{"id": "OPENVAS:870871", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for libtiff RHSA-2012:1590-01", "description": "Check for the Version of libtiff", "published": "2012-12-26T00:00:00", "modified": "2018-01-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870871", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012:1590-01", "https://www.redhat.com/archives/rhsa-announce/2012-December/msg00027.html"], "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "lastseen": "2018-01-02T10:57:06", "viewCount": 2, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2012-147"]}, {"type": "centos", "idList": ["CESA-2012:1590"]}, {"type": "cve", "idList": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2552-1:0E29C", "DEBIAN:DSA-2561-1:F7874", "DEBIAN:DSA-2575-1:AAB47", "DEBIAN:DSA-2589-1:FAE46"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-3401", "DEBIANCVE:CVE-2012-4447", "DEBIANCVE:CVE-2012-4564", "DEBIANCVE:CVE-2012-5581"]}, {"type": "fedora", "idList": ["FEDORA:6358C20F03", "FEDORA:7D3BF21339", "FEDORA:7E8DE20FF3", "FEDORA:9711620BDA", "FEDORA:C5348206A5", "FEDORA:CCD3B20910", "FEDORA:D99B1227A9", "FEDORA:E24572267F", "FEDORA:EB9A520F6A", "FEDORA:ED3E52141F", "FEDORA:EFC6120A0B"]}, {"type": "gentoo", "idList": ["GLSA-201209-02", "GLSA-201402-21"]}, {"type": "nessus", "idList": ["ALA_ALAS-2012-147.NASL", "BLACKBERRY_ES_TIFF_KB33425.NASL", "CENTOS_RHSA-2012-1590.NASL", "DEBIAN_DSA-2552.NASL", "DEBIAN_DSA-2561.NASL", "DEBIAN_DSA-2575.NASL", "DEBIAN_DSA-2589.NASL", "FEDORA_2012-10978.NASL", "FEDORA_2012-11000.NASL", "FEDORA_2012-20348.NASL", "FEDORA_2012-20404.NASL", "FEDORA_2012-20446.NASL", "GENTOO_GLSA-201209-02.NASL", "GENTOO_GLSA-201402-21.NASL", "MANDRIVA_MDVSA-2012-127.NASL", "MANDRIVA_MDVSA-2012-174.NASL", "MANDRIVA_MDVSA-2012-184.NASL", "MANDRIVA_MDVSA-2013-046.NASL", "OPENSUSE-2012-492.NASL", "OPENSUSE-2013-29.NASL", "ORACLELINUX_ELSA-2012-1590.NASL", "REDHAT-RHSA-2012-1590.NASL", "SLACKWARE_SSA_2013-290-01.NASL", "SL_20121218_LIBTIFF_ON_SL5_X.NASL", "SOLARIS10_119900.NASL", "SOLARIS10_X86_119901.NASL", "SOLARIS11_GIMP_20130521.NASL", "SOLARIS11_LIBTIFF_20131217.NASL", "SOLARIS11_LIBTIFF_20140617.NASL", "SOLARIS11_LIBTIFF_20141107.NASL", "SUSE_11_LIBTIFF-DEVEL-120719.NASL", "SUSE_11_LIBTIFF-DEVEL-130109.NASL", "SUSE_LIBTIFF-8230.NASL", "SUSE_LIBTIFF-8419.NASL", "UBUNTU_USN-1511-1.NASL", "UBUNTU_USN-1631-1.NASL", "UBUNTU_USN-1655-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120176", "OPENVAS:1361412562310121152", "OPENVAS:1361412562310123770", "OPENVAS:136141256231072419", "OPENVAS:136141256231072443", "OPENVAS:136141256231072532", "OPENVAS:136141256231072590", "OPENVAS:1361412562310831715", "OPENVAS:1361412562310831750", "OPENVAS:1361412562310831760", "OPENVAS:1361412562310841088", "OPENVAS:1361412562310841216", "OPENVAS:1361412562310841244", "OPENVAS:1361412562310864566", "OPENVAS:1361412562310864615", "OPENVAS:1361412562310864964", "OPENVAS:1361412562310864965", "OPENVAS:1361412562310865624", "OPENVAS:1361412562310865635", "OPENVAS:1361412562310866470", "OPENVAS:1361412562310866919", "OPENVAS:1361412562310867867", "OPENVAS:1361412562310867875", "OPENVAS:1361412562310870871", "OPENVAS:1361412562310881550", "OPENVAS:1361412562310881551", "OPENVAS:1361412562310892589", "OPENVAS:72419", "OPENVAS:72443", "OPENVAS:72532", "OPENVAS:72590", "OPENVAS:831715", "OPENVAS:831750", "OPENVAS:831760", "OPENVAS:841088", "OPENVAS:841216", "OPENVAS:841244", "OPENVAS:864566", "OPENVAS:864615", "OPENVAS:864964", "OPENVAS:864965", "OPENVAS:865624", "OPENVAS:865635", "OPENVAS:866470", "OPENVAS:866919", "OPENVAS:881550", "OPENVAS:881551", "OPENVAS:892589"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1590"]}, {"type": "osv", "idList": ["OSV:DSA-2552-1", "OSV:DSA-2561-1", "OSV:DSA-2575-1", "OSV:DSA-2589-1"]}, {"type": "redhat", "idList": ["RHSA-2012:1590"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28360", "SECURITYVULNS:DOC:28685", "SECURITYVULNS:DOC:28800", "SECURITYVULNS:VULN:12508", "SECURITYVULNS:VULN:12671", "SECURITYVULNS:VULN:12745"]}, {"type": "slackware", "idList": ["SSA-2013-290-01"]}, {"type": "ubuntu", "idList": ["USN-1511-1", "USN-1631-1", "USN-1655-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-3401", "UB:CVE-2012-4447", "UB:CVE-2012-4564", "UB:CVE-2012-5581"]}]}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2012-147"]}, {"type": "centos", "idList": ["CESA-2012:1590"]}, {"type": "cve", "idList": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2552-1:0E29C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-3401"]}, {"type": "fedora", "idList": ["FEDORA:D99B1227A9", "FEDORA:EB9A520F6A"]}, {"type": "gentoo", "idList": ["GLSA-201209-02", "GLSA-201402-21"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2575.NASL", "DEBIAN_DSA-2589.NASL", "SOLARIS10_X86_119901.NASL", "SOLARIS11_LIBTIFF_20131217.NASL", "UBUNTU_USN-1655-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841244", "OPENVAS:1361412562310864566", "OPENVAS:1361412562310881551", "OPENVAS:72419", "OPENVAS:841244"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1590"]}, {"type": "redhat", "idList": ["RHSA-2012:1590"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12508"]}, {"type": "slackware", "idList": ["SSA-2013-290-01"]}, {"type": "ubuntu", "idList": ["USN-1655-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-5581"]}]}, "exploitation": null, "vulnersScore": 0.3}, "pluginID": "870871", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtiff RHSA-2012:1590-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n A heap-based buffer overflow flaw was found in the way libtiff processed\n certain TIFF images using the Pixar Log Format encoding. An attacker could\n create a specially-crafted TIFF file that, when opened, could cause an\n application using libtiff to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-4447)\n\n A stack-based buffer overflow flaw was found in the way libtiff handled\n DOTRANGE tags. An attacker could use this flaw to create a\n specially-crafted TIFF file that, when opened, would cause an application\n linked against libtiff to crash or, possibly, execute arbitrary code.\n (CVE-2012-5581)\n\n A heap-based buffer overflow flaw was found in the tiff2pdf tool. An\n attacker could use this flaw to create a specially-crafted TIFF file that\n would cause tiff2pdf to crash or, possibly, execute arbitrary code.\n (CVE-2012-3401)\n\n A missing return value check flaw, leading to a heap-based buffer overflow,\n was found in the ppm2tiff tool. An attacker could use this flaw to create a\n specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff\n to crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n\n The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered\n by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\n All libtiff users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. All running applications linked\n against libtiff must be restarted for this update to take effect.\";\n\ntag_affected = \"libtiff on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-December/msg00027.html\");\n script_id(870871);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:04:41 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:1590-01\");\n script_name(\"RedHat Update for libtiff RHSA-2012:1590-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~9.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.9.4~9.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.4~9.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~18.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.8.2~18.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~18.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659988328, "score": 1659990670}, "_internal": {"score_hash": "3722e2739bbac239515ed77a8b21a759"}}
{"nessus": [{"lastseen": "2023-01-11T14:58:08", "description": "A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : libtiff (ALAS-2012-147)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libtiff", "p-cpe:/a:amazon:linux:libtiff-debuginfo", "p-cpe:/a:amazon:linux:libtiff-devel", "p-cpe:/a:amazon:linux:libtiff-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-147.NASL", "href": "https://www.tenable.com/plugins/nessus/69637", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-147.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69637);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_xref(name:\"ALAS\", value:\"2012-147\");\n script_xref(name:\"RHSA\", value:\"2012:1590\");\n\n script_name(english:\"Amazon Linux AMI : libtiff (ALAS-2012-147)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in the way libtiff\nprocessed certain TIFF images using the Pixar Log Format encoding. An\nattacker could create a specially crafted TIFF file that, when opened,\ncould cause an application using libtiff to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff\nhandled DOTRANGE tags. An attacker could use this flaw to create a\nspecially crafted TIFF file that, when opened, would cause an\napplication linked against libtiff to crash or, possibly, execute\narbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An\nattacker could use this flaw to create a specially crafted TIFF file\nthat would cause tiff2pdf to crash or, possibly, execute arbitrary\ncode. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer\noverflow, was found in the ppm2tiff tool. An attacker could use this\nflaw to create a specially crafted PPM (Portable Pixel Map) file that\nwould cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-147.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libtiff' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libtiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libtiff-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libtiff-3.9.4-9.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libtiff-debuginfo-3.9.4-9.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libtiff-devel-3.9.4-9.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libtiff-static-3.9.4-9.11.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-debuginfo / libtiff-devel / libtiff-static\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:26", "description": "Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\n\nThe CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nAll libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-12-19T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : libtiff (RHSA-2012:1590)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libtiff", "p-cpe:/a:redhat:enterprise_linux:libtiff-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libtiff-devel", "p-cpe:/a:redhat:enterprise_linux:libtiff-static", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1590.NASL", "href": "https://www.tenable.com/plugins/nessus/63293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1590. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63293);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_bugtraq_id(54601, 55673, 56372, 56715);\n script_xref(name:\"RHSA\", value:\"2012:1590\");\n\n script_name(english:\"RHEL 5 / 6 : libtiff (RHSA-2012:1590)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtiff packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff\nprocessed certain TIFF images using the Pixar Log Format encoding. An\nattacker could create a specially crafted TIFF file that, when opened,\ncould cause an application using libtiff to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff\nhandled DOTRANGE tags. An attacker could use this flaw to create a\nspecially crafted TIFF file that, when opened, would cause an\napplication linked against libtiff to crash or, possibly, execute\narbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An\nattacker could use this flaw to create a specially crafted TIFF file\nthat would cause tiff2pdf to crash or, possibly, execute arbitrary\ncode. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer\noverflow, was found in the ppm2tiff tool. An attacker could use this\nflaw to create a specially crafted PPM (Portable Pixel Map) file that\nwould cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\n\nThe CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were\ndiscovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nAll libtiff users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. All running\napplications linked against libtiff must be restarted for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5581\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1590\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libtiff-3.8.2-18.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libtiff-debuginfo-3.8.2-18.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libtiff-devel-3.8.2-18.el5_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"libtiff-3.9.4-9.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libtiff-debuginfo-3.9.4-9.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libtiff-devel-3.9.4-9.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libtiff-static-3.9.4-9.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libtiff-static-3.9.4-9.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtiff-static-3.9.4-9.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-debuginfo / libtiff-devel / libtiff-static\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:34", "description": "- Update to libtiff 3.9.7 (includes previously-added security fixes)\n\n - Add patches for CVE-2012-4447, CVE-2012-4564, CVE-2012-5581\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-12-31T00:00:00", "type": "nessus", "title": "Fedora 16 : libtiff-3.9.7-1.fc16 (2012-20404)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-20404.NASL", "href": "https://www.tenable.com/plugins/nessus/63362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20404.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63362);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_bugtraq_id(54601, 55673, 56372, 56715);\n script_xref(name:\"FEDORA\", value:\"2012-20404\");\n\n script_name(english:\"Fedora 16 : libtiff-3.9.7-1.fc16 (2012-20404)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to libtiff 3.9.7 (includes previously-added\n security fixes)\n\n - Add patches for CVE-2012-4447, CVE-2012-4564,\n CVE-2012-5581\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=837577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=860198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=867235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=871700\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/095208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f8ec94a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"libtiff-3.9.7-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:35", "description": "A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\n\nAll running applications linked against libtiff must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-12-20T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20121218)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libtiff", "p-cpe:/a:fermilab:scientific_linux:libtiff-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libtiff-devel", "p-cpe:/a:fermilab:scientific_linux:libtiff-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20121218_LIBTIFF_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/63314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63314);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n\n script_name(english:\"Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20121218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in the way libtiff\nprocessed certain TIFF images using the Pixar Log Format encoding. An\nattacker could create a specially crafted TIFF file that, when opened,\ncould cause an application using libtiff to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff\nhandled DOTRANGE tags. An attacker could use this flaw to create a\nspecially crafted TIFF file that, when opened, would cause an\napplication linked against libtiff to crash or, possibly, execute\narbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An\nattacker could use this flaw to create a specially crafted TIFF file\nthat would cause tiff2pdf to crash or, possibly, execute arbitrary\ncode. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer\noverflow, was found in the ppm2tiff tool. An attacker could use this\nflaw to create a specially crafted PPM (Portable Pixel Map) file that\nwould cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\n\nAll running applications linked against libtiff must be restarted for\nthis update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1212&L=scientific-linux-errata&T=0&P=1304\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8043693b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libtiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libtiff-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libtiff-3.8.2-18.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libtiff-debuginfo-3.8.2-18.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libtiff-devel-3.8.2-18.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"libtiff-3.9.4-9.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libtiff-debuginfo-3.9.4-9.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libtiff-devel-3.9.4-9.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libtiff-static-3.9.4-9.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-debuginfo / libtiff-devel / libtiff-static\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:39", "description": "- Update to libtiff 3.9.7 (includes previously-added security fixes)\n\n - Add patches for CVE-2012-4447, CVE-2012-4564, CVE-2012-5581\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-12-31T00:00:00", "type": "nessus", "title": "Fedora 17 : libtiff-3.9.7-1.fc17 (2012-20446)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-20446.NASL", "href": "https://www.tenable.com/plugins/nessus/63363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20446.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63363);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_bugtraq_id(54601, 55673, 56372, 56715);\n script_xref(name:\"FEDORA\", value:\"2012-20446\");\n\n script_name(english:\"Fedora 17 : libtiff-3.9.7-1.fc17 (2012-20446)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to libtiff 3.9.7 (includes previously-added\n security fixes)\n\n - Add patches for CVE-2012-4447, CVE-2012-4564,\n CVE-2012-5581\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=837577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=860198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=867235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=871700\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/095214.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb2e235a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"libtiff-3.9.7-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:55", "description": "From Red Hat Security Advisory 2012:1590 :\n\nUpdated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\n\nThe CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nAll libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : libtiff (ELSA-2012-1590)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libtiff", "p-cpe:/a:oracle:linux:libtiff-devel", "p-cpe:/a:oracle:linux:libtiff-static", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-1590.NASL", "href": "https://www.tenable.com/plugins/nessus/68667", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1590 and \n# Oracle Linux Security Advisory ELSA-2012-1590 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68667);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_bugtraq_id(54601, 55673, 56372, 56715);\n script_xref(name:\"RHSA\", value:\"2012:1590\");\n\n script_name(english:\"Oracle Linux 5 / 6 : libtiff (ELSA-2012-1590)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1590 :\n\nUpdated libtiff packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff\nprocessed certain TIFF images using the Pixar Log Format encoding. An\nattacker could create a specially crafted TIFF file that, when opened,\ncould cause an application using libtiff to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff\nhandled DOTRANGE tags. An attacker could use this flaw to create a\nspecially crafted TIFF file that, when opened, would cause an\napplication linked against libtiff to crash or, possibly, execute\narbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An\nattacker could use this flaw to create a specially crafted TIFF file\nthat would cause tiff2pdf to crash or, possibly, execute arbitrary\ncode. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer\noverflow, was found in the ppm2tiff tool. An attacker could use this\nflaw to create a specially crafted PPM (Portable Pixel Map) file that\nwould cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\n\nThe CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were\ndiscovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nAll libtiff users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. All running\napplications linked against libtiff must be restarted for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-December/003171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-December/003172.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtiff-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libtiff-3.8.2-18.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libtiff-devel-3.8.2-18.el5_8\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"libtiff-3.9.4-9.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libtiff-devel-3.9.4-9.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libtiff-static-3.9.4-9.