Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6290-1.NASL
HistoryAug 16, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : LibTIFF vulnerabilities (USN-6290-1)

2023-08-1600:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6290-1 advisory.

  • processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., WRITE of size 307203) via a crafted TIFF image. (CVE-2022-48281)

  • libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)

  • loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. (CVE-2023-26965)

  • libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. (CVE-2023-26966)

  • A NULL pointer dereference flaw was found in Libtiff’s LZWDecode() function in the libtiff/tif_lzw.c file.
    This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
    (CVE-2023-2731)

  • A null pointer dereference issue was found in Libtiff’s tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
    (CVE-2023-2908)

  • A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)

  • A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
    (CVE-2023-3618)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6290-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(179893);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/16");

  script_cve_id(
    "CVE-2022-48281",
    "CVE-2023-2731",
    "CVE-2023-2908",
    "CVE-2023-3316",
    "CVE-2023-3618",
    "CVE-2023-25433",
    "CVE-2023-26965",
    "CVE-2023-26966",
    "CVE-2023-38288",
    "CVE-2023-38289"
  );
  script_xref(name:"USN", value:"6290-1");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : LibTIFF vulnerabilities (USN-6290-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by
multiple vulnerabilities as referenced in the USN-6290-1 advisory.

  - processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g.,
    WRITE of size 307203) via a crafted TIFF image. (CVE-2022-48281)

  - libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of
    buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)

  - loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted
    TIFF image. (CVE-2023-26965)

  - libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian
    TIFF file and specifies the output to be big-endian. (CVE-2023-26966)

  - A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file.
    This flaw allows a local attacker to craft specific input data that can cause the program to dereference a
    NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
    (CVE-2023-2731)

  - A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker
    to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes
    undefined behavior. This will result in an application crash, eventually leading to a denial of service.
    (CVE-2023-2908)

  - A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path
    or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)

