in the function TIFFPrintDirectory in\ntif_print.c in LibTIFF before 4.0.10 when using the tiffinfo tool to\nprint crafted TIFF information.\n\n- CVE-2018-8905 (arbitrary code execution)\n\nIn LibTIFF before 4.0.10, a heap-based buffer overflow (out-of-bounds\nwrite) occurs in the function LZWDecodeCompat in tif_lzw.c via a\ncrafted TIFF file, as demonstrated by the tiff2ps tool.\n\n- CVE-2018-10779 (information disclosure)\n\nA heap-based out-of-bounds read has been found in libtiff before\n4.0.10, in the TIFFWriteScanline() function. The issue is caused by a\nuint32_t overflow on 32-bit systems.\n\n- CVE-2018-10963 (denial of service)\n\nThe TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF\nbefore 4.0.10 allows remote attackers to cause a denial of service\n(assertion failure and application crash) via a crafted file.\n\n- CVE-2018-18557 (arbitrary code execution)\n\nLibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized\nJBIG into a buffer, ignoring the buffer size, which leads to a\ntif_jbig.c JBIGDecode out-of-bounds write.\n\n- CVE-2018-18661 (denial of service)\n\nA null-pointer dereference has been found in LibTIFF before 4.0.10 in\nthe LZWDecode() function in the file tif_lzw.c.\n\nImpact\n======\n\nA remote attacker might be able to cause a denial of service or execute\narbitrary code on the affected host via a crafted picture file.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/60599\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2704\nhttps://gitlab.com/libtiff/libtiff/commit/5848777bd7e4f465681a7c4d0acf96a1dbd5b75c\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2724\nhttps://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8\nhttps://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2770\nhttps://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2772\nhttps://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef\nhttps://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2780\nhttps://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2788\nhttps://gitlab.com/libtiff/libtiff/commit/981e43ecae83935625c86c9118c0778c942c7048\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2795\nhttps://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1697\nhttps://gitlab.com/libtiff/libtiff/merge_requests/38\nhttps://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2819\nhttps://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f\nhttps://security.archlinux.org/CVE-2017-9935\nhttps://security.archlinux.org/CVE-2017-11613\nhttps://security.archlinux.org/CVE-2017-18013\nhttps://security.archlinux.org/CVE-2018-5784\nhttps://security.archlinux.org/CVE-2018-7456\nhttps://security.archlinux.org/CVE-2018-8905\nhttps://security.archlinux.org/CVE-2018-10779\nhttps://security.archlinux.org/CVE-2018-10963\nhttps://security.archlinux.org/CVE-2018-18557\nhttps://security.archlinux.org/CVE-2018-18661", "modified": "2018-11-20T00:00:00", "published": "2018-11-20T00:00:00", "id": "ASA-201811-18", "href": "https://security.archlinux.org/ASA-201811-18", "type": "archlinux", "title": "[ASA-201811-18] lib32-libtiff: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11613", "CVE-2017-9935", "CVE-2018-18557", "CVE-2018-18661"], "description": "Arch Linux Security Advisory ASA-201811-17\n==========================================\n\nSeverity: High\nDate : 2018-11-20\nCVE-ID : CVE-2017-9935 CVE-2017-11613 CVE-2018-18557 CVE-2018-18661\nPackage : libtiff\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-790\n\nSummary\n=======\n\nThe package libtiff before version 4.0.10-1 is vulnerable to multiple\nissues including arbitrary code execution and denial of service.\n\nResolution\n==========\n\nUpgrade to 4.0.10-1.\n\n# pacman -Syu \"libtiff>=4.0.10-1\"\n\nThe problems have been fixed upstream in version 4.0.10.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-9935 (arbitrary code execution)\n\nIn LibTIFF before 4.0.10, there is a heap-based buffer overflow in the\nt2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could\nlead to different damages. For example, a crafted TIFF document can\nlead to an out-of-bounds read in TIFFCleanup, an invalid free in\nTIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or\na double free in t2p_free. Given these possibilities, it probably could\ncause arbitrary code execution.\n\n- CVE-2017-11613 (denial of service)\n\nIn LibTIFF before 4.0.10, there is a denial of service vulnerability in\nthe TIFFOpen function triggered by resource consumption via crafted\ninput files. During the TIFFOpen process, td_imagelength is not\nchecked. The value of td_imagelength can be directly controlled by an\ninput file. In the ChopUpSingleUncompressedStrip function, the\n_TIFFCheckMalloc function is called based on td_imagelength. If we set\nthe value of td_imagelength close to the amount of system memory, it\nwill hang the system or trigger the OOM killer.\n\n- CVE-2018-18557 (arbitrary code execution)\n\nLibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized\nJBIG into a buffer, ignoring the buffer size, which leads to a\ntif_jbig.c JBIGDecode out-of-bounds write.\n\n- CVE-2018-18661 (denial of service)\n\nA null-pointer dereference has been found in LibTIFF before 4.0.10 in\nthe LZWDecode() function in the file tif_lzw.c.\n\nImpact\n======\n\nA remote attacker might be able to cause a denial of service or execute\narbitrary code on the affected host via a crafted picture file.