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-devel / libtiff-static\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:41:58", "description": "Add upstream patches for CVE-2012-4447, CVE-2012-4564 (note:\nCVE-2012-5581 is already fixed in 4.0.3)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-14T00:00:00", "type": "nessus", "title": "Fedora 18 : libtiff-4.0.3-2.fc18 (2012-20348)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2012-20348.NASL", "href": "https://www.tenable.com/plugins/nessus/63493", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20348.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63493);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_bugtraq_id(54601, 55673, 56372, 56715);\n script_xref(name:\"FEDORA\", value:\"2012-20348\");\n\n script_name(english:\"Fedora 18 : libtiff-4.0.3-2.fc18 (2012-20348)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add upstream patches for CVE-2012-4447, CVE-2012-4564 (note:\nCVE-2012-5581 is already fixed in 4.0.3)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=837577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=860198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=867235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=871700\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/095947.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?465bf155\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libtiff-4.0.3-2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:31", "description": "Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\n\nThe CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nAll libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-12-20T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : libtiff (CESA-2012:1590)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libtiff", "p-cpe:/a:centos:centos:libtiff-devel", "p-cpe:/a:centos:centos:libtiff-static", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-1590.NASL", "href": "https://www.tenable.com/plugins/nessus/63306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1590 and \n# CentOS Errata and Security Advisory 2012:1590 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63306);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_bugtraq_id(54601, 55673, 56372, 56715);\n script_xref(name:\"RHSA\", value:\"2012:1590\");\n\n script_name(english:\"CentOS 5 / 6 : libtiff (CESA-2012:1590)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtiff packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libtiff packages contain a library of functions for manipulating\nTagged Image File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff\nprocessed certain TIFF images using the Pixar Log Format encoding. An\nattacker could create a specially crafted TIFF file that, when opened,\ncould cause an application using libtiff to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff\nhandled DOTRANGE tags. An attacker could use this flaw to create a\nspecially crafted TIFF file that, when opened, would cause an\napplication linked against libtiff to crash or, possibly, execute\narbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An\nattacker could use this flaw to create a specially crafted TIFF file\nthat would cause tiff2pdf to crash or, possibly, execute arbitrary\ncode. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer\noverflow, was found in the ppm2tiff tool. An attacker could use this\nflaw to create a specially crafted PPM (Portable Pixel Map) file that\nwould cause ppm2tiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-4564)\n\nThe CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were\ndiscovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nAll libtiff users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. All running\napplications linked against libtiff must be restarted for this update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-December/019037.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4b7a077\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-December/019038.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0de3207\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3401\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libtiff-3.8.2-18.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libtiff-devel-3.8.2-18.el5_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"libtiff-3.9.4-9.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtiff-devel-3.9.4-9.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtiff-static-3.9.4-9.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff / libtiff-devel / libtiff-static\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:47", "description": "Various memory corruption vulnerabilities have been fixed in libtiff.\nCVE-2012-4447 / CVE-2012-4564 / CVE-2012-5581 have been assigned to these issues.", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : libtiff (ZYPP Patch Number 8419)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBTIFF-8419.NASL", "href": "https://www.tenable.com/plugins/nessus/64093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64093);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n\n script_name(english:\"SuSE 10 Security Update : libtiff (ZYPP Patch Number 8419)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various memory corruption vulnerabilities have been fixed in libtiff.\nCVE-2012-4447 / CVE-2012-4564 / CVE-2012-5581 have been assigned to\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4564.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5581.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8419.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libtiff-3.8.2-5.32.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libtiff-devel-3.8.2-5.32.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"tiff-3.8.2-5.32.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libtiff-3.8.2-5.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libtiff-devel-3.8.2-5.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"tiff-3.8.2-5.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.32.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.8.2-5.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:39:28", "description": "Various memory corruption vulnerabilities have been fixed in libtiff.\nCVE-2012-4447 / CVE-2012-4564 / CVE-2012-5581 have been assigned to these issues.", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : libtiff (SAT Patch Number 7216)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libtiff3", "p-cpe:/a:novell:suse_linux:11:libtiff3-32bit", "p-cpe:/a:novell:suse_linux:11:tiff", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBTIFF-DEVEL-130109.NASL", "href": "https://www.tenable.com/plugins/nessus/64199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64199);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n\n script_name(english:\"SuSE 11.2 Security Update : libtiff (SAT Patch Number 7216)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various memory corruption vulnerabilities have been fixed in libtiff.\nCVE-2012-4447 / CVE-2012-4564 / CVE-2012-5581 have been assigned to\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=781995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=787892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=788741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4564.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5581.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7216.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtiff3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libtiff3-3.8.2-141.150.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libtiff3-3.8.2-141.150.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.150.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libtiff3-3.8.2-141.150.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tiff-3.8.2-141.150.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libtiff3-32bit-3.8.2-141.150.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.150.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:31:38", "description": "This update of tiff fixed a heap-based buffer overflow vulnerability and an integer overflow issue.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tiff (openSUSE-2013-29)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit", "p-cpe:/a:novell:opensuse:libtiff3", "p-cpe:/a:novell:opensuse:libtiff3-32bit", "p-cpe:/a:novell:opensuse:libtiff3-debuginfo", "p-cpe:/a:novell:opensuse:libtiff3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtiff5", "p-cpe:/a:novell:opensuse:libtiff5-32bit", "p-cpe:/a:novell:opensuse:libtiff5-debuginfo", "p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:tiff", "p-cpe:/a:novell:opensuse:tiff-debuginfo", "p-cpe:/a:novell:opensuse:tiff-debugsource", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-29.NASL", "href": "https://www.tenable.com/plugins/nessus/74956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-29.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74956);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n\n script_name(english:\"openSUSE Security Update : tiff (openSUSE-2013-29)\");\n script_summary(english:\"Check for the openSUSE-2013-29 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tiff fixed a heap-based buffer overflow vulnerability\nand an integer overflow issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=781995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=787892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791607\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtiff-devel-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtiff3-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtiff3-debuginfo-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tiff-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tiff-debuginfo-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tiff-debugsource-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libtiff3-32bit-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libtiff3-debuginfo-32bit-3.9.5-8.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libtiff-devel-4.0.2-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libtiff5-4.0.2-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libtiff5-debuginfo-4.0.2-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tiff-4.0.2-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tiff-debuginfo-4.0.2-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tiff-debugsource-4.0.2-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-4.0.2-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.2-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.2-1.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel / libtiff-devel-32bit / libtiff3 / libtiff3-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:35", "description": "Updated libtiff packages fix security vulnerabilities :\n\nlibtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code (CVE-2012-2088).\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113).\n\nHuzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges (CVE-2012-3401).\n\nIt was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code (CVE-2012-4447).\n\nppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow (CVE-2012-4564).\n\nIt was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges (CVE-2012-5581).", "cvss3": {}, "published": "2013-04-20T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libtiff (MDVSA-2013:046)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64tiff-devel", "p-cpe:/a:mandriva:linux:lib64tiff-static-devel", "p-cpe:/a:mandriva:linux:lib64tiff5", "p-cpe:/a:mandriva:linux:libtiff-progs", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-046.NASL", "href": "https://www.tenable.com/plugins/nessus/66060", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66060);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_bugtraq_id(54076, 54270, 54601, 55673, 56372, 56715);\n script_xref(name:\"MDVSA\", value:\"2013:046\");\n script_xref(name:\"MGASA\", value:\"2012-0137\");\n script_xref(name:\"MGASA\", value:\"2012-0181\");\n script_xref(name:\"MGASA\", value:\"2012-0317\");\n script_xref(name:\"MGASA\", value:\"2012-0332\");\n script_xref(name:\"MGASA\", value:\"2012-0355\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtiff (MDVSA-2013:046)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtiff packages fix security vulnerabilities :\n\nlibtiff did not properly convert between signed and unsigned integer\nvalues, leading to a buffer overflow. An attacker could use this flaw\nto create a specially crafted TIFF file that, when opened, would cause\nan application linked against libtiff to crash or, possibly, execute\narbitrary code (CVE-2012-2088).\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the tiff2pdf tool. An attacker could use\nthese flaws to create a specially crafted TIFF file that would cause\ntiff2pdf to crash or, possibly, execute arbitrary code\n(CVE-2012-2113).\n\nHuzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly\nhandled certain malformed TIFF images. If a user or automated system\nwere tricked into opening a specially crafted TIFF image, a remote\nattacker could crash the application, leading to a denial of service,\nor possibly execute arbitrary code with user privileges\n(CVE-2012-3401).\n\nIt was discovered that a buffer overflow in libtiff's parsing of files\nusing PixarLog compression could lead to the execution of arbitrary\ncode (CVE-2012-4447).\n\nppm2tiff does not check the return value of the TIFFScanlineSize\nfunction, which allows remote attackers to cause a denial of service\n(crash) and possibly execute arbitrary code via a crafted PPM image\nthat triggers an integer overflow, a zero-memory allocation, and a\nheap-based buffer overflow (CVE-2012-4564).\n\nIt was discovered that LibTIFF incorrectly handled certain malformed\nimages using the DOTRANGE tag. If a user or automated system were\ntricked into opening a specially crafted TIFF image, a remote attacker\ncould crash the application, leading to a denial of service, or\npossibly execute arbitrary code with user privileges (CVE-2012-5581).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64tiff-devel-4.0.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64tiff-static-devel-4.0.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64tiff5-4.0.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"libtiff-progs-4.0.1-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:33", "description": "Multiple vulnerabilities was found and corrected in libtiff :\n\nHeap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format (CVE-2012-4447).\n\nppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow (CVE-2012-4564).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libtiff (MDVSA-2012:174)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64tiff-devel", "p-cpe:/a:mandriva:linux:lib64tiff-static-devel", "p-cpe:/a:mandriva:linux:lib64tiff3", "p-cpe:/a:mandriva:linux:libtiff-devel", "p-cpe:/a:mandriva:linux:libtiff-progs", "p-cpe:/a:mandriva:linux:libtiff-static-devel", "p-cpe:/a:mandriva:linux:libtiff3", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-174.NASL", "href": "https://www.tenable.com/plugins/nessus/63017", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:174. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63017);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\");\n script_bugtraq_id(55673, 56372);\n script_xref(name:\"MDVSA\", value:\"2012:174\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtiff (MDVSA-2012:174)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was found and corrected in libtiff :\n\nHeap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3\nallows remote attackers to cause a denial of service (application\ncrash) and possibly execute arbitrary code via a crafted TIFF image\nusing the PixarLog Compression format (CVE-2012-4447).\n\nppm2tiff does not check the return value of the TIFFScanlineSize\nfunction, which allows remote attackers to cause a denial of service\n(crash) and possibly execute arbitrary code via a crafted PPM image\nthat triggers an integer overflow, a zero-memory allocation, and a\nheap-based buffer overflow (CVE-2012-4564).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff-devel-3.9.5-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff-static-devel-3.9.5-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff3-3.9.5-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff-devel-3.9.5-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libtiff-progs-3.9.5-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff-static-devel-3.9.5-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff3-3.9.5-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:38", "description": "It was discovered that LibTIFF incorrectly handled certain malformed images using the PixarLog compression format. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.\n(CVE-2012-4447)\n\nHuzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly handled certain malformed PPM images. If a user or automated system were tricked into opening a specially crafted PPM image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.\n(CVE-2012-4564).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-11-16T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tiff vulnerabilities (USN-1631-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtiff4", "p-cpe:/a:canonical:ubuntu_linux:libtiff5", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1631-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1631-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62936);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\");\n script_bugtraq_id(55673, 56372);\n script_xref(name:\"USN\", value:\"1631-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tiff vulnerabilities (USN-1631-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that LibTIFF incorrectly handled certain malformed\nimages using the PixarLog compression format. If a user or automated\nsystem were tricked into opening a specially crafted TIFF image, a\nremote attacker could crash the application, leading to a denial of\nservice, or possibly execute arbitrary code with user privileges.\n(CVE-2012-4447)\n\nHuzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly\nhandled certain malformed PPM images. If a user or automated system\nwere tricked into opening a specially crafted PPM image, a remote\nattacker could crash the application, leading to a denial of service,\nor possibly execute arbitrary code with user privileges.\n(CVE-2012-4564).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1631-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff4 and / or libtiff5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff4\", pkgver:\"3.8.2-7ubuntu3.14\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtiff4\", pkgver:\"3.9.2-2ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtiff4\", pkgver:\"3.9.5-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtiff4\", pkgver:\"3.9.5-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libtiff5\", pkgver:\"4.0.2-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff4 / libtiff5\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:41", "description": "Fix security bug in tiff2pdf, CVE-2012-3401\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "nessus", "title": "Fedora 16 : libtiff-3.9.6-2.fc16 (2012-10978)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-10978.NASL", "href": "https://www.tenable.com/plugins/nessus/61466", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-10978.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61466);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3401\");\n script_bugtraq_id(54601);\n script_xref(name:\"FEDORA\", value:\"2012-10978\");\n\n script_name(english:\"Fedora 16 : libtiff-3.9.6-2.fc16 (2012-10978)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix security bug in tiff2pdf, CVE-2012-3401\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=837577\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/084824.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c49db766\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"libtiff-3.9.6-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:55", "description": "Fix security bug in tiff2pdf, CVE-2012-3401\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-07-27T00:00:00", "type": "nessus", "title": "Fedora 17 : libtiff-3.9.6-2.fc17 (2012-11000)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtiff", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-11000.NASL", "href": "https://www.tenable.com/plugins/nessus/60133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-11000.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60133);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3401\");\n script_bugtraq_id(54601);\n script_xref(name:\"FEDORA\", value:\"2012-11000\");\n\n script_name(english:\"Fedora 17 : libtiff-3.9.6-2.fc17 (2012-11000)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix security bug in tiff2pdf, CVE-2012-3401\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=837577\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/084219.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d858177f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"libtiff-3.9.6-2.