  - A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a
    buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
    (CVE-2023-3618)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6290-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3618");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:23.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff-opengl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff4-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff5-alt-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiffxx5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiffxx6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release || '23.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04 / 23.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'libtiff-opengl', 'pkgver': '4.0.6-1ubuntu0.8+esm12'},
    {'osver': '16.04', 'pkgname': 'libtiff-tools', 'pkgver': '4.0.6-1ubuntu0.8+esm12'},
    {'osver': '16.04', 'pkgname': 'libtiff5', 'pkgver': '4.0.6-1ubuntu0.8+esm12'},
    {'osver': '16.04', 'pkgname': 'libtiff5-dev', 'pkgver': '4.0.6-1ubuntu0.8+esm12'},
    {'osver': '16.04', 'pkgname': 'libtiffxx5', 'pkgver': '4.0.6-1ubuntu0.8+esm12'},
    {'osver': '18.04', 'pkgname': 'libtiff-dev', 'pkgver': '4.0.9-5ubuntu0.10+esm2'},
    {'osver': '18.04', 'pkgname': 'libtiff-opengl', 'pkgver': '4.0.9-5ubuntu0.10+esm2'},
    {'osver': '18.04', 'pkgname': 'libtiff-tools', 'pkgver': '4.0.9-5ubuntu0.10+esm2'},
    {'osver': '18.04', 'pkgname': 'libtiff5', 'pkgver': '4.0.9-5ubuntu0.10+esm2'},
    {'osver': '18.04', 'pkgname': 'libtiff5-dev', 'pkgver': '4.0.9-5ubuntu0.10+esm2'},
    {'osver': '18.04', 'pkgname': 'libtiffxx5', 'pkgver': '4.0.9-5ubuntu0.10+esm2'},
    {'osver': '20.04', 'pkgname': 'libtiff-dev', 'pkgver': '4.1.0+git191117-2ubuntu0.20.04.9'},
    {'osver': '20.04', 'pkgname': 'libtiff-opengl', 'pkgver': '4.1.0+git191117-2ubuntu0.20.04.9'},
    {'osver': '20.04', 'pkgname': 'libtiff-tools', 'pkgver': '4.1.0+git191117-2ubuntu0.20.04.9'},
    {'osver': '20.04', 'pkgname': 'libtiff5', 'pkgver': '4.1.0+git191117-2ubuntu0.20.04.9'},
    {'osver': '20.04', 'pkgname': 'libtiff5-dev', 'pkgver': '4.1.0+git191117-2ubuntu0.20.04.9'},
    {'osver': '20.04', 'pkgname': 'libtiffxx5', 'pkgver': '4.1.0+git191117-2ubuntu0.20.04.9'},
    {'osver': '22.04', 'pkgname': 'libtiff-dev', 'pkgver': '4.3.0-6ubuntu0.5'},
    {'osver': '22.04', 'pkgname': 'libtiff-opengl', 'pkgver': '4.3.0-6ubuntu0.5'},
    {'osver': '22.04', 'pkgname': 'libtiff-tools', 'pkgver': '4.3.0-6ubuntu0.5'},
    {'osver': '22.04', 'pkgname': 'libtiff5', 'pkgver': '4.3.0-6ubuntu0.5'},
    {'osver': '22.04', 'pkgname': 'libtiff5-dev', 'pkgver': '4.3.0-6ubuntu0.5'},
    {'osver': '22.04', 'pkgname': 'libtiffxx5', 'pkgver': '4.3.0-6ubuntu0.5'},
    {'osver': '23.04', 'pkgname': 'libtiff-dev', 'pkgver': '4.5.0-5ubuntu1.1'},
    {'osver': '23.04', 'pkgname': 'libtiff-opengl', 'pkgver': '4.5.0-5ubuntu1.1'},
    {'osver': '23.04', 'pkgname': 'libtiff-tools', 'pkgver': '4.5.0-5ubuntu1.1'},
    {'osver': '23.04', 'pkgname': 'libtiff5-dev', 'pkgver': '4.5.0-5ubuntu1.1'},
    {'osver': '23.04', 'pkgname': 'libtiff6', 'pkgver': '4.5.0-5ubuntu1.1'},
    {'osver': '23.04', 'pkgname': 'libtiffxx6', 'pkgver': '4.5.0-5ubuntu1.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff-dev / libtiff-opengl / libtiff-tools / libtiff5 / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:esm
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linux23.04cpe:/o:canonical:ubuntu_linux:23.04
canonicalubuntu_linuxlibtiff-devp-cpe:/a:canonical:ubuntu_linux:libtiff-dev
canonicalubuntu_linuxlibtiff-openglp-cpe:/a:canonical:ubuntu_linux:libtiff-opengl
canonicalubuntu_linuxlibtiff-toolsp-cpe:/a:canonical:ubuntu_linux:libtiff-tools
canonicalubuntu_linuxlibtiff4-devp-cpe:/a:canonical:ubuntu_linux:libtiff4-dev
canonicalubuntu_linuxlibtiff5p-cpe:/a:canonical:ubuntu_linux:libtiff5
Rows per page:
1-10 of 151