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/60599\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2704\nhttps://gitlab.com/libtiff/libtiff/commit/5848777bd7e4f465681a7c4d0acf96a1dbd5b75c\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2724\nhttps://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8\nhttps://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1697\nhttps://gitlab.com/libtiff/libtiff/merge_requests/38\nhttps://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66\nhttp://bugzilla.maptools.org/show_bug.cgi?id=2819\nhttps://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f\nhttps://security.archlinux.org/CVE-2017-9935\nhttps://security.archlinux.org/CVE-2017-11613\nhttps://security.archlinux.org/CVE-2018-18557\nhttps://security.archlinux.org/CVE-2018-18661", "modified": "2018-11-20T00:00:00", "published": "2018-11-20T00:00:00", "id": "ASA-201811-17", "href": "https://security.archlinux.org/ASA-201811-17", "type": "archlinux", "title": "[ASA-201811-17] libtiff: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:51", "bulletinFamily": "software", "cvelist": ["CVE-2017-17095", "CVE-2016-5318", "CVE-2017-9117", "CVE-2018-5784", "CVE-2017-11613", "CVE-2017-18013", "CVE-2016-3186", "CVE-2017-12944", "CVE-2016-5102", "CVE-2017-5563", "CVE-2017-9935", "CVE-2017-9147"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.195.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.195.0 or later.\n\n# References\n\n * [USN-3606-1](<https://usn.ubuntu.com/3606-1/>)\n * [CVE-2016-3186](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-3186>)\n * [CVE-2016-5102](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5102>)\n * [CVE-2016-5318](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5318>)\n * [CVE-2017-11613](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11613>)\n * [CVE-2017-12944](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12944>)\n * [CVE-2017-17095](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17095>)\n * [CVE-2017-18013](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18013>)\n * [CVE-2017-5563](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-5563>)\n * [CVE-2017-9117](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9117>)\n * [CVE-2017-9147](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9147>)\n * [CVE-2017-9935](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9935>)\n * [CVE-2018-5784](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5784>)\n", "edition": 5, "modified": "2018-05-02T00:00:00", "published": "2018-05-02T00:00:00", "id": "CFOUNDRY:419C347150598833F1C493E269FE4871", "href": "https://www.cloudfoundry.org/blog/usn-3606-1/", "title": "USN-3606-1: LibTIFF vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:45", "bulletinFamily": "software", "cvelist": ["CVE-2016-10266", "CVE-2017-9815", "CVE-2017-7597", "CVE-2016-10268", "CVE-2017-11335", "CVE-2016-10371", "CVE-2018-5784", "CVE-2017-7601", "CVE-2017-18013", "CVE-2017-7600", "CVE-2017-9936", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-9403", "CVE-2017-7599", "CVE-2017-12944", "CVE-2017-10688", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-9404", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2016-10267"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.192.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.192.0 or later.\n\n# References\n\n * [USN-3602-1](<https://usn.ubuntu.com/3602-1/>)\n * [CVE-2016-10266](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10266>)\n * [CVE-2016-10267](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10267>)\n * [CVE-2016-10268](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10268>)\n * [CVE-2016-10269](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10269>)\n * [CVE-2016-10371](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10371>)\n * [CVE-2017-10688](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10688>)\n * [CVE-2017-11335](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11335>)\n * [CVE-2017-12944](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12944>)\n * [CVE-2017-13726](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13726>)\n * [CVE-2017-13727](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13727>)\n * [CVE-2017-18013](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18013>)\n * [CVE-2017-7592](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7592>)\n * [CVE-2017-7593](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7593>)\n * [CVE-2017-7594](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7594>)\n * [CVE-2017-7595](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7595>)\n * [CVE-2017-7596](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7596>)\n * [CVE-2017-7597](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7597>)\n * [CVE-2017-7598](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7598>)\n * [CVE-2017-7599](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7599>)\n * [CVE-2017-7600](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7600>)\n * [CVE-2017-7601](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7601>)\n * [CVE-2017-7602](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7602>)\n * [CVE-2017-9403](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9403>)\n * [CVE-2017-9404](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9404>)\n * [CVE-2017-9815](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9815>)\n * [CVE-2017-9936](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9936>)\n * [CVE-2018-5784](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5784>)\n", "edition": 5, "modified": "2018-05-02T00:00:00", "published": "2018-05-02T00:00:00", "id": "CFOUNDRY:B5964D2AB72D599E586D491432260541", "href": "https://www.cloudfoundry.org/blog/usn-3602-1/", "title": "USN-3602-1: LibTIFF vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17095", "CVE-2016-5318", "CVE-2017-9117", "CVE-2018-5784", "CVE-2017-11613", "CVE-2017-18013", "CVE-2016-3186", "CVE-2017-12944", "CVE-2016-5102", "CVE-2017-5563", "CVE-2017-9935", "CVE-2017-9147"], "description": "It was discovered that LibTIFF incorrectly handled certain malformed \nimages. If a user or automated system were tricked into opening a specially \ncrafted image, a remote attacker could crash the application, leading to a \ndenial of service, or possibly execute arbitrary code with user privileges.", "edition": 5, "modified": "2018-03-26T00:00:00", "published": "2018-03-26T00:00:00", "id": "USN-3606-1", "href": "https://ubuntu.com/security/notices/USN-3606-1", "title": "LibTIFF vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:43:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10266", "CVE-2017-9815", "CVE-2017-7597", "CVE-2016-10268", "CVE-2017-11335", "CVE-2016-10371", "CVE-2018-5784", "CVE-2017-7601", "CVE-2017-18013", "CVE-2017-7600", "CVE-2017-9936", "CVE-2017-7594", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7595", "CVE-2017-9403", "CVE-2017-7599", "CVE-2017-12944", "CVE-2017-10688", "CVE-2017-13726", "CVE-2017-13727", "CVE-2017-9404", "CVE-2017-7598", "CVE-2017-7596", "CVE-2017-7602", "CVE-2016-10269", "CVE-2016-10267"], "description": "It was discovered that LibTIFF incorrectly handled certain malformed \nimages. If a user or automated system were tricked into opening a specially \ncrafted image, a remote attacker could crash the application, leading to a \ndenial of service, or possibly execute arbitrary code with user privileges.", "edition": 5, "modified": "2018-03-20T00:00:00", "published": "2018-03-20T00:00:00", "id": "USN-3602-1", "href": "https://ubuntu.com/security/notices/USN-3602-1", "title": "LibTIFF vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-10-24T16:31:11", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10779", "CVE-2018-17795", "CVE-2018-17101", "CVE-2018-15209", "CVE-2018-16335", "CVE-2017-9935", "CVE-2018-17100"], "description": "This update for tiff fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer\n over-read, as demonstrated by bmp2tiff.(bsc#1092480)\n - CVE-2018-17100: There is a int32 overflow in multiply_ms in\n tools/ppm2tiff.c, which can cause a denial of service (crash) or\n possibly have unspecified other impact via a crafted image file.\n (bsc#1108637)\n - CVE-2018-17101: There are two out-of-bounds writes in cpTags in\n tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service\n (application crash) or possibly have unspecified other impact via a\n crafted image file. (bsc#1108627)\n - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote\n attackers to cause a denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other impact via a\n crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358)\n - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in\n tif_dirread.c allowed remote attackers to cause a denial of service\n (heap-based buffer overflow and application crash) or possibly have\n unspecified other impact via a crafted TIFF file, as demonstrated by\n tiff2pdf. This is a different vulnerability than CVE-2018-15209.\n (bsc#1106853)\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-10-24T15:09:18", "published": "2018-10-24T15:09:18", "id": "OPENSUSE-SU-2018:3370-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00055.html", "title": "Security update for tiff (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-24T16:31:11", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17795", "CVE-2017-11613", "CVE-2018-17101", "CVE-2018-15209", "CVE-2018-16335", "CVE-2017-9935", "CVE-2018-17100"], "description": "This update for tiff fixes the following issues:\n\n - CVE-2018-17100: There is a int32 overflow in multiply_ms in\n tools/ppm2tiff.c, which can cause a denial of service (crash) or\n possibly have unspecified other impact via a crafted image file.\n (bsc#1108637)\n - CVE-2018-17101: There are two out-of-bounds writes in cpTags in\n tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service\n (application crash) or possibly have unspecified other impact via a\n crafted image file. (bsc#1108627)\n - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote\n attackers to cause a denial of service (heap-based buffer overflow and\n application crash) or possibly have unspecified other impact via a\n crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358)\n - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in\n tif_dirread.c allowed remote attackers to cause a denial of service\n (heap-based buffer overflow and application crash) or possibly have\n unspecified other impact via a crafted TIFF file, as demonstrated by\n tiff2pdf. This is a different vulnerability than CVE-2018-15209.\n (bsc#1106853)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-10-24T15:10:10", "published": "2018-10-24T15:10:10", "id": "OPENSUSE-SU-2018:3371-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00056.html", "title": "Security update for tiff (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}