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:55", "description": "Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-07-20T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerability (USN-1511-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtiff-tools", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1511-1.NASL", "href": "https://www.tenable.com/plugins/nessus/60078", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1511-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60078);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-3401\");\n script_xref(name:\"USN\", value:\"1511-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerability (USN-1511-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly\nhandled certain malformed TIFF images. If a user or automated system\nwere tricked into opening a specially crafted TIFF image, a remote\nattacker could crash the application, leading to a denial of service,\nor possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1511-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff-tools\", pkgver:\"3.8.2-7ubuntu3.13\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtiff-tools\", pkgver:\"3.9.2-2ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libtiff-tools\", pkgver:\"3.9.4-5ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtiff-tools\", pkgver:\"3.9.5-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtiff-tools\", pkgver:\"3.9.5-2ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-tools\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:26:22", "description": "This update of tiff fixes a heap-based buffer overflow that could have caused a crash or potentially allowed attackers to execute arbitrary code. (CVE-2012-3401)", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : libtiff (ZYPP Patch Number 8230)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBTIFF-8230.NASL", "href": "https://www.tenable.com/plugins/nessus/60152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60152);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3401\");\n\n script_name(english:\"SuSE 10 Security Update : libtiff (ZYPP Patch Number 8230)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tiff fixes a heap-based buffer overflow that could have\ncaused a crash or potentially allowed attackers to execute arbitrary\ncode. (CVE-2012-3401)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3401.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8230.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libtiff-3.8.2-5.30.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libtiff-devel-3.8.2-5.30.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"tiff-3.8.2-5.30.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.30.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libtiff-3.8.2-5.30.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libtiff-devel-3.8.2-5.30.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"tiff-3.8.2-5.30.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libtiff-32bit-3.8.2-5.30.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.8.2-5.30.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:30:26", "description": "A vulnerability was found and corrected in libtiff :\n\nA heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf (application requesting the conversion) as one of parameters for the routine performing the write.\nA remote attacker could provide a specially crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary (CVE-2012-3401).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2012-09-06T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libtiff (MDVSA-2012:127)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64tiff-devel", "p-cpe:/a:mandriva:linux:lib64tiff-static-devel", "p-cpe:/a:mandriva:linux:lib64tiff3", "p-cpe:/a:mandriva:linux:libtiff-devel", "p-cpe:/a:mandriva:linux:libtiff-progs", "p-cpe:/a:mandriva:linux:libtiff-static-devel", "p-cpe:/a:mandriva:linux:libtiff3", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-127.NASL", "href": "https://www.tenable.com/plugins/nessus/61976", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:127. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61976);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-3401\");\n script_bugtraq_id(54601);\n script_xref(name:\"MDVSA\", value:\"2012:127\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtiff (MDVSA-2012:127)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found and corrected in libtiff :\n\nA heap-based buffer overflow flaw was found in the way tiff2pdf, a\nTIFF image to a PDF document conversion tool, of libtiff, a library of\nfunctions for manipulating TIFF (Tagged Image File Format) image\nformat files, performed write of TIFF image content into particular\nPDF document file, when not properly initialized T2P context struct\npointer has been provided by tiff2pdf (application requesting the\nconversion) as one of parameters for the routine performing the write.\nA remote attacker could provide a specially crafted TIFF image format\nfile, that when processed by tiff2pdf would lead to tiff2pdf\nexecutable crash or, potentially, arbitrary code execution with the\nprivileges of the user running the tiff2pdf binary (CVE-2012-3401).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff-devel-3.9.5-1.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff-static-devel-3.9.5-1.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff3-3.9.5-1.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff-devel-3.9.5-1.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libtiff-progs-3.9.5-1.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff-static-devel-3.9.5-1.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff3-3.9.5-1.3-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:45", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.\n (CVE-2012-3401)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_3401_denial_of)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:libtiff"], "id": "SOLARIS11_LIBTIFF_20141107.NASL", "href": "https://www.tenable.com/plugins/nessus/80685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80685);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3401\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_3401_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The t2p_read_tiff_init function in tiff2pdf\n (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not\n properly initialize the T2P context struct pointer in\n certain error conditions, which allows context-dependent\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via a crafted TIFF image\n that triggers a heap-based buffer overflow.\n (CVE-2012-3401)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2012-3401-denial-of-service-vulnerability-in-libtiff\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 12.4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libtiff\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libtiff$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.12.0.4.0\", sru:\"SRU 12.4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libtiff\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libtiff\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:20", "description": "This update of tiff fixes a heap-based buffer overflow that could have caused a crash or potentially allowed attackers to execute arbitrary code. (CVE-2012-3401)", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libtiff (SAT Patch Number 6579)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libtiff3", "p-cpe:/a:novell:suse_linux:11:libtiff3-32bit", "p-cpe:/a:novell:suse_linux:11:tiff", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBTIFF-DEVEL-120719.NASL", "href": "https://www.tenable.com/plugins/nessus/64198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64198);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3401\");\n\n script_name(english:\"SuSE 11.1 Security Update : libtiff (SAT Patch Number 6579)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tiff fixes a heap-based buffer overflow that could have\ncaused a crash or potentially allowed attackers to execute arbitrary\ncode. (CVE-2012-3401)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=770816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3401.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6579.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtiff3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libtiff3-3.8.2-141.148.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtiff3-3.8.2-141.148.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.148.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libtiff3-3.8.2-141.148.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tiff-3.8.2-141.148.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libtiff3-32bit-3.8.2-141.148.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.148.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:33:43", "description": "The following issues was fixed in tiff :\n\n - a overflow in tiff2pdf (CVE-2012-3401) [bnc#770816]", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tiff (openSUSE-SU-2012:0955-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit", "p-cpe:/a:novell:opensuse:libtiff3", "p-cpe:/a:novell:opensuse:libtiff3-32bit", "p-cpe:/a:novell:opensuse:libtiff3-debuginfo", "p-cpe:/a:novell:opensuse:libtiff3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:tiff", "p-cpe:/a:novell:opensuse:tiff-debuginfo", "p-cpe:/a:novell:opensuse:tiff-debugsource", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-492.NASL", "href": "https://www.tenable.com/plugins/nessus/74701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-492.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74701);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3401\");\n\n script_name(english:\"openSUSE Security Update : tiff (openSUSE-SU-2012:0955-1)\");\n script_summary(english:\"Check for the openSUSE-2012-492 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues was fixed in tiff :\n\n - a overflow in tiff2pdf (CVE-2012-3401) [bnc#770816]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=770816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtiff-devel-3.9.5-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtiff3-3.9.5-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtiff3-debuginfo-3.9.5-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tiff-3.9.5-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tiff-debuginfo-3.9.5-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tiff-debugsource-3.9.5-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-3.9.5-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libtiff3-32bit-3.9.5-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libtiff3-debuginfo-32bit-3.9.5-8.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel / libtiff-devel-32bit / libtiff3 / libtiff3-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:11", "description": "It was discovered that ppm2tiff of the TIFF tools, a set of utilities for TIFF manipulation and conversion, is not properly checking the return value of an internal function used in order to detect integer overflows. As a consequence, ppm2tiff suffers of a heap-based buffer overflow. This allows attacker to potentially execute arbitrary code via a crafted PPM image, especially in scenarios in which images are automatically processed.", "cvss3": {}, "published": "2012-11-19T00:00:00", "type": "nessus", "title": "Debian DSA-2575-1 : tiff - heap-based buffer overflow", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4564"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tiff", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2575.NASL", "href": "https://www.tenable.com/plugins/nessus/62949", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2575. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62949);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4564\");\n script_bugtraq_id(56372);\n script_xref(name:\"DSA\", value:\"2575\");\n\n script_name(english:\"Debian DSA-2575-1 : tiff - heap-based buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ppm2tiff of the TIFF tools, a set of utilities\nfor TIFF manipulation and conversion, is not properly checking the\nreturn value of an internal function used in order to detect integer\noverflows. As a consequence, ppm2tiff suffers of a heap-based buffer\noverflow. This allows attacker to potentially execute arbitrary code\nvia a crafted PPM image, especially in scenarios in which images are\nautomatically processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2575\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tiff packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-doc\", reference:\"3.9.4-5+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-opengl\", reference:\"3.9.4-5+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-tools\", reference:\"3.9.4-5+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4\", reference:\"3.9.4-5+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4-dev\", reference:\"3.9.4-5+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiffxx0c2\", reference:\"3.9.4-5+squeeze7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:14", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. (CVE-2012-4564)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : gimp (cve_2012_4564_design_error)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4564"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:gimp"], "id": "SOLARIS11_GIMP_20130521.NASL", "href": "https://www.tenable.com/plugins/nessus/80623", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80623);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4564\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : gimp (cve_2012_4564_design_error)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - ppm2tiff does not check the return value of the\n TIFFScanlineSize function, which allows remote attackers\n to cause a denial of service (crash) and possibly\n execute arbitrary code via a crafted PPM image that\n triggers an integer overflow, a zero-memory allocation,\n and a heap-based buffer overflow. (CVE-2012-4564)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2012-4564-design-error-vulnerability-in-gimp\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.7.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:gimp\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^gimp$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.7.0.5.0\", sru:\"SRU 11.1.7.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : gimp\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"gimp\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:20", "description": "The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code.", "cvss3": {}, "published": "2012-12-17T00:00:00", "type": "nessus", "title": "Debian DSA-2589-1 : tiff - buffer overflow", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tiff", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2589.NASL", "href": "https://www.tenable.com/plugins/nessus/63273", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2589. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63273);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5581\");\n script_bugtraq_id(56715);\n script_xref(name:\"DSA\", value:\"2589\");\n\n script_name(english:\"Debian DSA-2589-1 : tiff - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The tiff library for handling TIFF image files contained a stack-based\nbuffer overflow, potentially allowing attackers who can submit such\nfiles to a vulnerable system to execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2589\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tiff packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-doc\", reference:\"3.9.4-5+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-opengl\", reference:\"3.9.4-5+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-tools\", reference:\"3.9.4-5+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4\", reference:\"3.9.4-5+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4-dev\", reference:\"3.9.4-5+squeeze8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiffxx0c2\", reference:\"3.9.4-5+squeeze8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:38", "description": "It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-12-06T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS : tiff vulnerability (USN-1655-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtiff4", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1655-1.NASL", "href": "https://www.tenable.com/plugins/nessus/63164", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1655-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63164);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-5581\");\n script_bugtraq_id(56715);\n script_xref(name:\"USN\", value:\"1655-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS : tiff vulnerability (USN-1655-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that LibTIFF incorrectly handled certain malformed\nimages using the DOTRANGE tag. If a user or automated system were\ntricked into opening a specially crafted TIFF image, a remote attacker\ncould crash the application, leading to a denial of service, or\npossibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1655-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtiff4\", pkgver:\"3.8.2-7ubuntu3.16\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtiff4\", pkgver:\"3.9.2-2ubuntu0.12\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtiff4\", pkgver:\"3.9.5-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtiff4\", pkgver:\"3.9.5-2ubuntu1.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:44", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.\n (CVE-2012-5581)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_5581_denial_of)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:libtiff"], "id": "SOLARIS11_LIBTIFF_20140617.NASL", "href": "https://www.tenable.com/plugins/nessus/80683", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80683);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-5581\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_5581_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Stack-based buffer overflow in tif_dir.c in LibTIFF\n before 4.0.2 allows remote attackers to cause a denial\n of service (crash) and possibly execute arbitrary code\n via a crafted DOTRANGE tag in a TIFF image.\n (CVE-2012-5581)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2012-5581-denial-of-service-vulnerability-in-libtiff\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.10.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libtiff\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libtiff$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.10.0.5.0\", sru:\"SRU 11.1.10.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libtiff\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libtiff\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:28", "description": "A vulnerability was found and corrected in libtiff :\n\nA stack-based buffer overflow was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code (CVE-2012-5581).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2012-12-28T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libtiff (MDVSA-2012:184)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64tiff-devel", "p-cpe:/a:mandriva:linux:lib64tiff-static-devel", "p-cpe:/a:mandriva:linux:lib64tiff3", "p-cpe:/a:mandriva:linux:libtiff-devel", "p-cpe:/a:mandriva:linux:libtiff-progs", "p-cpe:/a:mandriva:linux:libtiff-static-devel", "p-cpe:/a:mandriva:linux:libtiff3", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-184.NASL", "href": "https://www.tenable.com/plugins/nessus/63344", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:184. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63344);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5581\");\n script_bugtraq_id(56715);\n script_xref(name:\"MDVSA\", value:\"2012:184\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtiff (MDVSA-2012:184)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found and corrected in libtiff :\n\nA stack-based buffer overflow was found in the way libtiff handled\nDOTRANGE tags. An attacker could use this flaw to create a specially\ncrafted TIFF file that, when opened, would cause an application linked\nagainst libtiff to crash or, possibly, execute arbitrary code\n(CVE-2012-5581).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff-devel-3.9.5-1.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff-static-devel-3.9.5-1.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tiff3-3.9.5-1.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff-devel-3.9.5-1.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libtiff-progs-3.9.5-1.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff-static-devel-3.9.5-1.5-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtiff3-3.9.5-1.5-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:00", "description": "It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code.", "cvss3": {}, "published": "2012-10-22T00:00:00", "type": "nessus", "title": "Debian DSA-2561-1 : tiff - buffer overflow", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tiff", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2561.NASL", "href": "https://www.tenable.com/plugins/nessus/62644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2561. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62644);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4447\");\n script_bugtraq_id(55673);\n script_xref(name:\"DSA\", value:\"2561\");\n\n script_name(english:\"Debian DSA-2561-1 : tiff - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a buffer overflow in libtiff's parsing of files\nusing PixarLog compression could lead to the execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2561\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tiff packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-doc\", reference:\"3.9.4-5+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-opengl\", reference:\"3.9.4-5+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-tools\", reference:\"3.9.4-5+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4\", reference:\"3.9.4-5+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4-dev\", reference:\"3.9.4-5+squeeze6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiffxx0c2\", reference:\"3.9.4-5+squeeze6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:28:05", "description": "The remote host is affected by the vulnerability described in GLSA-201402-21 (libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-02-23T00:00:00", "type": "nessus", "title": "GLSA-201402-21 : libTIFF: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232", "CVE-2013-4244"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tiff", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201402-21.NASL", "href": "https://www.tenable.com/plugins/nessus/72635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201402-21.