Related

openvas 37
ubuntu 2
osv 15
debian 2
nessus 46
mageia 2
cloudfoundry 1
oraclelinux 2
almalinux 2
photon 3
ibm 4
redhat 2
ubuntucve 9
prion 10
debiancve 10
redhatcve 10
cve 10
cbl_mariner 16
veracode 6
cnvd 2
rocky 1
redos 2
alpinelinux 2
amazon 3
openvas
openvas
Ubuntu: Security Advisory (USN-6290-1)
2023-08-16 00:00:00
Mageia: Security Advisory (MGASA-2023-0255)
2023-09-11 00:00:00
Debian: Security Advisory (DLA-3513-1)
2023-08-01 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2023-08-15 00:00:00
LibTIFF vulnerabilities
2023-07-13 00:00:00
osv
osv
tiff vulnerabilities
2023-08-15 21:02:25
tiff vulnerabilities
2023-07-13 17:32:04
tiff - security update
2023-07-31 00:00:00
debian
debian
[SECURITY] [DLA 3513-1] tiff security update
2023-07-31 23:56:45
[SECURITY] [DLA 3297-1] tiff security update
2023-01-30 21:45:55
nessus
nessus
Debian DLA-3513-1 : tiff - LTS security update
2023-08-01 00:00:00
SUSE SLES12 Security Update : tiff (SUSE-SU-2023:4371-1)
2023-11-07 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tiff (SUSE-SU-2023:4370-1)
2023-11-07 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2023-09-11 16:07:54
Updated libtiff packages fix security vulnerability
2023-02-07 03:06:39
cloudfoundry
cloudfoundry
USN-6229-1: LibTIFF vulnerabilities | Cloud Foundry
2023-08-10 00:00:00
oraclelinux
oraclelinux
libtiff security update
2023-11-11 00:00:00
libtiff security update
2023-06-29 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-11-07 00:00:00
Moderate: libtiff security update
2023-06-27 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0610
2023-07-07 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0044
2023-07-05 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0607
2023-07-04 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities in libtiff
2023-07-27 15:49:30
Security Bulletin: Multiple Vulnerabilities in IBM Datacap
2023-12-08 13:45:04
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Libtiff
2024-02-28 22:30:09
redhat
redhat
(RHSA-2023:6575) Moderate: libtiff security update
2023-11-07 06:08:53
(RHSA-2023:3827) Moderate: libtiff security update
2023-06-27 13:35:37
ubuntucve
ubuntucve
CVE-2023-38288
2023-07-31 00:00:00
CVE-2023-38289
2023-07-31 00:00:00
CVE-2023-25433
2023-06-29 00:00:00
prion
prion
Security feature bypass
2023-08-24 09:15:00
Security feature bypass
2023-08-24 09:15:00
Heap overflow
2023-06-29 20:15:00
debiancve
debiancve
CVE-2023-38288
2023-08-01 06:03:07
CVE-2023-38289
2023-08-24 09:15:00
CVE-2023-25433
2023-06-29 20:15:09
redhatcve
redhatcve
CVE-2023-25433
2023-07-10 15:20:56
CVE-2023-38289
2023-07-24 07:41:38
CVE-2023-38288
2023-07-24 07:16:17
cve
cve
CVE-2023-38289
2023-08-24 09:15:10
CVE-2023-38288
2023-08-24 09:15:10
CVE-2023-25433
2023-06-29 20:15:09
cbl_mariner
cbl_mariner
CVE-2023-38289 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2023-38288 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2023-25433 affecting package libtiff for versions less than 4.5.1-1
2023-08-03 02:51:21
veracode
veracode
Heap-based Buffer Overflow
2023-07-11 13:11:55
Heap-Based Buffer Overflow
2023-01-27 04:17:16
Buffer Overflow
2023-07-10 11:18:10
cnvd
cnvd
LibTIFF Buffer Overflow Vulnerability (CNVD-2023-29695)
2023-02-03 00:00:00
LibTIFF Denial of Service Vulnerability (CNVD-2023-43231)
2023-05-19 00:00:00
rocky
rocky
libtiff security update
2023-08-31 16:54:34
redos
redos
ROS-20230124-03
2023-01-24 00:00:00
ROS-20230908-06
2023-09-08 00:00:00
alpinelinux
alpinelinux
CVE-2022-48281
2023-01-23 03:15:00
CVE-2023-3316
2023-06-19 12:15:09
amazon
amazon
Medium: libtiff
2023-07-17 17:39:00
Medium: libtiff
2023-09-27 22:15:00
Medium: compat-libtiff3
2023-07-17 17:39:00
JSON
Related for UBUNTU_USN-6290-1.NASL
openvas37ubuntu2osv15debian2nessus46mageia2cloudfoundry1oraclelinux2almalinux2photon3ibm4redhat2ubuntucve9prion10debiancve10redhatcve10cve10cbl_mariner16veracode6cnvd2rocky1redos2alpinelinux2amazon3