The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117)
Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. (CVE-2016-10092)
Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. (CVE-2016-10093)
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. (CVE-2016-10094)
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (CVE-2016-10266)
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (CVE-2016-10267)
tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to READ of size 78490 and libtiff/tif_unix.c:115:23. (CVE-2016-10268)
LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to READ of size 512 and libtiff/tif_unix.c:340:2. (CVE-2016-10269)
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to READ of size 8 and libtiff/tif_read.c:523:22. (CVE-2016-10270)
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to READ of size 1 and libtiff/tif_fax3.c:413:13. (CVE-2016-10271)
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to WRITE of size 2048 and libtiff/tif_next.c:64:9. (CVE-2016-10272)
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. (CVE-2016-3186)
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. (CVE-2016-3622)
The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the -v option to -1. (CVE-2016-3624)
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. (CVE-2016-3631)
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. (CVE-2016-5102)
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. (CVE-2016-5318)
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. (CVE-2016-5319)
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. (CVE-2016-5321)
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. (CVE-2016-5323)
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. (CVE-2016-9273)
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. (CVE-2016-9297)
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. (CVE-2016-9453)
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532)
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. (CVE-2016-9538)
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. (CVE-2016-9539)
In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. (CVE-2017-10688)
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. (CVE-2017-11335)
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. (CVE-2017-12944)
There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
(CVE-2017-13726)
There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. (CVE-2017-13727)
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue (CVE-2017-16232)
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. (CVE-2017-17095)
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
(CVE-2017-17942)
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. (CVE-2017-5225)
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. (CVE-2017-5563)
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7592)
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. (CVE-2017-7593)
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. (CVE-2017-7594)
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (CVE-2017-7595)
LibTIFF 4.0.7 has an outside the range of representable values of type float undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7596)
tif_dirread.c in LibTIFF 4.0.7 has an outside the range of representable values of type float undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7597)
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (CVE-2017-7598)
LibTIFF 4.0.7 has an outside the range of representable values of type short undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7599)
LibTIFF 4.0.7 has an outside the range of representable values of type unsigned char undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7600)
LibTIFF 4.0.7 has a shift exponent too large for 64-bit type long undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7601)
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7602)
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. (CVE-2017-9147)
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9403)
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9404)
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function
_TIFFmalloc in tif_unix.c) via a crafted file. (CVE-2017-9815)
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c.
This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. (CVE-2017-9935)
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. (CVE-2017-9936)
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. (CVE-2017-9937)
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. (CVE-2018-10779)
TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.
(CVE-2018-10801)
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. (CVE-2018-12900)
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (CVE-2018-16335)
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (CVE-2018-17100)
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (CVE-2018-17101)
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. (CVE-2018-18661)
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. (CVE-2018-19210)
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over- read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. (CVE-2018-5360)
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. (CVE-2018-5784)
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) (CVE-2018-7456)
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. (CVE-2018-8905)
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a Negative-size-param condition. (CVE-2019-17546)
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
(CVE-2019-6128)
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. (CVE-2020-18768)
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the invertImage() function in the component tiffcrop. (CVE-2020-19131)
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. (CVE-2020-35521)
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. (CVE-2020-35522)
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
(CVE-2022-0865)
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact (CVE-2022-0891)
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
(CVE-2022-0924)
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
(CVE-2022-1056)
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
(CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 (CVE-2022-2519)
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. (CVE-2022-2520)
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. (CVE-2022-2521)
libtiff’s tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. (CVE-2022-2867)
libtiff’s tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. (CVE-2022-2868)