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72635);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2013-1960\", \"CVE-2013-1961\", \"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-4244\");\n script_bugtraq_id(55673, 56372, 59607, 59609, 61695, 61849, 62019);\n script_xref(name:\"GLSA\", value:\"201402-21\");\n\n script_name(english:\"GLSA-201402-21 : libTIFF: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201402-21\n(libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libTIFF. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted TIFF\n file with an application making use of libTIFF, possibly resulting in\n execution of arbitrary code with the privileges of the user running the\n application or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201402-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libTIFF 4.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.0.3-r6'\n All libTIFF 3.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.9.7-r1:3'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/tiff\", unaffected:make_list(\"ge 4.0.3-r6\", \"rge 3.9.7-r1\"), vulnerable:make_list(\"lt 4.0.3-r6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libTIFF\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:44:41", "description": "The version of BlackBerry Enterprise Server on the remote host reportedly contains multiple remote code execution vulnerabilities in its image processing library :\n\n - The 'TIFFReadDirectory()' function in 'tif_dirread.c' is affected by a buffer overflow vulnerability that can be triggered via a specially crafted TIFF image, potentially leading to arbitrary code execution.\n (CVE-2012-2088)\n\n - A flaw in handling PixarLog compressed TIFF images may be triggered via a specially crafted TIFF image, potentially leading to arbitrary code execution.\n (CVE-2012-4447)", "cvss3": {}, "published": "2013-03-21T00:00:00", "type": "nessus", "title": "BlackBerry Enterprise Server TIFF Image Processing Vulnerabilities (KB33425)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2088", "CVE-2012-4447"], "modified": "2019-11-27T00:00:00", "cpe": ["cpe:/a:rim:blackberry_enterprise_server"], "id": "BLACKBERRY_ES_TIFF_KB33425.NASL", "href": "https://www.tenable.com/plugins/nessus/65643", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65643);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2012-2088\", \"CVE-2012-4447\");\n script_bugtraq_id(54270, 55673);\n script_xref(name:\"IAVA\", value:\"2013-A-0048\");\n\n script_name(english:\"BlackBerry Enterprise Server TIFF Image Processing Vulnerabilities (KB33425)\");\n script_summary(english:\"Checks version of image.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of BlackBerry Enterprise Server on the remote host\nreportedly contains multiple remote code execution vulnerabilities in\nits image processing library :\n\n - The 'TIFFReadDirectory()' function in 'tif_dirread.c'\n is affected by a buffer overflow vulnerability that can\n be triggered via a specially crafted TIFF image,\n potentially leading to arbitrary code execution.\n (CVE-2012-2088)\n\n - A flaw in handling PixarLog compressed TIFF images may\n be triggered via a specially crafted TIFF image,\n potentially leading to arbitrary code execution.\n (CVE-2012-4447)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://salesforce.services.blackberry.com/kbredirect/KB33425\");\n # http://docs.blackberry.com/en/admin/deliverables/50573/BlackBerry_Enterprise_Server_February_12_2013_Interim_Security_Update-Release_Notes.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c3b6747\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install the Interim Security Software Update for February 12th 2013,\nor upgrade to at least 5.0.4 MR1 for Novell GroupWise / 5.0.4 MR1 for\nIBM Lotus Domino / 5.0.4 MR1 for Microsoft Exchange.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:rim:blackberry_enterprise_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"blackberry_es_installed.nasl\", \"lotus_domino_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\n\nglobal_var prod, version;\n\nfunction is_vuln()\n{\n local_var matches, mr;\n\n # Decide whether the installed version is vulnerable.\n # The vulnerable versions are:\n # BES for Microsoft Exchange : 5.0 SP2, SP3, and SP4\n # BES for IBM Lotus Domino : 5.0 SP2, SP3, and SP4\n # BES for Novell GroupWise : 5.0 SP1, SP4\n #\n # BES Express for Microsoft Exchange : 5.0 SP2, SP3, and SP4\n # BES Express for IBM Lotus Domino : 5.0 SP2, SP3, and SP4\n #\n # BES for MDS Applications : 4.1 SP3\n\n # And the versions that include the fix are:\n # BES for Microsoft Exchange : 5.0 SP4 MR1\n # BES for IBM Lotus Domino : 5.0 SP4 MR1\n # BES for Novell GroupWise : 5.0 SP4 MR1\n\n mr = \"(?: MR ([0-9]+))?( |$)\";\n\n # Ignore anything that isn't BES.\n if (\"Enterprise Server\" >!< prod) return FALSE;\n\n if (\"Microsoft Exchange\" >< prod || \"IBM Lotus Domino\" >< prod)\n {\n # 5.0 SP2 through 5.0 SP4\n matches = eregmatch(string:version, pattern:\"^5\\.0\\.([2-4])\" + mr);\n\n # 5.0 SP4 MR1 fixes the issue, even though it is no longer available\n # and has been replaced by MR2\n if (\n isnull(matches) ||\n (matches[1] == 4 && !isnull(matches[2]) && matches[2] >= 1)\n ) return FALSE;\n\n return TRUE;\n }\n\n if (\"Novell GroupWise\" >< prod)\n {\n # 5.0 SP1 & 5.0 SP4 is vulnerable.\n matches = eregmatch(string:version, pattern:\"^5\\.0\\.([14])\" + mr);\n\n # 5.0 SP4 with MR1 fixes the issue\n if (\n isnull(matches) ||\n (matches[1] == 4 && !isnull(matches[2]) && matches[2] >= 1)\n ) return FALSE;\n\n return TRUE;\n }\n\n if(\"MDS Applications\" >< prod)\n {\n # 4.1 SP3 is vulnerable.\n matches = eregmatch(string:version, pattern:\"^4\\.1\\.3\" + mr);\n\n if (isnull(matches)) return FALSE;\n\n return TRUE;\n }\n exit(0, prod + \" is not on a recognized platform.\");\n}\n\nprod = get_kb_item_or_exit(\"BlackBerry_ES/Product\");\nversion = get_kb_item_or_exit(\"BlackBerry_ES/Version\");\n\nif (!is_vuln()) audit(AUDIT_INST_VER_NOT_VULN, prod, version);\n\n# The vulnerable DLL can appear in two separate places:\n# 1) In the BlackBerry MDS Connection Service instance\n# 2) In the BlackBerry Messaging Agent instance\nbase = get_kb_item_or_exit(\"BlackBerry_ES/Path\");\npaths = make_list(base + \"\\MDS\\bin\");\nif (\"IBM Lotus Domino\" >< prod)\n{\n # For Lotus Domino, one of the DLLs is installed outside of the BES\n # tree.\n base = get_kb_item_or_exit(\"SMB/Domino/Path\");\n}\npaths = make_list(paths, base);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\n# Connect to the appropriate share.\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\n# Try to connect to server.\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nreport = \"\";\nfix = \"1.3.0.43\";\nfile = \"\\image.dll\";\n\nforeach path (paths)\n{\n # Split the software's location into components.\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\n dir = ereg_replace(string:path, pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\");\n\n # Connect to the share software is installed on.\n rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n fh = CreateFile(\n file:dir + file,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n );\n if (isnull(fh)) continue;\n\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n\n if (isnull(ver))\n {\n NetUseDel();\n audit(AUDIT_VER_FAIL, path + file);\n }\n\n ver = join(ver, sep:\".\");\n if (ver_compare(ver:ver, fix:fix) < 0)\n {\n report +=\n '\\nThe following instance of image.dll needs to be updated.' +\n '\\n' +\n '\\n File name : ' + path + file +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n NetUseDel(close:FALSE);\n}\n\n# Clean up.\nNetUseDel();\n\n# Check if fix is installed.\nif (report == \"\")\n exit(0, prod + \" \" + version + \" on the remote host has been patched and is not affected.\");\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Product : ' + prod +\n '\\n Path : ' + base +\n '\\n Installed version : ' + version +\n '\\n' +\n report;\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:41", "description": "New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.", "cvss3": {}, "published": "2013-10-20T00:00:00", "type": "nessus", "title": "Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2088", "CVE-2012-2113", "CVE-2012-4447", "CVE-2012-4564", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232", "CVE-2013-4244"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:libtiff", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0"], "id": "SLACKWARE_SSA_2013-290-01.NASL", "href": "https://www.tenable.com/plugins/nessus/70499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-290-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70499);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2013-1960\", \"CVE-2013-1961\", \"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-4244\");\n script_bugtraq_id(54076, 54270, 55673, 56372, 59607, 59609, 61695, 61849, 62019);\n script_xref(name:\"SSA\", value:\"2013-290-01\");\n\n script_name(english:\"Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libtiff packages are available for Slackware 12.1, 12.2, 13.0,\n13.1, 13.37, 14.0, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.543193\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?957d5ecf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.1\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libtiff\", pkgver:\"3.9.7\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:46:45", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. (CVE-2012-4564)\n\n - Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. (CVE-2013-1960)\n\n - Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. (CVE-2013-1961)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_4564_design_error1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4564", "CVE-2013-1960", "CVE-2013-1961"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:libtiff"], "id": "SOLARIS11_LIBTIFF_20131217.NASL", "href": "https://www.tenable.com/plugins/nessus/80681", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80681);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4564\", \"CVE-2013-1960\", \"CVE-2013-1961\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_4564_design_error1)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - ppm2tiff does not check the return value of the\n TIFFScanlineSize function, which allows remote attackers\n to cause a denial of service (crash) and possibly\n execute arbitrary code via a crafted PPM image that\n triggers an integer overflow, a zero-memory allocation,\n and a heap-based buffer overflow. (CVE-2012-4564)\n\n - Heap-based buffer overflow in the t2p_process_jpeg_strip\n function in tiff2pdf in libtiff 4.0.3 and earlier allows\n remote attackers to cause a denial of service (crash)\n and possibly execute arbitrary code via a crafted TIFF\n image file. (CVE-2013-1960)\n\n - Stack-based buffer overflow in the t2p_write_pdf_page\n function in tiff2pdf in libtiff before 4.0.3 allows\n remote attackers to cause a denial of service\n (application crash) via a crafted image length and\n resolution in a TIFF image file. (CVE-2013-1961)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2012-4564-design-error-vulnerability-in-libtiff\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-buffer-errors-vulnerability-in-libtiff\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1aa2951\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.14.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libtiff\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libtiff$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.14.0.5.0\", sru:\"SRU 11.1.14.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libtiff\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libtiff\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:30:07", "description": "GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T.\nDate this patch was last updated by Sun : Sep/15/16\n\nThis plugin has been deprecated and either replaced with individual 119901 patch-revision plugins, or deemed non-security related.", "cvss3": {}, "published": "2006-11-06T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 119901-17 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2285", "CVE-2009-2347", "CVE-2012-5581"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_119901.NASL", "href": "https://www.tenable.com/plugins/nessus/22992", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22992);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2285\", \"CVE-2009-2347\", \"CVE-2012-5581\");\n script_bugtraq_id(56715);\n\n script_name(english:\"Solaris 10 (x86) : 119901-17 (deprecated)\");\n script_summary(english:\"Check for patch 119901-17\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T.\nDate this patch was last updated by Sun : Sep/15/16\n\nThis plugin has been deprecated and either replaced with individual\n119901 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119901-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 119901 instead.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:30:35", "description": "GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF.\nDate this patch was last updated by Sun : Sep/15/16\n\nThis plugin has been deprecated and either replaced with individual 119900 patch-revision plugins, or deemed non-security related.", "cvss3": {}, "published": "2006-11-06T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 119900-18 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2285", "CVE-2009-2347", "CVE-2012-5581"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_119900.NASL", "href": "https://www.tenable.com/plugins/nessus/22959", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22959);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2285\", \"CVE-2009-2347\", \"CVE-2012-5581\");\n script_bugtraq_id(56715);\n\n script_name(english:\"Solaris 10 (sparc) : 119900-18 (deprecated)\");\n script_summary(english:\"Check for patch 119900-18\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF.\nDate this patch was last updated by Sun : Sep/15/16\n\nThis plugin has been deprecated and either replaced with individual\n119900 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119900-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 119900 instead.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:30:56", "description": "Several vulnerabilities were discovered in TIFF, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation.\n\nThese vulnerabilities can be exploited via a specially crafted TIFF image.\n\n - CVE-2012-2113 The tiff2pdf utility has an integer overflow error when parsing images.\n\n - CVE-2012-3401 Huzaifa Sidhpurwala discovered heap-based buffer overflow in the t2p_read_tiff_init() function.\n\n - CVE-2010-2482 An invalid td_stripbytecount field is not properly handle and can trigger a NULL pointer dereference.\n\n - CVE-2010-2595 An array index error, related to 'downsampled OJPEG input' in the TIFFYCbCrtoRGB function causes an unexpected crash.\n\n - CVE-2010-2597 Also related to 'downsampled OJPEG input', the TIFFVStripSize function crash unexpectly.\n\n - CVE-2010-2630 The TIFFReadDirectory function does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file.\n\n - CVE-2010-4665 The tiffdump utility has an integer overflow in the ReadDirectory function.", "cvss3": {}, "published": "2012-09-27T00:00:00", "type": "nessus", "title": "Debian DSA-2552-1 : tiff - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2482", "CVE-2010-2595", "CVE-2010-2597", "CVE-2010-2630", "CVE-2010-4665", "CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tiff", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2552.NASL", "href": "https://www.tenable.com/plugins/nessus/62317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2552. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62317);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2482\", \"CVE-2010-2595\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-4665\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_bugtraq_id(41088, 41295, 41475, 41480, 47338, 54076, 54601);\n script_xref(name:\"DSA\", value:\"2552\");\n\n script_name(english:\"Debian DSA-2552-1 : tiff - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in TIFF, a library set and\ntools to support the Tag Image File Format (TIFF), allowing denial of\nservice and potential privilege escalation.\n\nThese vulnerabilities can be exploited via a specially crafted TIFF\nimage.\n\n - CVE-2012-2113\n The tiff2pdf utility has an integer overflow error when\n parsing images.\n\n - CVE-2012-3401\n Huzaifa Sidhpurwala discovered heap-based buffer\n overflow in the t2p_read_tiff_init() function.\n\n - CVE-2010-2482\n An invalid td_stripbytecount field is not properly\n handle and can trigger a NULL pointer dereference.\n\n - CVE-2010-2595\n An array index error, related to 'downsampled OJPEG\n input' in the TIFFYCbCrtoRGB function causes an\n unexpected crash.\n\n - CVE-2010-2597\n Also related to 'downsampled OJPEG input', the\n TIFFVStripSize function crash unexpectly.\n\n - CVE-2010-2630\n The TIFFReadDirectory function does not properly\n validate the data types of codec-specific tags that have\n an out-of-order position in a TIFF file.\n\n - CVE-2010-4665\n The tiffdump utility has an integer overflow in the\n ReadDirectory function.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2552\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tiff packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 3.9.4-5+squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-doc\", reference:\"3.9.4-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-opengl\", reference:\"3.9.4-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-tools\", reference:\"3.9.4-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4\", reference:\"3.9.4-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4-dev\", reference:\"3.9.4-5+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiffxx0c2\", reference:\"3.9.4-5+squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:31:10", "description": "The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-09-24T00:00:00", "type": "nessus", "title": "GLSA-201209-02 : libTIFF: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2347", "CVE-2009-5022", "CVE-2010-1411", "CVE-2010-2065", "CVE-2010-2067", "CVE-2010-2233", "CVE-2010-2443", "CVE-2010-2481", "CVE-2010-2482", "CVE-2010-2483", "CVE-2010-2595", "CVE-2010-2596", "CVE-2010-2597", "CVE-2010-2630", "CVE-2010-2631", "CVE-2010-3087", "CVE-2010-4665", "CVE-2011-0192", "CVE-2011-1167", "CVE-2012-1173", "CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tiff", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201209-02.NASL", "href": "https://www.tenable.com/plugins/nessus/62235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201209-02.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62235);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2347\", \"CVE-2009-5022\", \"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2010-2067\", \"CVE-2010-2233\", \"CVE-2010-2443\", \"CVE-2010-2481\", \"CVE-2010-2482\", \"CVE-2010-2483\", \"CVE-2010-2595\", \"CVE-2010-2596\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-2631\", \"CVE-2010-3087\", \"CVE-2010-4665\", \"CVE-2011-0192\", \"CVE-2011-1167\", \"CVE-2012-1173\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_xref(name:\"GLSA\", value:\"201209-02\");\n\n script_name(english:\"GLSA-201209-02 : libTIFF: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201209-02\n(libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libTIFF. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted TIFF\n file with an application making use of libTIFF, possibly resulting in\n execution of arbitrary code with the privileges of the user running the\n application or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201209-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libTIFF 4.0 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.0.2-r1'\n All libTIFF 3.9 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.9.5-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/tiff\", unaffected:make_list(\"ge 4.0.2-r1\", \"rge 3.9.5-r2\", \"rge 3.9.7-r1\"), vulnerable:make_list(\"lt 4.0.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libTIFF\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-02T10:57:31", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-12-26T00:00:00", "type": "openvas", "title": "CentOS Update for libtiff CESA-2012:1590 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:881550", "href": "http://plugins.openvas.org/nasl.php?oid=881550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtiff CESA-2012:1590 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n A heap-based buffer overflow flaw was found in the way libtiff processed\n certain TIFF images using the Pixar Log Format encoding. An attacker could\n create a specially-crafted TIFF file that, when opened, could cause an\n application using libtiff to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-4447)\n \n A stack-based buffer overflow flaw was found in the way libtiff handled\n DOTRANGE tags. An attacker could use this flaw to create a\n specially-crafted TIFF file that, when opened, would cause an application\n linked against libtiff to crash or, possibly, execute arbitrary code.\n (CVE-2012-5581)\n \n A heap-based buffer overflow flaw was found in the tiff2pdf tool. An\n attacker could use this flaw to create a specially-crafted TIFF file that\n would cause tiff2pdf to crash or, possibly, execute arbitrary code.