Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2022-4248-1.NASLHistoryNov 29, 2022 - 12:00 a.m.
SUSE SLES12 Security Update : tiff (SUSE-SU-2022:4248-1)
2022-11-2900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4248-1 advisory.
-
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3597) -
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. (CVE-2022-3599)
-
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3626) -
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3627) -
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:4248-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(168248);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id(
"CVE-2022-3597",
"CVE-2022-3599",
"CVE-2022-3626",
"CVE-2022-3627",
"CVE-2022-3970"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:4248-1");
script_name(english:"SUSE SLES12 Security Update : tiff (SUSE-SU-2022:4248-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:4248-1 advisory.
- LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from
extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted
tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3597)
- LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers
to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix
is available with commit e8131125. (CVE-2022-3599)
- LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from
processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3626)
- LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from
extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted
tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
(CVE-2022-3627)
- A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function
TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is
possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to
fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204641");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204643");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204644");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205392");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3597");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3599");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3626");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3627");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3970");
# https://lists.suse.com/pipermail/sle-security-updates/2022-November/013120.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71704d47");
script_set_attribute(attribute:"solution", value:
"Update the affected libtiff5, libtiff5-32bit and / or tiff packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3970");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/21");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tiff");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP4/5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'libtiff5-32bit-4.0.9-44.59.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'libtiff5-4.0.9-44.59.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'tiff-4.0.9-44.59.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'libtiff5-32bit-4.0.9-44.59.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libtiff5-4.0.9-44.59.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'tiff-4.0.9-44.59.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libtiff5-32bit-4.0.9-44.59.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libtiff5-4.0.9-44.59.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'tiff-4.0.9-44.59.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff5 / libtiff5-32bit / tiff');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | libtiff5 | p-cpe:/a:novell:suse_linux:libtiff5 |
| novell | suse_linux | libtiff5-32bit | p-cpe:/a:novell:suse_linux:libtiff5-32bit |
| novell | suse_linux | tiff | p-cpe:/a:novell:suse_linux:tiff |
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
www.nessus.org/u?71704d47
bugzilla.suse.com/1204641
bugzilla.suse.com/1204643
bugzilla.suse.com/1204644
bugzilla.suse.com/1204645
bugzilla.suse.com/1205392
www.suse.com/security/cve/CVE-2022-3597
www.suse.com/security/cve/CVE-2022-3599
www.suse.com/security/cve/CVE-2022-3626
www.suse.com/security/cve/CVE-2022-3627
www.suse.com/security/cve/CVE-2022-3970
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2022:4259-1)
2022-11-29 00:00:00
EulerOS 2.0 SP10 : libtiff (EulerOS-SA-2023-1363)
2023-02-10 00:00:00
CentOS 9 : libtiff-4.4.0-7.el9
2024-02-29 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-0307
2023-01-04 00:00:00
Moderate Photon OS Security Update - PHSA-2023-0516
2023-01-14 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0516
2023-01-14 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2022-11-13 05:25:20
Updated libtiff packages fix security vulnerability
2022-12-07 02:32:48
oraclelinux
oraclelinux
libtiff security update
2023-05-15 00:00:00
libtiff security update
2023-05-24 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-05-09 00:00:00
Moderate: libtiff security update
2023-05-16 00:00:00
ibm
ibm
osv
osv
Moderate: libtiff security update
2023-05-09 00:00:00
Moderate: libtiff security update
2023-05-16 00:00:00
tiff - security update
2023-01-20 00:00:00
redhat
redhat
(RHSA-2023:2883) Moderate: libtiff security update
2023-05-16 05:57:15
(RHSA-2023:2340) Moderate: libtiff security update
2023-05-09 05:07:52
(RHSA-2023:3813) Moderate: Migration Toolkit for Runtimes security update
2023-06-27 10:52:18
amazon
amazon
Medium: libtiff
2023-08-17 11:58:00
Medium: libtiff
2023-08-17 11:58:00
Important: libtiff
2022-12-01 20:31:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.4.0-alt2
2022-12-27 00:00:00
redhatcve
redhatcve
prion
prion
ubuntucve
ubuntucve
debiancve
debiancve
veracode
veracode
Out-of-bounds Write
2022-10-24 08:50:49
Denial Of Service (DoS)
2022-10-24 08:30:34
Denial Of Service (DoS)
2022-10-23 21:26:54
debian
debian
[SECURITY] [DLA 3278-1] tiff security update
2023-01-20 22:37:38
[SECURITY] [DSA 5333-1] tiff security update
2023-01-29 12:55:02
cbl_mariner
cbl_mariner
CVE-2022-3626 affecting package libtiff 4.4.0-4
2022-11-24 00:45:37
CVE-2022-3597 affecting package libtiff 4.4.0-5
2022-11-30 04:44:03
CVE-2022-3597 affecting package libtiff 4.4.0-4
2022-11-24 00:45:37
cve
cve
cnvd
cnvd
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72093)
2022-10-25 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72092)
2022-10-25 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72095)
2022-10-25 00:00:00
alpinelinux
alpinelinux
redos
redos
ROS-20221118-01
2022-11-18 00:00:00
ubuntu
ubuntu
LibTIFF vulnerability
2022-11-24 00:00:00
LibTIFF vulnerability
2022-12-01 00:00:00
LibTIFF vulnerabilities
2022-11-08 00:00:00
f5
f5
K37923932 : libTIFF vulnerability CVE-2022-3970
2022-12-09 00:00:00
cloudfoundry
cloudfoundry
USN-5743-2: LibTIFF vulnerability | Cloud Foundry
2022-12-07 00:00:00
USN-5714-1: LibTIFF vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2264
2023-10-22 05:35:45
Advisory ROSA-SA-2024-2338
2024-02-06 08:15:12
slackware
slackware
[slackware-security] libtiff
2023-01-04 02:19:46
apple
apple
About the security content of iOS 16.6 and iPadOS 16.6
2023-07-24 00:00:00
About the security content of macOS Ventura 13.5
2023-07-24 00:00:00
Related for SUSE_SU-2022-4248-1.NASL