Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2022-1667-1.NASLHistoryMay 17, 2022 - 12:00 a.m.
SUSE SLES12 Security Update : tiff (SUSE-SU-2022:1667-1)
2022-05-1700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1667-1 advisory.
-
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
(CVE-2022-0561) -
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. (CVE-2022-0562)
-
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
(CVE-2022-0865) -
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact (CVE-2022-0891)
-
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
(CVE-2022-0908) -
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
(CVE-2022-0909) -
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
(CVE-2022-0924) -
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
(CVE-2022-1056)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:1667-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(161223);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2022-0561",
"CVE-2022-0562",
"CVE-2022-0865",
"CVE-2022-0891",
"CVE-2022-0908",
"CVE-2022-0909",
"CVE-2022-0924",
"CVE-2022-1056"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:1667-1");
script_name(english:"SUSE SLES12 Security Update : tiff (SUSE-SU-2022:1667-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:1667-1 advisory.
- Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in
tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF
file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
(CVE-2022-0561)
- Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c
in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users
that compile libtiff from sources, a fix is available with commit 561599c. (CVE-2022-0562)
- Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted
tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
(CVE-2022-0865)
- A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0
allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could
result into application crash, potential information disclosure or any other context-dependent impact
(CVE-2022-0891)
- Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in
tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
(CVE-2022-0908)
- Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
(CVE-2022-0909)
- Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
(CVE-2022-0924)
- Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
(CVE-2022-1056)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195964");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195965");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197066");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197068");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197072");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197073");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197631");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0561");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0562");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0865");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0891");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0908");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0909");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0924");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1056");
# https://lists.suse.com/pipermail/sle-security-updates/2022-May/011027.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c92ed81e");
script_set_attribute(attribute:"solution", value:
"Update the affected libtiff-devel, libtiff5, libtiff5-32bit and / or tiff packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0891");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tiff");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'libtiff-devel-4.0.9-44.48.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libtiff5-32bit-4.0.9-44.48.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libtiff5-4.0.9-44.48.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'tiff-4.0.9-44.48.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libtiff-devel-4.0.9-44.48.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libtiff5-32bit-4.0.9-44.48.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libtiff5-4.0.9-44.48.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'tiff-4.0.9-44.48.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff-devel / libtiff5 / libtiff5-32bit / tiff');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | libtiff-devel | p-cpe:/a:novell:suse_linux:libtiff-devel |
| novell | suse_linux | libtiff5 | p-cpe:/a:novell:suse_linux:libtiff5 |
| novell | suse_linux | libtiff5-32bit | p-cpe:/a:novell:suse_linux:libtiff5-32bit |
| novell | suse_linux | tiff | p-cpe:/a:novell:suse_linux:tiff |
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056
www.nessus.org/u?c92ed81e
bugzilla.suse.com/1195964
bugzilla.suse.com/1195965
bugzilla.suse.com/1197066
bugzilla.suse.com/1197068
bugzilla.suse.com/1197072
bugzilla.suse.com/1197073
bugzilla.suse.com/1197074
bugzilla.suse.com/1197631
www.suse.com/security/cve/CVE-2022-0561
www.suse.com/security/cve/CVE-2022-0562
www.suse.com/security/cve/CVE-2022-0865
www.suse.com/security/cve/CVE-2022-0891
www.suse.com/security/cve/CVE-2022-0908
www.suse.com/security/cve/CVE-2022-0909
www.suse.com/security/cve/CVE-2022-0924
www.suse.com/security/cve/CVE-2022-1056
Related
suse
suse
Security update for tiff (important)
2022-05-30 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2022:1882-1)
2022-05-31 00:00:00
EulerOS 2.0 SP3 : libtiff (EulerOS-SA-2022-1739)
2022-05-26 00:00:00
Rocky Linux 8 : libtiff (RLSA-2022:7585)
2022-11-17 00:00:00
ibm
ibm
mageia
mageia
Updated libtiff packages fix security vulnerability
2022-03-28 19:23:37
Updated libtiff packages fix security vulnerability
2022-03-06 13:40:17
osv
osv
Moderate: libtiff security update
2022-11-08 00:00:00
tiff - security update
2022-03-24 00:00:00
Moderate: libtiff security update
2022-11-08 06:23:40
archlinux
archlinux
[ASA-202204-6] libtiff: multiple issues
2022-04-05 00:00:00
rocky
rocky
libtiff security update
2022-11-08 06:23:40
oraclelinux
oraclelinux
libtiff security update
2022-11-15 00:00:00
libtiff security update
2022-11-22 00:00:00
redhat
redhat
(RHSA-2022:7585) Moderate: libtiff security update
2022-11-08 06:23:40
(RHSA-2022:8194) Moderate: libtiff security update
2022-11-15 06:18:19
(RHSA-2023:0470) Important: Migration Toolkit for Runtimes security update
2023-01-26 11:33:15
almalinux
almalinux
Moderate: libtiff security update
2022-11-08 00:00:00
Moderate: libtiff security update
2022-11-15 00:00:00
debian
debian
[SECURITY] [DSA 5108-1] tiff security update
2022-03-24 18:55:21
[SECURITY] [DLA 2932-1] tiff security update
2022-03-06 17:18:56
fedora
fedora
[SECURITY] Fedora 35 Update: libtiff-4.3.0-6.fc35
2022-03-31 01:15:26
[SECURITY] Fedora 36 Update: libtiff-4.3.0-6.fc36
2022-04-03 00:15:59
[SECURITY] Fedora 35 Update: libtiff-4.3.0-4.fc35
2022-03-02 16:10:57
cloudfoundry
cloudfoundry
USN-5421-1: LibTIFF vulnerabilities | Cloud Foundry
2022-07-29 00:00:00
USN-5523-2: LibTIFF vulnerabilities | Cloud Foundry
2022-09-29 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-05-16 00:00:00
LibTIFF vulnerabilities
2022-07-19 00:00:00
LibTIFF vulnerabilities
2022-09-12 00:00:00
gentoo
gentoo
LibTIFF: Multiple Vulnerabilities
2022-10-31 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0169
2022-04-03 00:00:00
Important Photon OS Security Update - PHSA-2022-0169
2022-04-03 00:00:00
Important Photon OS Security Update - PHSA-2022-0458
2022-03-30 00:00:00
ubuntucve
ubuntucve
amazon
amazon
Medium: libtiff
2022-07-28 20:38:00
Medium: libtiff
2022-04-25 22:56:00
Medium: libtiff
2022-05-31 23:50:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2338
2024-02-06 08:15:12
debiancve
debiancve
cve
cve
prion
prion
Null pointer dereference
2022-02-11 18:15:00
Input validation
2022-03-11 18:15:00
Null pointer dereference
2022-03-11 18:15:00
alpinelinux
alpinelinux
veracode
veracode
Denial Of Service (DoS)
2022-04-22 04:50:53
Denial Of Service (DoS)
2022-04-22 04:52:51
Denial Of Service (DoS)
2022-04-21 20:53:24
cbl_mariner
cbl_mariner
CVE-2022-0924 affecting package libtiff 4.3.0-1
2022-04-26 20:17:07
CVE-2022-0908 affecting package libtiff 4.3.0-1
2022-04-26 20:17:07
CVE-2022-0562 affecting package libtiff 4.3.0-1
2022-04-26 20:17:07
redhatcve
redhatcve
Related for SUSE_SU-2022-1667-1.NASL