\n (CVE-2012-3401)\n \n A missing return value check flaw, leading to a heap-based buffer overflow,\n was found in the ppm2tiff tool. An attacker could use this flaw to create a\n specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff\n to crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n \n The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered\n by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n \n All libtiff users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. All running applications linked\n against libtiff must be restarted for this update to take effect.\";\n\ntag_affected = \"libtiff on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-December/019037.html\");\n script_id(881550);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:06:09 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:1590\");\n script_name(\"CentOS Update for libtiff CESA-2012:1590 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~18.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~18.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-26T00:00:00", "type": "openvas", "title": "RedHat Update for libtiff RHSA-2012:1590-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870871", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870871", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtiff RHSA-2012:1590-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-December/msg00027.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870871\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:04:41 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:1590-01\");\n script_name(\"RedHat Update for libtiff RHSA-2012:1590-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"libtiff on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n A heap-based buffer overflow flaw was found in the way libtiff processed\n certain TIFF images using the Pixar Log Format encoding. An attacker could\n create a specially-crafted TIFF file that, when opened, could cause an\n application using libtiff to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-4447)\n\n A stack-based buffer overflow flaw was found in the way libtiff handled\n DOTRANGE tags. An attacker could use this flaw to create a\n specially-crafted TIFF file that, when opened, would cause an application\n linked against libtiff to crash or, possibly, execute arbitrary code.\n (CVE-2012-5581)\n\n A heap-based buffer overflow flaw was found in the tiff2pdf tool. An\n attacker could use this flaw to create a specially-crafted TIFF file that\n would cause tiff2pdf to crash or, possibly, execute arbitrary code.\n (CVE-2012-3401)\n\n A missing return value check flaw, leading to a heap-based buffer overflow,\n was found in the ppm2tiff tool. An attacker could use this flaw to create a\n specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff\n to crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n\n The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered\n by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\n All libtiff users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. All running applications linked\n against libtiff must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~9.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.9.4~9.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.4~9.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~18.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.8.2~18.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~18.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-26T00:00:00", "type": "openvas", "title": "CentOS Update for libtiff CESA-2012:1590 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtiff CESA-2012:1590 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-December/019038.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881551\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:06:35 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:1590\");\n script_name(\"CentOS Update for libtiff CESA-2012:1590 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"libtiff on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n A heap-based buffer overflow flaw was found in the way libtiff processed\n certain TIFF images using the Pixar Log Format encoding. An attacker could\n create a specially-crafted TIFF file that, when opened, could cause an\n application using libtiff to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-4447)\n\n A stack-based buffer overflow flaw was found in the way libtiff handled\n DOTRANGE tags. An attacker could use this flaw to create a\n specially-crafted TIFF file that, when opened, would cause an application\n linked against libtiff to crash or, possibly, execute arbitrary code.\n (CVE-2012-5581)\n\n A heap-based buffer overflow flaw was found in the tiff2pdf tool. An\n attacker could use this flaw to create a specially-crafted TIFF file that\n would cause tiff2pdf to crash or, possibly, execute arbitrary code.\n (CVE-2012-3401)\n\n A missing return value check flaw, leading to a heap-based buffer overflow,\n was found in the ppm2tiff tool. An attacker could use this flaw to create a\n specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff\n to crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n\n The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered\n by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\n All libtiff users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. All running applications linked\n against libtiff must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~9.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.4~9.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static\", rpm:\"libtiff-static~3.9.4~9.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-03T10:58:40", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-12-26T00:00:00", "type": "openvas", "title": "CentOS Update for libtiff CESA-2012:1590 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:881551", "href": "http://plugins.openvas.org/nasl.php?oid=881551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtiff CESA-2012:1590 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n A heap-based buffer overflow flaw was found in the way libtiff processed\n certain TIFF images using the Pixar Log Format encoding. An attacker could\n create a specially-crafted TIFF file that, when opened, could cause an\n application using libtiff to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-4447)\n \n A stack-based buffer overflow flaw was found in the way libtiff handled\n DOTRANGE tags. An attacker could use this flaw to create a\n specially-crafted TIFF file that, when opened, would cause an application\n linked against libtiff to crash or, possibly, execute arbitrary code.\n (CVE-2012-5581)\n \n A heap-based buffer overflow flaw was found in the tiff2pdf tool. An\n attacker could use this flaw to create a specially-crafted TIFF file that\n would cause tiff2pdf to crash or, possibly, execute arbitrary code.\n (CVE-2012-3401)\n \n A missing return value check flaw, leading to a heap-based buffer overflow,\n was found in the ppm2tiff tool. An attacker could use this flaw to create a\n specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff\n to crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n \n The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered\n by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n \n All libtiff users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. All running applications linked\n against libtiff must be restarted for this update to take effect.\";\n\ntag_affected = \"libtiff on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-December/019038.html\");\n script_id(881551);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:06:35 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:1590\");\n script_name(\"CentOS Update for libtiff CESA-2012:1590 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~9.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.4~9.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static\", rpm:\"libtiff-static~3.9.4~9.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:31", "description": "Oracle Linux Local Security Checks ELSA-2012-1590", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1590", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123770", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1590.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123770\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:18 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1590\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1590 - libtiff security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1590\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1590.html\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~18.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~18.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~9.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.4~9.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libtiff-static\", rpm:\"libtiff-static~3.9.4~9.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-26T00:00:00", "type": "openvas", "title": "CentOS Update for libtiff CESA-2012:1590 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtiff CESA-2012:1590 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-December/019037.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881550\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:06:09 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:1590\");\n script_name(\"CentOS Update for libtiff CESA-2012:1590 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libtiff on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The libtiff packages contain a library of functions for manipulating Tagged\n Image File Format (TIFF) files.\n\n A heap-based buffer overflow flaw was found in the way libtiff processed\n certain TIFF images using the Pixar Log Format encoding. An attacker could\n create a specially-crafted TIFF file that, when opened, could cause an\n application using libtiff to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2012-4447)\n\n A stack-based buffer overflow flaw was found in the way libtiff handled\n DOTRANGE tags. An attacker could use this flaw to create a\n specially-crafted TIFF file that, when opened, would cause an application\n linked against libtiff to crash or, possibly, execute arbitrary code.\n (CVE-2012-5581)\n\n A heap-based buffer overflow flaw was found in the tiff2pdf tool. An\n attacker could use this flaw to create a specially-crafted TIFF file that\n would cause tiff2pdf to crash or, possibly, execute arbitrary code.\n (CVE-2012-3401)\n\n A missing return value check flaw, leading to a heap-based buffer overflow,\n was found in the ppm2tiff tool. An attacker could use this flaw to create a\n specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff\n to crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n\n The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered\n by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\n All libtiff users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. All running applications linked\n against libtiff must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.8.2~18.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.8.2~18.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:03:30", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-147)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120176", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120176\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:19:15 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-147)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in libtiff. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update libtiff to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-147.html\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-3401\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-static\", rpm:\"libtiff-static~3.9.4~9.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.9.4~9.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~9.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.4~9.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:07:38", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-12-31T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2012-20446", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401", "CVE-2012-2088"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864964", "href": "http://plugins.openvas.org/nasl.php?oid=864964", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2012-20446\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\n\ntag_affected = \"libtiff on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095214.html\");\n script_id(864964);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-31 10:36:28 +0530 (Mon, 31 Dec 2012)\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\", \"CVE-2012-3401\",\n \"CVE-2012-2088\", \"CVE-2012-2113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-20446\");\n script_name(\"Fedora Update for libtiff FEDORA-2012-20446\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.7~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-31T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2012-20446", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401", "CVE-2012-2088"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864964", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864964", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2012-20446\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095214.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864964\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-31 10:36:28 +0530 (Mon, 31 Dec 2012)\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\", \"CVE-2012-3401\",\n \"CVE-2012-2088\", \"CVE-2012-2113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-20446\");\n script_name(\"Fedora Update for libtiff FEDORA-2012-20446\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.7~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:21", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-12-31T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2012-20404", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401", "CVE-2012-1173", "CVE-2012-2088"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:864965", "href": "http://plugins.openvas.org/nasl.php?oid=864965", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2012-20404\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\n\ntag_affected = \"libtiff on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095208.html\");\n script_id(864965);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-31 10:36:39 +0530 (Mon, 31 Dec 2012)\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\", \"CVE-2012-3401\",\n \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-1173\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-20404\");\n script_name(\"Fedora Update for libtiff FEDORA-2012-20404\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.7~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-31T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2012-20404", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401", "CVE-2012-1173", "CVE-2012-2088"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864965", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864965", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2012-20404\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095208.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864965\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-31 10:36:39 +0530 (Mon, 31 Dec 2012)\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\", \"CVE-2012-3401\",\n \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-1173\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-20404\");\n script_name(\"Fedora Update for libtiff FEDORA-2012-20404\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.7~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2012:174 (libtiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831750", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831750", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2012:174 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:174\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831750\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 12:00:00 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:174\");\n script_name(\"Mandriva Update for libtiff MDVSA-2012:174 (libtiff)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"libtiff on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities was found and corrected in libtiff:\n\n Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3\n allows remote attackers to cause a denial of service (application\n crash) and possibly execute arbitrary code via a crafted TIFF image\n using the PixarLog Compression format (CVE-2012-4447).\n\n ppm2tiff does not check the return value of the TIFFScanlineSize\n function, which allows remote attackers to cause a denial of service\n (crash) and possibly execute arbitrary code via a crafted PPM image\n that triggers an integer overflow, a zero-memory allocation, and a\n heap-based buffer overflow (CVE-2012-4564).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:21", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1631-1", "cvss3": {}, "published": "2012-11-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for tiff USN-1631-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1631_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tiff USN-1631-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1631-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841216\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-19 09:30:05 +0530 (Mon, 19 Nov 2012)\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1631-1\");\n script_name(\"Ubuntu Update for tiff USN-1631-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|8\\.04 LTS|12\\.10)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1631-1\");\n script_tag(name:\"affected\", value:\"tiff on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that LibTIFF incorrectly handled certain malformed images\n using the PixarLog compression format. If a user or automated system were\n tricked into opening a specially crafted TIFF image, a remote attacker\n could crash the application, leading to a denial of service, or possibly\n execute arbitrary code with user privileges. (CVE-2012-4447)\n\n Huzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly\n handled certain malformed PPM images. If a user or automated system were\n tricked into opening a specially crafted PPM image, a remote attacker could\n crash the application, leading to a denial of service, or possibly execute\n arbitrary code with user privileges. (CVE-2012-4564)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-2ubuntu1.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-1ubuntu1.4\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.2-2ubuntu0.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.14\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff5\", ver:\"4.0.2-1ubuntu2.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:07:25", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-11-23T00:00:00", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2012:174 (libtiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:831750", "href": "http://plugins.openvas.org/nasl.php?oid=831750", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2012:174 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was found and corrected in libtiff:\n\n Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3\n allows remote attackers to cause a denial of service (application\n crash) and possibly execute arbitrary code via a crafted TIFF image\n using the PixarLog Compression format (CVE-2012-4447).\n\n ppm2tiff does not check the return value of the TIFFScanlineSize\n function, which allows remote attackers to cause a denial of service\n (crash) and possibly execute arbitrary code via a crafted PPM image\n that triggers an integer overflow, a zero-memory allocation, and a\n heap-based buffer overflow (CVE-2012-4564).\n\n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"libtiff on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:174\");\n script_id(831750);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-23 12:00:00 +0530 (Fri, 23 Nov 2012)\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:174\");\n script_name(\"Mandriva Update for libtiff MDVSA-2012:174 (libtiff)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.5~1.4\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:20:15", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1631-1", "cvss3": {}, "published": "2012-11-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for tiff USN-1631-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841216", "href": "http://plugins.openvas.org/nasl.php?oid=841216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1631_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for tiff USN-1631-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that LibTIFF incorrectly handled certain malformed images\n using the PixarLog compression format. If a user or automated system were\n tricked into opening a specially crafted TIFF image, a remote attacker\n could crash the application, leading to a denial of service, or possibly\n execute arbitrary code with user privileges. (CVE-2012-4447)\n\n Huzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly\n handled certain malformed PPM images. If a user or automated system were\n tricked into opening a specially crafted PPM image, a remote attacker could\n crash the application, leading to a denial of service, or possibly execute\n arbitrary code with user privileges. (CVE-2012-4564)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1631-1\";\ntag_affected = \"tiff on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1631-1/\");\n script_id(841216);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-19 09:30:05 +0530 (Mon, 19 Nov 2012)\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1631-1\");\n script_name(\"Ubuntu Update for tiff USN-1631-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-2ubuntu1.