libtiff’s tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. (CVE-2022-2869)
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. (CVE-2022-2953)
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3597)
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. (CVE-2022-3599)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3626)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3627)
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. (CVE-2022-40090)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. (CVE-2022-4645)
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., WRITE of size 307203) via a crafted TIFF image. (CVE-2022-48281)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0795)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0796)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
(CVE-2023-0797)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0798)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0799)
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. (CVE-2023-0800)
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
(CVE-2023-0801)
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. (CVE-2023-0802)
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. (CVE-2023-0803)
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. (CVE-2023-0804)
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
(CVE-2023-1916)
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. (CVE-2023-25435)
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. (CVE-2023-26966)
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. (CVE-2023-30086)
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. (CVE-2023-30774)
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. (CVE-2023-30775)
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. (CVE-2023-3164)
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)
A memory leak flaw was found in Libtiff’s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
(CVE-2023-3576)
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
(CVE-2023-3618)
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. (CVE-2023-40745)
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. (CVE-2023-41175)
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. (CVE-2023-52355)
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. (CVE-2023-52356)
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. (CVE-2023-6228)
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
(CVE-2023-6277)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory libtiff. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(196585);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2016-3186",
"CVE-2016-3622",
"CVE-2016-3624",
"CVE-2016-3631",
"CVE-2016-5102",
"CVE-2016-5318",
"CVE-2016-5319",
"CVE-2016-5321",
"CVE-2016-5323",
"CVE-2016-9273",
"CVE-2016-9297",
"CVE-2016-9453",
"CVE-2016-9532",
"CVE-2016-9538",
"CVE-2016-9539",
"CVE-2016-10092",
"CVE-2016-10093",
"CVE-2016-10094",
"CVE-2016-10266",
"CVE-2016-10267",
"CVE-2016-10268",
"CVE-2016-10269",
"CVE-2016-10270",
"CVE-2016-10271",
"CVE-2016-10272",
"CVE-2017-5225",
"CVE-2017-5563",
"CVE-2017-7592",
"CVE-2017-7593",
"CVE-2017-7594",
"CVE-2017-7595",
"CVE-2017-7596",
"CVE-2017-7597",
"CVE-2017-7598",
"CVE-2017-7599",
"CVE-2017-7600",
"CVE-2017-7601",
"CVE-2017-7602",
"CVE-2017-9117",
"CVE-2017-9147",
"CVE-2017-9403",
"CVE-2017-9404",
"CVE-2017-9815",
"CVE-2017-9935",
"CVE-2017-9936",
"CVE-2017-9937",
"CVE-2017-10688",
"CVE-2017-11335",
"CVE-2017-12944",
"CVE-2017-13726",
"CVE-2017-13727",
"CVE-2017-16232",
"CVE-2017-17095",
"CVE-2017-17942",
"CVE-2018-5360",
"CVE-2018-5784",
"CVE-2018-7456",
"CVE-2018-8905",
"CVE-2018-10779",
"CVE-2018-10801",
"CVE-2018-12900",
"CVE-2018-16335",
"CVE-2018-17100",
"CVE-2018-17101",
"CVE-2018-18661",
"CVE-2018-19210",
"CVE-2019-6128",
"CVE-2019-17546",
"CVE-2020-18768",
"CVE-2020-19131",
"CVE-2020-35521",
"CVE-2020-35522",
"CVE-2020-35523",
"CVE-2020-35524",
"CVE-2022-0865",
"CVE-2022-0891",
"CVE-2022-0924",
"CVE-2022-1056",
"CVE-2022-2056",
"CVE-2022-2057",
"CVE-2022-2058",
"CVE-2022-2519",
"CVE-2022-2520",
"CVE-2022-2521",
"CVE-2022-2867",
"CVE-2022-2868",
"CVE-2022-2869",
"CVE-2022-2953",
"CVE-2022-3570",
"CVE-2022-3597",
"CVE-2022-3598",
"CVE-2022-3599",
"CVE-2022-3626",
"CVE-2022-3627",
"CVE-2022-3970",
"CVE-2022-4645",
"CVE-2022-40090",
"CVE-2022-48281",
"CVE-2023-0795",
"CVE-2023-0796",
"CVE-2023-0797",
"CVE-2023-0798",
"CVE-2023-0799",
"CVE-2023-0800",
"CVE-2023-0801",
"CVE-2023-0802",
"CVE-2023-0803",
"CVE-2023-0804",
"CVE-2023-1916",
"CVE-2023-3164",
"CVE-2023-3316",
"CVE-2023-3576",
"CVE-2023-3618",
"CVE-2023-6228",
"CVE-2023-6277",
"CVE-2023-25433",
"CVE-2023-25435",
"CVE-2023-26966",
"CVE-2023-30086",
"CVE-2023-30774",
"CVE-2023-30775",
"CVE-2023-40745",
"CVE-2023-41175",
"CVE-2023-52355",
"CVE-2023-52356"
);
script_name(english:"RHEL 6 : libtiff (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117)
- Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7,
3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2,
4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted
image. (CVE-2016-10092)
- Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4,
4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows
remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer
overflow. (CVE-2016-10093)
- Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows
remote attackers to have unspecified impact via a crafted image. (CVE-2016-10094)
- LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application
crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (CVE-2016-10266)
- LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application
crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (CVE-2016-10267)
- tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow
and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image,
related to READ of size 78490 and libtiff/tif_unix.c:115:23. (CVE-2016-10268)
- LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta,
4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read)
or possibly have unspecified other impact via a crafted TIFF image, related to READ of size 512 and
libtiff/tif_unix.c:340:2. (CVE-2016-10269)
- LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or
possibly have unspecified other impact via a crafted TIFF image, related to READ of size 8 and
libtiff/tif_read.c:523:22. (CVE-2016-10270)
- tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer
over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related
to READ of size 1 and libtiff/tif_fax3.c:413:13. (CVE-2016-10271)
- LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or