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-1ubuntu1.4\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.2-2ubuntu0.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.14\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff5\", ver:\"4.0.2-1ubuntu2.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:09:27", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2013-05-23T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2013-7361", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401", "CVE-2012-2088"], "modified": "2018-01-19T00:00:00", "id": "OPENVAS:865635", "href": "http://plugins.openvas.org/nasl.php?oid=865635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2013-7361\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\n\n\ntag_affected = \"libtiff on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865635);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-23 09:53:48 +0530 (Thu, 23 May 2013)\");\n script_cve_id(\"CVE-2013-1960\", \"CVE-2013-1961\", \"CVE-2012-4447\", \"CVE-2012-4564\",\n \"CVE-2012-5581\", \"CVE-2012-3401\", \"CVE-2012-2088\", \"CVE-2012-2113\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libtiff FEDORA-2013-7361\");\n\n script_xref(name: \"FEDORA\", value: \"2013-7361\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.7~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-05-23T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2013-7361", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401", "CVE-2012-2088"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2013-7361\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865635\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-23 09:53:48 +0530 (Thu, 23 May 2013)\");\n script_cve_id(\"CVE-2013-1960\", \"CVE-2013-1961\", \"CVE-2012-4447\", \"CVE-2012-4564\",\n \"CVE-2012-5581\", \"CVE-2012-3401\", \"CVE-2012-2088\", \"CVE-2012-2113\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libtiff FEDORA-2013-7361\");\n script_xref(name:\"FEDORA\", value:\"2013-7361\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.7~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:52:11", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2013-05-17T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2013-7369", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865624", "href": "http://plugins.openvas.org/nasl.php?oid=865624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2013-7369\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\n\n\ntag_affected = \"libtiff on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865624);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-17 09:48:59 +0530 (Fri, 17 May 2013)\");\n script_cve_id(\"CVE-2013-1960\", \"CVE-2013-1961\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libtiff FEDORA-2013-7369\");\n\n script_xref(name: \"FEDORA\", value: \"2013-7369\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html\");\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~6.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-05-17T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2013-7369", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2013-7369\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865624\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-17 09:48:59 +0530 (Fri, 17 May 2013)\");\n script_cve_id(\"CVE-2013-1960\", \"CVE-2013-1961\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libtiff FEDORA-2013-7369\");\n script_xref(name:\"FEDORA\", value:\"2013-7369\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~6.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-08-20T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2013-14726", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4232", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2012-5581", "CVE-2013-4231"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866470", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2013-14726\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866470\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 12:42:47 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-1960\", \"CVE-2013-1961\",\n \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libtiff FEDORA-2013-14726\");\n\n\n script_tag(name:\"affected\", value:\"libtiff on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14726\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114230.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~8.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-24T11:10:08", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2013-08-20T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2013-14726", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4232", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2012-5581", "CVE-2013-4231"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:866470", "href": "http://plugins.openvas.org/nasl.php?oid=866470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2013-14726\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866470);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 12:42:47 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-1960\", \"CVE-2013-1961\",\n \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libtiff FEDORA-2013-14726\");\n\n tag_insight = \"The libtiff package contains a library of functions for manipulating\nTIFF (Tagged Image File Format) image format files. TIFF is a widely\nused file format for bitmapped images. TIFF files usually end in the\n.tif extension and they are often quite large.\n\nThe libtiff package should be installed if you need to manipulate TIFF\nformat image files.\n\";\n\n tag_affected = \"libtiff on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14726\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114230.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~8.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:51:28", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2013-09-24T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2013-15673", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4232", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2012-5581", "CVE-2013-4244", "CVE-2013-4231"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:866919", "href": "http://plugins.openvas.org/nasl.php?oid=866919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2013-15673\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866919);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:42:54 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-4244\", \"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-1960\",\n \"CVE-2013-1961\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libtiff FEDORA-2013-15673\");\n\n tag_insight = \"The libtiff package contains a library of functions for manipulating\nTIFF (Tagged Image File Format) image format files. TIFF is a widely\nused file format for bitmapped images. TIFF files usually end in the\n.tif extension and they are often quite large.\n\nThe libtiff package should be installed if you need to manipulate TIFF\nformat image files.\n\";\n\n tag_affected = \"libtiff on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15673\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115786.html\");\n script_summary(\"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~9.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-09-24T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2013-15673", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4232", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2012-5581", "CVE-2013-4244", "CVE-2013-4231"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866919", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2013-15673\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866919\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:42:54 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-4244\", \"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-1960\",\n \"CVE-2013-1961\", \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for libtiff FEDORA-2013-15673\");\n\n\n script_tag(name:\"affected\", value:\"libtiff on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15673\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115786.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~9.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-09T00:00:00", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2012:127 (libtiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3401"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2012:127 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:127\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831715\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-09 10:25:28 +0530 (Thu, 09 Aug 2012)\");\n script_cve_id(\"CVE-2012-3401\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:127\");\n script_name(\"Mandriva Update for libtiff MDVSA-2012:127 (libtiff)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"libtiff on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability was found and corrected in libtiff:\n\n A heap-based buffer overflow flaw was found in the way tiff2pdf, a\n TIFF image to a PDF document conversion tool, of libtiff, a library\n of functions for manipulating TIFF (Tagged Image File Format) image\n format files, performed write of TIFF image content into particular PDF\n document file, when not properly initialized T2P context struct pointer\n has been provided by tiff2pdf (application requesting the conversion)\n as one of parameters for the routine performing the write. A remote\n attacker could provide a specially-crafted TIFF image format file,\n that when processed by tiff2pdf would lead to tiff2pdf executable\n crash or, potentially, arbitrary code execution with the privileges\n of the user running the tiff2pdf binary (CVE-2012-3401).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:19:52", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1511-1", "cvss3": {}, "published": "2012-07-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for tiff USN-1511-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3401"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841088", "href": "http://plugins.openvas.org/nasl.php?oid=841088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1511_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for tiff USN-1511-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly\n handled certain malformed TIFF images. If a user or automated system were\n tricked into opening a specially crafted TIFF image, a remote attacker\n could crash the application, leading to a denial of service, or possibly\n execute arbitrary code with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1511-1\";\ntag_affected = \"tiff on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1511-1/\");\n script_id(841088);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-23 10:47:24 +0530 (Mon, 23 Jul 2012)\");\n script_cve_id(\"CVE-2012-3401\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1511-1\");\n script_name(\"Ubuntu Update for tiff USN-1511-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.2-2ubuntu0.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.5-2ubuntu1.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.5-1ubuntu1.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5ubuntu6.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-7ubuntu3.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:07:27", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-08-09T00:00:00", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2012:127 (libtiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3401"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:831715", "href": "http://plugins.openvas.org/nasl.php?oid=831715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2012:127 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found and corrected in libtiff:\n\n A heap-based buffer overflow flaw was found in the way tiff2pdf, a\n TIFF image to a PDF document conversion tool, of libtiff, a library\n of functions for manipulating TIFF (Tagged Image File Format) image\n format files, performed write of TIFF image content into particular PDF\n document file, when not properly initialized T2P context struct pointer\n has been provided by tiff2pdf (application requesting the conversion)\n as one of parameters for the routine performing the write. A remote\n attacker could provide a specially-crafted TIFF image format file,\n that when processed by tiff2pdf would lead to tiff2pdf executable\n crash or, potentially, arbitrary code execution with the privileges\n of the user running the tiff2pdf binary (CVE-2012-3401).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libtiff on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:127\");\n script_id(831715);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-09 10:25:28 +0530 (Thu, 09 Aug 2012)\");\n script_cve_id(\"CVE-2012-3401\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:127\");\n script_name(\"Mandriva Update for libtiff MDVSA-2012:127 (libtiff)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.5~1.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.8mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:59", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1511-1", "cvss3": {}, "published": "2012-07-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for tiff USN-1511-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3401"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1511_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tiff USN-1511-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1511-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841088\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-23 10:47:24 +0530 (Mon, 23 Jul 2012)\");\n script_cve_id(\"CVE-2012-3401\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1511-1\");\n script_name(\"Ubuntu Update for tiff USN-1511-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1511-1\");\n script_tag(name:\"affected\", value:\"tiff on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly\n handled certain malformed TIFF images. If a user or automated system were\n tricked into opening a specially crafted TIFF image, a remote attacker\n could crash the application, leading to a denial of service, or possibly\n execute arbitrary code with user privileges.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.2-2ubuntu0.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.5-2ubuntu1.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.5-1ubuntu1.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5ubuntu6.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-7ubuntu3.13\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:45", "description": "The remote host is missing an update to tiff\nannounced via advisory DSA 2575-1.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2575-1 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4564"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:72590", "href": "http://plugins.openvas.org/nasl.php?oid=72590", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2575_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2575-1 (tiff)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that ppm2tiff of the tiff tools, a set of utilities\nfor TIFF manipulation and conversion, is not properly checking the return\nvalue of an internal function used in order to detect integer overflows.\nAs a consequence, ppm2tiff suffers of a heap-based buffer overflow.\nThis allows attacker to potentially execute arbitrary code via a crafted\nppm image, especially in scenarios in which images are automatically\nprocessed.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze7.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.2-5.\n\nWe recommend that you upgrade your tiff packages.\";\ntag_summary = \"The remote host is missing an update to tiff\nannounced via advisory DSA 2575-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202575-1\";\n\nif(description)\n{\n script_id(72590);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-4564\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:46:33 -0500 (Mon, 26 Nov 2012)\");\n script_name(\"Debian Security Advisory DSA 2575-1 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:47", "description": "The remote host is missing an update to tiff\nannounced via advisory DSA 2575-1.", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2575-1 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4564"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231072590", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072590", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2575_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2575-1 (tiff)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72590\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-4564\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:46:33 -0500 (Mon, 26 Nov 2012)\");\n script_name(\"Debian Security Advisory DSA 2575-1 (tiff)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202575-1\");\n script_tag(name:\"insight\", value:\"It was discovered that ppm2tiff of the tiff tools, a set of utilities\nfor TIFF manipulation and conversion, is not properly checking the return\nvalue of an internal function used in order to detect integer overflows.\nAs a consequence, ppm2tiff suffers of a heap-based buffer overflow.\nThis allows attacker to potentially execute arbitrary code via a crafted\nppm image, especially in scenarios in which images are automatically\nprocessed.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze7.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.2-5.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tiff packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tiff\nannounced via advisory DSA 2575-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.4-5+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:53", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-12-31T00:00:00", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2012:184 (libtiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5581"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:831760", "href": "http://plugins.openvas.org/nasl.php?oid=831760", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2012:184 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found and corrected in libtiff:\n\n A stack-based buffer overflow was found in the way libtiff\n handled DOTRANGE tags. An attacker could use this flaw to create\n a specially-crafted TIFF file that, when opened, would cause an\n application linked against libtiff to crash or, possibly, execute\n arbitrary code (CVE-2012-5581).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libtiff on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:184\");\n script_id(831760);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-31 10:38:22 +0530 (Mon, 31 Dec 2012)\");\n script_cve_id(\"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:184\");\n script_name(\"Mandriva Update for libtiff MDVSA-2012:184 (libtiff)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:52:02", "description": "The tiff library for handling TIFF image files contained a stack-based\nbuffer overflow, potentially allowing attackers who can submit such\nfiles to a vulnerable system to execute arbitrary code.", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2589-1 (tiff - buffer overflow)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5581"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:892589", "href": "http://plugins.openvas.org/nasl.php?oid=892589", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2589_1.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2589-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"tiff on Debian Linux\";\ntag_insight = \"libtiff is a library providing support for the Tag Image File Format\n(TIFF), a widely used format for storing image data.\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze8.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.2-1 of the tiff\npackage, and version 3.9.6-10 of the tiff3 package.\n\nWe recommend that you upgrade your tiff packages.\";\ntag_summary = \"The tiff library for handling TIFF image files contained a stack-based\nbuffer overflow, potentially allowing attackers who can submit such\nfiles to a vulnerable system to execute arbitrary code.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892589);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-5581\");\n script_name(\"Debian Security Advisory DSA 2589-1 (tiff - buffer overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 11:53:02 +0200 (Wed, 18 Sep 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2012/dsa-2589.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.6-10\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.6-10\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.6-10\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-31T00:00:00", "type": "openvas", "title": "Mandriva Update for libtiff MDVSA-2012:184 (libtiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5581"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831760", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtiff MDVSA-2012:184 (libtiff)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:184\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831760\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-31 10:38:22 +0530 (Mon, 31 Dec 2012)\");\n script_cve_id(\"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:184\");\n script_name(\"Mandriva Update for libtiff MDVSA-2012:184 (libtiff)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"libtiff on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability was found and corrected in libtiff:\n\n A stack-based buffer overflow was found in the way libtiff\n handled DOTRANGE tags. An attacker could use this flaw to create\n a specially-crafted TIFF file that, when opened, would cause an\n application linked against libtiff to crash or, possibly, execute\n arbitrary code (CVE-2012-5581).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static-devel\", rpm:\"libtiff-static-devel~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-devel\", rpm:\"lib64tiff-devel~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff-static-devel\", rpm:\"lib64tiff-static-devel~3.9.5~1.5\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-devel\", rpm:\"libtiff3-devel~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff3-static-devel\", rpm:\"libtiff3-static-devel~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-progs\", rpm:\"libtiff-progs~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3\", rpm:\"lib64tiff3~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-devel\", rpm:\"lib64tiff3-devel~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tiff3-static-devel\", rpm:\"lib64tiff3-static-devel~3.8.2~12.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:03", "description": "The tiff library for handling TIFF image files contained a stack-based\nbuffer overflow, potentially allowing attackers who can submit such\nfiles to a vulnerable system to execute arbitrary code.", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2589-1 (tiff - buffer overflow)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5581"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310892589", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892589", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2589_1.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2589-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892589\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-5581\");\n script_name(\"Debian Security Advisory DSA 2589-1 (tiff - buffer overflow)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 11:53:02 +0200 (Wed, 18 Sep 2013)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2012/dsa-2589.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"tiff on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze8.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.2-1 of the tiff\npackage, and version 3.9.6-10 of the tiff3 package.\n\nWe recommend that you upgrade your tiff packages.\");\n script_tag(name:\"summary\", value:\"The tiff library for handling TIFF image files contained a stack-based\nbuffer overflow, potentially allowing attackers who can submit such\nfiles to a vulnerable system to execute arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.4-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.6-10\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.6-10\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.6-10\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:21:10", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1655-1", "cvss3": {}, "published": "2012-12-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for tiff USN-1655-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5581"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841244", "href": "http://plugins.openvas.org/nasl.php?oid=841244", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1655_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for tiff USN-1655-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that LibTIFF incorrectly handled certain malformed\n images using the DOTRANGE tag. If a user or automated system were\n tricked into opening a specially crafted TIFF image, a remote attacker\n could crash the application, leading to a denial of service, or possibly\n execute arbitrary code with user privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1655-1\";\ntag_affected = \"tiff on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1655-1/\");\n script_id(841244);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-06 10:26:18 +0530 (Thu, 06 Dec 2012)\");\n script_cve_id(\"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1655-1\");\n script_name(\"Ubuntu Update for tiff USN-1655-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-2ubuntu1.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-1ubuntu1.5\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.2-2ubuntu0.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.16\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:50", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1655-1", "cvss3": {}, "published": "2012-12-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for tiff USN-1655-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5581"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841244", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1655_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tiff USN-1655-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1655-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841244\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-06 10:26:18 +0530 (Thu, 06 Dec 2012)\");\n script_cve_id(\"CVE-2012-5581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1655-1\");\n script_name(\"Ubuntu Update for tiff USN-1655-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1655-1\");\n script_tag(name:\"affected\", value:\"tiff on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that LibTIFF incorrectly handled certain malformed\n images using the DOTRANGE tag. If a user or automated system were\n tricked into opening a specially crafted TIFF image, a remote attacker\n could crash the application, leading to a denial of service, or possibly\n execute arbitrary code with user privileges.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-2ubuntu1.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-1ubuntu1.5\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.2-2ubuntu0.12\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.16\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:06", "description": "The remote host is missing an update to tiff\nannounced via advisory DSA 2561-1.", "cvss3": {}, "published": "2012-10-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2561-1 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231072532", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072532", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2561_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2561-1 (tiff)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72532\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-4447\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 10:13:51 -0400 (Mon, 29 Oct 2012)\");\n script_name(\"Debian Security Advisory DSA 2561-1 (tiff)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202561-1\");\n script_tag(name:\"insight\", value:\"It was discovered that a buffer overflow in libtiff's parsing of files\nusing PixarLog compression could lead to the execution of arbitrary\ncode.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze6.\n\nFor the testing distribution (wheezy) and the unstable distribution\nsid), this problem has been fixed in version 3.9.6-9 of the tiff3\nsource package and in version 4.0.2-4 of the tiff source package.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tiff packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tiff\nannounced via advisory DSA 2561-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.2-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.2-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.2-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5\", ver:\"4.0.2-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-alt-dev\", ver:\"4.0.2-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.2-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx5\", ver:\"4.0.2-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:53", "description": "The remote host is missing an update to tiff\nannounced via advisory DSA 2561-1.", "cvss3": {}, "published": "2012-10-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2561-1 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4447"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:72532", "href": "http://plugins.openvas.org/nasl.php?oid=72532", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2561_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2561-1 (tiff)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that a buffer overflow in libtiff's parsing of files\nusing PixarLog compression could lead to the execution of arbitrary\ncode.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze6.\n\nFor the testing distribution (wheezy) and the unstable distribution\nsid), this problem has been fixed in version 3.9.6-9 of the tiff3\nsource package and in version 4.0.2-4 of the tiff source package.\n\nWe recommend that you upgrade your tiff packages.\";\ntag_summary = \"The remote host is missing an update to tiff\nannounced via advisory DSA 2561-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202561-1\";\n\nif(description)\n{\n script_id(72532);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-4447\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 10:13:51 -0400 (Mon, 29 Oct 2012)\");\n script_name(\"Debian Security Advisory DSA 2561-1 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.4-5+squeeze6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.2-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.2-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.2-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5\", ver:\"4.0.2-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-alt-dev\", ver:\"4.0.2-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.2-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx5\", ver:\"4.0.2-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:54", "description": "Gentoo Linux Local Security Checks GLSA 201402-21", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201402-21", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4232", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-1961", "CVE-2012-4564", "CVE-2013-4244", "CVE-2013-4231"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121152", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121152", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201402-21.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121152\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:55 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201402-21\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201402-21\");\n script_cve_id(\"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2013-1960\", \"CVE-2013-1961\", \"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-4244\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201402-21\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-libs/tiff\", unaffected: make_list(\"ge 4.0.3-r6\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/tiff\", unaffected: make_list(\"ge 3.9.7-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/tiff\", unaffected: make_list(), vulnerable: make_list(\"lt 4.0.3-r6\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libtiff FEDORA-2014-6837", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4232", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-4243", "CVE-2013-1961", "CVE-2012-4564", "CVE-2013-4244", "CVE-2013-4231"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867875", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtiff FEDORA-2014-6837\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867875\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 09:55:07 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-4243\", \"CVE-2013-4244\",\n \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2013-1960\", \"CVE-2013-1961\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for mingw-libtiff FEDORA-2014-6837\");\n script_tag(name:\"affected\", value:\"mingw-libtiff on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6837\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134058.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtiff\", rpm:\"mingw-libtiff~4.0.3~4.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libtiff FEDORA-2014-6831", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4232", "CVE-2013-1960", "CVE-2012-4447", "CVE-2013-4243", "CVE-2013-1961", "CVE-2012-4564", "CVE-2013-4244", "CVE-2013-4231"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867867", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867867", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtiff FEDORA-2014-6831\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867867\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 09:54:04 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2013-4231\", \"CVE-2013-4232\", \"CVE-2013-4243\", \"CVE-2013-4244\",\n \"CVE-2012-4447\", \"CVE-2012-4564\", \"CVE-2013-1960\", \"CVE-2013-1961\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for mingw-libtiff FEDORA-2014-6831\");\n script_tag(name:\"affected\", value:\"mingw-libtiff on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6831\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134209.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtiff\", rpm:\"mingw-libtiff~4.0.3~4.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2012-11000", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2012-3401", "CVE-2012-2088"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864566", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2012-11000\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084219.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864566\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:17:36 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-2088\", \"CVE-2012-2113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-11000\");\n script_name(\"Fedora Update for libtiff FEDORA-2012-11000\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.6~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:32", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2012-11000", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2012-3401", "CVE-2012-2088"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:864566", "href": "http://plugins.openvas.org/nasl.php?oid=864566", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2012-11000\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\n\ntag_affected = \"libtiff on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084219.html\");\n script_id(864566);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:17:36 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-2088\", \"CVE-2012-2113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-11000\");\n script_name(\"Fedora Update for libtiff FEDORA-2012-11000\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.6~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:05", "description": "Check for the Version of libtiff", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2012-10978", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2012-3401", "CVE-2012-1173", "CVE-2012-2088"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:864615", "href": "http://plugins.openvas.org/nasl.php?oid=864615", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2012-10978\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libtiff package contains a library of functions for manipulating\n TIFF (Tagged Image File Format) image format files. TIFF is a widely\n used file format for bitmapped images. TIFF files usually end in the\n .tif extension and they are often quite large.\n\n The libtiff package should be installed if you need to manipulate TIFF\n format image files.\";\n\ntag_affected = \"libtiff on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084824.html\");\n script_id(864615);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:37:47 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-1173\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-10978\");\n script_name(\"Fedora Update for libtiff FEDORA-2012-10978\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtiff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.6~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for libtiff FEDORA-2012-10978", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2012-3401", "CVE-2012-1173", "CVE-2012-2088"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864615", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864615", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtiff FEDORA-2012-10978\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084824.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864615\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:37:47 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-3401\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-1173\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-10978\");\n script_name(\"Fedora Update for libtiff FEDORA-2012-10978\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtiff'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"libtiff on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.6~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:50", "description": "The remote host is missing an update to tiff\nannounced via advisory DSA 2552-1.", "cvss3": {}, "published": "2012-10-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2552-1 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2010-2595", "CVE-2010-2482", "CVE-2010-4665", "CVE-2012-3401", "CVE-2010-2597", "CVE-2010-2630"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231072443", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072443", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2552_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2552-1 (tiff)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72443\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2482\", \"CVE-2010-2595\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-4665\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 11:10:30 -0400 (Wed, 03 Oct 2012)\");\n script_name(\"Debian Security Advisory DSA 2552-1 (tiff)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202552-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in Tiff, a library set and tools\nto support the Tag Image File Format (TIFF), allowing denial of service and\npotential privilege escalation.\n\nThese vulnerabilities can be exploited via a specially crafted TIFF image.\n\nCVE-2012-2113\nThe tiff2pdf utility has an integer overflow error when parsing images.\n\nCVE-2012-3401\nHuzaifa Sidhpurwala discovered heap-based buffer overflow in the\nt2p_read_tiff_init() function.\n\nCVE-2010-2482\nAn invalid td_stripbytecount field is not properly handle and can trigger a\nNULL pointer dereference.\n\nCVE-2010-2595\nAn array index error, related to downsampled OJPEG input. in the\nTIFFYCbCrtoRGB function causes an unexpected crash.\n\nCVE-2010-2597\nAlso related to downsampled OJPEG input, the TIFFVStripSize function crash\nunexpectly.\n\nCVE-2010-2630\nThe TIFFReadDirectory function does not properly validate the data types of\ncodec-specific tags that have an out-of-order position in a TIFF file.\n\nCVE-2010-4665\nThe tiffdump utility has an integer overflow in the ReadDirectory function.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 3.9.4-5+squeeze5.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 4.0.2-2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.2-2.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tiff packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tiff\nannounced via advisory DSA 2552-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.2-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.2-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.2-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5\", ver:\"4.0.2-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-alt-dev\", ver:\"4.0.2-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.2-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx5\", ver:\"4.0.2-2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:32", "description": "The remote host is missing an update to tiff\nannounced via advisory DSA 2552-1.", "cvss3": {}, "published": "2012-10-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2552-1 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2113", "CVE-2010-2595", "CVE-2010-2482", "CVE-2010-4665", "CVE-2012-3401", "CVE-2010-2597", "CVE-2010-2630"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:72443", "href": "http://plugins.openvas.org/nasl.php?oid=72443", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2552_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2552-1 (tiff)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in Tiff, a library set and tools\nto support the Tag Image File Format (TIFF), allowing denial of service and\npotential privilege escalation.\n\nThese vulnerabilities can be exploited via a specially crafted TIFF image.\n\nCVE-2012-2113\nThe tiff2pdf utility has an integer overflow error when parsing images.\n\nCVE-2012-3401\nHuzaifa Sidhpurwala discovered heap-based buffer overflow in the\nt2p_read_tiff_init() function.\n\nCVE-2010-2482\nAn invalid td_stripbytecount field is not properly handle and can trigger a\nNULL pointer dereference.\n\nCVE-2010-2595\nAn array index error, related to downsampled OJPEG input. in the\nTIFFYCbCrtoRGB function causes an unexpected crash.\n\nCVE-2010-2597\nAlso related to downsampled OJPEG input, the TIFFVStripSize function crash\nunexpectly.