possibly have unspecified other impact via a crafted TIFF image, related to WRITE of size 2048 and
libtiff/tif_next.c:64:9. (CVE-2016-10272)
- Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to
cause a denial of service (application crash) via a crafted GIF file. (CVE-2016-3186)
- The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote
attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. (CVE-2016-3622)
- The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause
a denial of service (out-of-bounds write) by setting the -v option to -1. (CVE-2016-3624)
- The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote
attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array
variable. (CVE-2016-3631)
- Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows
remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. (CVE-2016-5102)
- Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote
attackers to crash the application via a crafted tiff. (CVE-2016-5318)
- Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash
the application via a crafted bmp file. (CVE-2016-5319)
- The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service
(invalid read and crash) via a crafted tiff image. (CVE-2016-5321)
- The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted Tiff image. (CVE-2016-5323)
- tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a
crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. (CVE-2016-9273)
- The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service
(out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. (CVE-2016-9297)
- The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service
(out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a
TIFFTAG_JPEGTABLES of length one. (CVE-2016-9453)
- Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows
remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. (CVE-2016-9532)
- tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a
uint16 integer overflow. Reported as MSVR 35100. (CVE-2016-9538)
- tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as
MSVR 35092. (CVE-2016-9539)
- In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in
tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. (CVE-2017-10688)
- There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig
image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function
in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code
execution attack. (CVE-2017-11335)
- The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short
files, which allows remote attackers to cause a denial of service (allocation failure and application
crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. (CVE-2017-12944)
- There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to
tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
(CVE-2017-13726)
- There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8,
related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service
attack. (CVE-2017-13727)
- LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service
(memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were
unable to reproduce the issue (CVE-2017-16232)
- tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service
(TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other
impact via a crafted TIFF file. (CVE-2017-17095)
- In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
(CVE-2017-17942)
- LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code
execution via a crafted BitsPerSample value. (CVE-2017-5225)
- LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code
execution via a crafted bmp image to tools/bmp2tiff. (CVE-2017-5563)
- The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue,
which might allow remote attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image. (CVE-2017-7592)
- tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow
remote attackers to obtain sensitive information from process memory via a crafted image. (CVE-2017-7593)
- The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers
to cause a denial of service (memory leak) via a crafted image. (CVE-2017-7594)
- The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted image. (CVE-2017-7595)
- LibTIFF 4.0.7 has an outside the range of representable values of type float undefined behavior issue,
which might allow remote attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image. (CVE-2017-7596)
- tif_dirread.c in LibTIFF 4.0.7 has an outside the range of representable values of type float undefined
behavior issue, which might allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image. (CVE-2017-7597)
- tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted image. (CVE-2017-7598)
- LibTIFF 4.0.7 has an outside the range of representable values of type short undefined behavior issue,
which might allow remote attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image. (CVE-2017-7599)
- LibTIFF 4.0.7 has an outside the range of representable values of type unsigned char undefined behavior
issue, which might allow remote attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted image. (CVE-2017-7600)
- LibTIFF 4.0.7 has a shift exponent too large for 64-bit type long undefined behavior issue, which might
allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other
impact via a crafted image. (CVE-2017-7601)
- LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7602)
- LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote
attackers to cause a denial of service (crash) via a crafted TIFF file. (CVE-2017-9147)
- In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in
tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9403)
- In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable
in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9404)
- In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc
operation, which allows attackers to cause a denial of service (memory leak within the function
_TIFFmalloc in tif_unix.c) via a crafted file. (CVE-2017-9815)
- In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c.
This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an
out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in
t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause
arbitrary code execution. (CVE-2017-9935)
- In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak
resulting in a remote denial of service attack. (CVE-2017-9936)
- In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an
abort resulting in a remote denial of service attack. (CVE-2017-9937)
- TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by
bmp2tiff. (CVE-2018-10779)
- TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.
(CVE-2018-10801)
- Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4,
3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4,
4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service
(crash) or possibly have unspecified other impact via a crafted TIFF file. (CVE-2018-12900)
- newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different
vulnerability than CVE-2018-15209. (CVE-2018-16335)
- An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c,
which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image
file. (CVE-2018-17100)
- An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c
and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image file. (CVE-2018-17101)
- An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in
the file tif_lzw.c. (CVE-2018-18661)
- In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in
tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. (CVE-2018-19210)
- LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-
read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. (CVE-2018-5360)
- In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of
tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted
tif file. This occurs because the declared number of directory entries is not validated against the actual
number of directory entries. (CVE-2018-5784)
- A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3,
3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3,
4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF
information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the
TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) (CVE-2018-7456)
- In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a
crafted TIFF file, as demonstrated by tiff2ps. (CVE-2018-8905)
- tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer
overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a
Negative-size-param condition. (CVE-2019-17546)
- The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
(CVE-2019-6128)
- There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an
attacker to cause a denial-of-service through a crafted tiff file. (CVE-2020-18768)
- Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the invertImage()
function in the component tiffcrop. (CVE-2020-19131)
- A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can
lead to an abort, resulting in denial of service. (CVE-2020-35521)
- In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an
abort, resulting in a remote denial of service attack. (CVE-2020-35522)
- An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an
attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat
from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)
- A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's
TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from
this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)
- Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted
tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
(CVE-2022-0865)
- A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0
allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could
result into application crash, potential information disclosure or any other context-dependent impact
(CVE-2022-0891)
- Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
(CVE-2022-0924)
- Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
(CVE-2022-1056)
- Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
(CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
- There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
(CVE-2022-2519)
- A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at
tiffcrop.c:8621 that can cause program crash when reading a crafted input. (CVE-2022-2520)
- It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at
tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while
processing crafted input. (CVE-2022-2521)
- libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An
attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with
certain parameters) could cause a crash or in some cases, further exploitation. (CVE-2022-2867)
- libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and
ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. (CVE-2022-2868)
- libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the
extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this
flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw
could cause a crash or potentially further exploitation. (CVE-2022-2869)
- LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing
attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from
sources, the fix is available with commit 48d6ece8. (CVE-2022-2953)
- Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to
trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into
application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)
- LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from
extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted
tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3597)
- LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,
allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff
from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)
- LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers
to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix
is available with commit e8131125. (CVE-2022-3599)
- LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from
processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3626)
- LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from
extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted
tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3627)
- A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function
TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is
possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to
fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)
- An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a
denial of service via crafted TIFF file. (CVE-2022-40090)
- LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a
denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit e8131125. (CVE-2022-4645)
- processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g.,
WRITE of size 307203) via a crafted TIFF image. (CVE-2022-48281)
- LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause
a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit afaabc3e. (CVE-2023-0795)
- LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause
a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit afaabc3e. (CVE-2023-0796)
- LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by
tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
(CVE-2023-0797)
- LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause
a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit afaabc3e. (CVE-2023-0798)
- LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause
a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit afaabc3e. (CVE-2023-0799)
- LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause
a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit 33aee127. (CVE-2023-0800)
- LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by
tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
(CVE-2023-0801)
- LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause
a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit 33aee127. (CVE-2023-0802)
- LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause
a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit 33aee127. (CVE-2023-0803)
- LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause
a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is
available with commit 33aee127. (CVE-2023-0804)
- A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file
can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a
denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
(CVE-2023-1916)
- libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of
buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)
- libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at
/libtiff/tools/tiffcrop.c:3753. (CVE-2023-25435)
- libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian
TIFF file and specifies the output to be big-endian. (CVE-2023-26966)
- Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of
service via the tiffcp function in tiffcp.c. (CVE-2023-30086)
- A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the
TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. (CVE-2023-30774)
- A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in
extractContigSamples32bits, tiffcrop.c. (CVE-2023-30775)
- A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at
tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service
via a crafted tiff file. (CVE-2023-3164)
- A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path
or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)
- A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a
TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes
this memory leak issue, resulting an application crash, eventually leading to a denial of service.
(CVE-2023-3576)
- A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a
buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
(CVE-2023-3618)
- LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of
service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers
a heap-based buffer overflow. (CVE-2023-40745)
- A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw
allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted
tiff image, which triggers a heap-based buffer overflow. (CVE-2023-41175)
- An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the
TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a
crafted input with a size smaller than 379 KB. (CVE-2023-52355)
- A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to
the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading
to a denial of service. (CVE-2023-52356)
- An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on
processing may cause a heap-based buffer overflow leads to an application crash. (CVE-2023-6228)
- An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a
remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
(CVE-2023-6277)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9117");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compact-libtiff");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-libtiff3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ghostscript");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw-libtiff");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:opencv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'libtiff', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'libtiff'},
{'reference':'opencv', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'opencv', 'cves':['CVE-2017-9147']},
{'reference':'qt', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'qt', 'cves':['CVE-2017-9147']}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff / opencv / qt');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10271
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10272
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3186
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3624
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5319
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9273
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5563
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7592
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9403
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18661
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5360
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1916
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3164
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6277