\n\nCVE-2010-2630\nThe TIFFReadDirectory function does not properly validate the data types of\ncodec-specific tags that have an out-of-order position in a TIFF file.\n\nCVE-2010-4665\nThe tiffdump utility has an integer overflow in the ReadDirectory function.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 3.9.4-5+squeeze5.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 4.0.2-2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.2-2.\n\nWe recommend that you upgrade your tiff packages.\";\ntag_summary = \"The remote host is missing an update to tiff\nannounced via advisory DSA 2552-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202552-1\";\n\nif(description)\n{\n script_id(72443);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2482\", \"CVE-2010-2595\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-4665\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 11:10:30 -0400 (Wed, 03 Oct 2012)\");\n script_name(\"Debian Security Advisory DSA 2552-1 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.4-5+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.2-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.2-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.2-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5\", ver:\"4.0.2-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-alt-dev\", ver:\"4.0.2-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.2-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtiffxx5\", ver:\"4.0.2-2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:53", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-02.", "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201209-02 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2347", "CVE-2012-2113", "CVE-2010-2443", "CVE-2010-2595", "CVE-2010-2631", "CVE-2010-2065", "CVE-2010-2596", "CVE-2009-5022", "CVE-2010-2482", "CVE-2011-1167", "CVE-2010-4665", "CVE-2010-2481", "CVE-2010-2483", "CVE-2012-3401", "CVE-2010-1411", "CVE-2010-2233", "CVE-2010-2597", "CVE-2012-1173", "CVE-2010-2067", "CVE-2012-2088", "CVE-2010-2630", "CVE-2010-3087", "CVE-2011-0192"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231072419", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201209_02.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72419\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2347\", \"CVE-2009-5022\", \"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2010-2067\", \"CVE-2010-2233\", \"CVE-2010-2443\", \"CVE-2010-2481\", \"CVE-2010-2482\", \"CVE-2010-2483\", \"CVE-2010-2595\", \"CVE-2010-2596\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-2631\", \"CVE-2010-3087\", \"CVE-2010-4665\", \"CVE-2011-0192\", \"CVE-2011-1167\", \"CVE-2012-1173\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-26 11:20:48 -0400 (Wed, 26 Sep 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-02 (tiff)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in libTIFF could result in execution of\narbitrary code or Denial of Service.\");\n script_tag(name:\"solution\", value:\"All libTIFF 4.0 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.0.2-r1'\n\n\nAll libTIFF 3.9 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.9.5-r2'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-02\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=307001\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=324885\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=357271\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=359871\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=371308\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=410931\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=422673\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=427166\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201209-02.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/tiff\", unaffected: make_list(\"ge 4.0.2-r1\", \"rge 3.9.5-r2\"), vulnerable: make_list(\"lt 4.0.2-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:20", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-02.", "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201209-02 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2347", "CVE-2012-2113", "CVE-2010-2443", "CVE-2010-2595", "CVE-2010-2631", "CVE-2010-2065", "CVE-2010-2596", "CVE-2009-5022", "CVE-2010-2482", "CVE-2011-1167", "CVE-2010-4665", "CVE-2010-2481", "CVE-2010-2483", "CVE-2012-3401", "CVE-2010-1411", "CVE-2010-2233", "CVE-2010-2597", "CVE-2012-1173", "CVE-2010-2067", "CVE-2012-2088", "CVE-2010-2630", "CVE-2010-3087", "CVE-2011-0192"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:72419", "href": "http://plugins.openvas.org/nasl.php?oid=72419", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in libTIFF could result in execution of\narbitrary code or Denial of Service.\";\ntag_solution = \"All libTIFF 4.0 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.0.2-r1'\n \n\nAll libTIFF 3.9 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.9.5-r2'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=307001\nhttp://bugs.gentoo.org/show_bug.cgi?id=324885\nhttp://bugs.gentoo.org/show_bug.cgi?id=357271\nhttp://bugs.gentoo.org/show_bug.cgi?id=359871\nhttp://bugs.gentoo.org/show_bug.cgi?id=371308\nhttp://bugs.gentoo.org/show_bug.cgi?id=410931\nhttp://bugs.gentoo.org/show_bug.cgi?id=422673\nhttp://bugs.gentoo.org/show_bug.cgi?id=427166\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201209-02.\";\n\n \n \nif(description)\n{\n script_id(72419);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2347\", \"CVE-2009-5022\", \"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2010-2067\", \"CVE-2010-2233\", \"CVE-2010-2443\", \"CVE-2010-2481\", \"CVE-2010-2482\", \"CVE-2010-2483\", \"CVE-2010-2595\", \"CVE-2010-2596\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-2631\", \"CVE-2010-3087\", \"CVE-2010-4665\", \"CVE-2011-0192\", \"CVE-2011-1167\", \"CVE-2012-1173\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-26 11:20:48 -0400 (Wed, 26 Sep 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-02 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/tiff\", unaffected: make_list(\"ge 4.0.2-r1\", \"rge 3.9.5-r2\"), vulnerable: make_list(\"lt 4.0.2-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2022-11-01T21:37:13", "description": "**Issue Overview:**\n\nA heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n\n \n**Affected Packages:** \n\n\nlibtiff\n\n \n**Issue Correction:** \nRun _yum update libtiff_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 libtiff-static-3.9.4-9.11.amzn1.i686 \n \u00a0\u00a0\u00a0 libtiff-debuginfo-3.9.4-9.11.amzn1.i686 \n \u00a0\u00a0\u00a0 libtiff-3.9.4-9.11.amzn1.i686 \n \u00a0\u00a0\u00a0 libtiff-devel-3.9.4-9.11.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 libtiff-3.9.4-9.11.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 libtiff-debuginfo-3.9.4-9.11.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libtiff-3.9.4-9.11.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libtiff-static-3.9.4-9.11.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libtiff-devel-3.9.4-9.11.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2012-3401](<https://access.redhat.com/security/cve/CVE-2012-3401>), [CVE-2012-4447](<https://access.redhat.com/security/cve/CVE-2012-4447>), [CVE-2012-4564](<https://access.redhat.com/security/cve/CVE-2012-4564>), [CVE-2012-5581](<https://access.redhat.com/security/cve/CVE-2012-5581>)\n\nMitre: [CVE-2012-3401](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401>), [CVE-2012-4447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447>), [CVE-2012-4564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564>), [CVE-2012-5581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5581>)\n", "cvss3": {}, "published": "2012-12-20T13:55:00", "type": "amazon", "title": "Medium: libtiff", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2014-09-14T17:20:00", "id": "ALAS-2012-147", "href": "https://alas.aws.amazon.com/ALAS-2012-147.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:49", "description": "[3.9.4-9]\n- Still more fixes to make test case for CVE-2012-5581 work on all platforms\nResolves: #885310\n[3.9.4-8]\n- Fix incomplete patch for CVE-2012-3401\n- Add libtiff-tiffinfo-exif.patch so that our test case for CVE-2012-5581 works\n with pre-4.0.2 libtiff\nResolves: #885310\n[3.9.4-7]\n- Add fixes for CVE-2012-3401, CVE-2012-4447, CVE-2012-4564, CVE-2012-5581\nResolves: #885310", "cvss3": {}, "published": "2012-12-18T00:00:00", "type": "oraclelinux", "title": "libtiff security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2012-3401"], "modified": "2012-12-18T00:00:00", "id": "ELSA-2012-1590", "href": "http://linux.oracle.com/errata/ELSA-2012-1590.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T18:37:14", "description": "The libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff processed\ncertain TIFF images using the Pixar Log Format encoding. An attacker could\ncreate a specially-crafted TIFF file that, when opened, could cause an\napplication using libtiff to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff handled\nDOTRANGE tags. An attacker could use this flaw to create a\nspecially-crafted TIFF file that, when opened, would cause an application\nlinked against libtiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An\nattacker could use this flaw to create a specially-crafted TIFF file that\nwould cause tiff2pdf to crash or, possibly, execute arbitrary code.\n(CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer overflow,\nwas found in the ppm2tiff tool. An attacker could use this flaw to create a\nspecially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff\nto crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n\nThe CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered\nby Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nAll libtiff users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. All running applications linked\nagainst libtiff must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2012-12-18T00:00:00", "type": "redhat", "title": "(RHSA-2012:1590) Moderate: libtiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2018-06-06T16:24:20", "id": "RHSA-2012:1590", "href": "https://access.redhat.com/errata/RHSA-2012:1590", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2013-01-12T00:28:00", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: libtiff-4.0.3-2.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2013-01-12T00:28:00", "id": "FEDORA:ED3E52141F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCYJ2QY2J3LGLSNONCRIAZ6XFSON5ZIU/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2012-12-31T03:28:09", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: libtiff-3.9.7-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2012-12-31T03:28:09", "id": "FEDORA:CCD3B20910", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AK3NLJXSYSFDVQZMO6JCD22AOKZGLSHC/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2012-12-31T03:24:28", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: libtiff-3.9.7-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1173", "CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2012-12-31T03:24:28", "id": "FEDORA:EFC6120A0B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D6L4FC7QNUELLKW3A3PH7P5BMQPOXYBB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2013-05-19T02:40:19", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: libtiff-3.9.7-2.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2013-1960", "CVE-2013-1961"], "modified": "2013-05-19T02:40:19", "id": "FEDORA:6358C20F03", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NOI4W2LXUKM37WN7YNXTMR3HV343PIXZ/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2013-05-14T01:23:41", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: libtiff-4.0.3-6.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2013-1960", "CVE-2013-1961"], "modified": "2013-05-14T01:23:41", "id": "FEDORA:7E8DE20FF3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MMQU644HFLOEYXCO5FP4J4ZIV5VP5FTY/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2013-08-18T00:38:46", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: libtiff-4.0.3-8.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232"], "modified": "2013-08-18T00:38:46", "id": "FEDORA:D99B1227A9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FPZ7GIKTOCSOJ63NJGCPSKHO5AMR6XFH/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2013-09-18T12:58:47", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: libtiff-4.0.3-9.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232", "CVE-2013-4244"], "modified": "2013-09-18T12:58:47", "id": "FEDORA:7D3BF21339", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N7BKBQHK4BRJWOWYDMKPBXG7UZ6TM654/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2014-06-10T03:14:08", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mingw-libtiff-4.0.3-4.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232", "CVE-2013-4243", "CVE-2013-4244"], "modified": "2014-06-10T03:14:08", "id": "FEDORA:E24572267F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDA4527VYM7AM7E5P3XWUQR37O6YXYL5/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2014-06-10T02:56:35", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mingw-libtiff-4.0.3-4.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232", "CVE-2013-4243", "CVE-2013-4244"], "modified": "2014-06-10T02:56:35", "id": "FEDORA:EB9A520F6A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SBXZXTMSPP5CHVYE6UWFAY43IU25DWHH/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2012-07-26T22:24:04", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: libtiff-3.9.6-2.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401"], "modified": "2012-07-26T22:24:04", "id": "FEDORA:C5348206A5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UMAABKEZFUF6UUVSQICKCQVO3AHMUCRL/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files. ", "cvss3": {}, "published": "2012-08-09T23:17:58", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: libtiff-3.9.6-2.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1173", "CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401"], "modified": "2012-08-09T23:17:58", "id": "FEDORA:9711620BDA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XDQMX7ADYYDTKHS3XPPKWZQYZTCKWYUR/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:45:38", "description": "**CentOS Errata and Security Advisory** CESA-2012:1590\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files.\n\nA heap-based buffer overflow flaw was found in the way libtiff processed\ncertain TIFF images using the Pixar Log Format encoding. An attacker could\ncreate a specially-crafted TIFF file that, when opened, could cause an\napplication using libtiff to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2012-4447)\n\nA stack-based buffer overflow flaw was found in the way libtiff handled\nDOTRANGE tags. An attacker could use this flaw to create a\nspecially-crafted TIFF file that, when opened, would cause an application\nlinked against libtiff to crash or, possibly, execute arbitrary code.\n(CVE-2012-5581)\n\nA heap-based buffer overflow flaw was found in the tiff2pdf tool. An\nattacker could use this flaw to create a specially-crafted TIFF file that\nwould cause tiff2pdf to crash or, possibly, execute arbitrary code.\n(CVE-2012-3401)\n\nA missing return value check flaw, leading to a heap-based buffer overflow,\nwas found in the ppm2tiff tool. An attacker could use this flaw to create a\nspecially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff\nto crash or, possibly, execute arbitrary code. (CVE-2012-4564)\n\nThe CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered\nby Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nAll libtiff users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. All running applications linked\nagainst libtiff must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-December/068512.html\nhttps://lists.centos.org/pipermail/centos-announce/2012-December/068513.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\nlibtiff-static\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:1590", "cvss3": {}, "published": "2012-12-19T01:20:39", "type": "centos", "title": "libtiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401", "CVE-2012-4447", "CVE-2012-4564", "CVE-2012-5581"], "modified": "2012-12-19T16:28:13", "id": "CESA-2012:1590", "href": "https://lists.centos.org/pipermail/centos-announce/2012-December/068512.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:49", "description": "Buffer overflow on PixarLog comperssion parsing, ppm2tiff buffer overflow.", "edition": 1, "cvss3": {}, "published": "2012-11-18T00:00:00", "type": "securityvulns", "title": "libtiff buffer overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564"], "modified": "2012-11-18T00:00:00", "id": "SECURITYVULNS:VULN:12671", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12671", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:48", "description": "Code exeucution on tiff parsing.", "edition": 1, "cvss3": {}, "published": "2012-08-13T00:00:00", "type": "securityvulns", "title": "libtiff tiff2pdf code execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2012-08-13T00:00:00", "id": "SECURITYVULNS:VULN:12508", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12508", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:45", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:127\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : libtiff\r\n Date : August 8, 2012\r\n Affected: 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability was found and corrected in libtiff:\r\n \r\n A heap-based buffer overflow flaw was found in the way tiff2pdf, a\r\n TIFF image to a PDF document conversion tool, of libtiff, a library\r\n of functions for manipulating TIFF (Tagged Image File Format) image\r\n format files, performed write of TIFF image content into particular PDF\r\n document file, when not properly initialized T2P context struct pointer\r\n has been provided by tiff2pdf (application requesting the conversion)\r\n as one of parameters for the routine performing the write. A remote\r\n attacker could provide a specially-crafted TIFF image format file,\r\n that when processed by tiff2pdf would lead to tiff2pdf executable\r\n crash or, potentially, arbitrary code execution with the privileges\r\n of the user running the tiff2pdf binary (CVE-2012-3401).\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2011:\r\n 415c8a711e94429c4187a4620f9d3eec 2011/i586/libtiff3-3.9.5-1.3-mdv2011.0.i586.rpm\r\n b99c8d1bfa16a1158a3e03692ba56335 2011/i586/libtiff-devel-3.9.5-1.3-mdv2011.0.i586.rpm\r\n a96608f5fae7aa711d1b64cbc76ca752 2011/i586/libtiff-progs-3.9.5-1.3-mdv2011.0.i586.rpm\r\n 11a1fb628ef761d33294aef1eff34565 2011/i586/libtiff-static-devel-3.9.5-1.3-mdv2011.0.i586.rpm \r\n 9a9505df7408b0c75192ac502fd18504 2011/SRPMS/libtiff-3.9.5-1.3.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n c18a5d5069de99d93b3411998e6960d0 2011/x86_64/lib64tiff3-3.9.5-1.3-mdv2011.0.x86_64.rpm\r\n e326395e5ddf305ac322d1c57f436cd4 2011/x86_64/lib64tiff-devel-3.9.5-1.3-mdv2011.0.x86_64.rpm\r\n c8de4431798dcbd235c82e8764d348ad 2011/x86_64/lib64tiff-static-devel-3.9.5-1.3-mdv2011.0.x86_64.rpm\r\n ba66bfb07baed4c0848a64c2b7d94183 2011/x86_64/libtiff-progs-3.9.5-1.3-mdv2011.0.x86_64.rpm \r\n 9a9505df7408b0c75192ac502fd18504 2011/SRPMS/libtiff-3.9.5-1.3.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 3e94f2cd1306ce817f03b9e0d383d87a mes5/i586/libtiff3-3.8.2-12.8mdvmes5.2.i586.rpm\r\n c08735b0c0f665235f422b05b59aaaae mes5/i586/libtiff3-devel-3.8.2-12.8mdvmes5.2.i586.rpm\r\n fad7566f026aefd3fbae97f48e02aa91 mes5/i586/libtiff3-static-devel-3.8.2-12.8mdvmes5.2.i586.rpm\r\n 1b5263306ed5890541f2ebcd5374aad9 mes5/i586/libtiff-progs-3.8.2-12.8mdvmes5.2.i586.rpm \r\n 4c0ee36afa646eaeaae78bdf425c399d mes5/SRPMS/libtiff-3.8.2-12.8mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 09c6eddf7c45e53fe672c40fdefc7f6f mes5/x86_64/lib64tiff3-3.8.2-12.8mdvmes5.2.x86_64.rpm\r\n 7cde1e5ae217118a09ab14b898e59563 mes5/x86_64/lib64tiff3-devel-3.8.2-12.8mdvmes5.2.x86_64.rpm\r\n af9cb316c7a9a130267d089c1cfd64a5 mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.8mdvmes5.2.x86_64.rpm\r\n 2a716b33ff39a3518f57a4757c6c585c mes5/x86_64/libtiff-progs-3.8.2-12.8mdvmes5.2.x86_64.rpm \r\n 4c0ee36afa646eaeaae78bdf425c399d mes5/SRPMS/libtiff-3.8.2-12.8mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFQIjWKmqjQ0CJFipgRAu9aAKCFPFCguG+r8YzSC6NoNbuJqDHbowCfSCaK\r\nzRjfu/1Oe46lSLkAwaBsCqM=\r\n=3KUE\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-08-13T00:00:00", "title": "[ MDVSA-2012:127 ] libtiff", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2012-08-13T00:00:00", "id": "SECURITYVULNS:DOC:28360", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28360", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:49", "description": "Crash on malformed DOTRANGE tag.", "edition": 1, "cvss3": {}, "published": "2012-12-07T00:00:00", "type": "securityvulns", "title": "libtiff library DoS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2012-12-07T00:00:00", "id": "SECURITYVULNS:VULN:12745", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12745", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1655-1\r\nDecember 05, 2012\r\n\r\ntiff vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nPrograms that use LibTIFF could be made to crash or run programs if they\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- tiff: Tag Image File Format (TIFF) library\r\n\r\nDetails:\r\n\r\nIt was discovered that LibTIFF incorrectly handled certain malformed\r\nimages using the DOTRANGE tag. If a user or automated system were\r\ntricked into opening a specially crafted TIFF image, a remote attacker\r\ncould crash the application, leading to a denial of service, or possibly\r\nexecute arbitrary code with user privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n libtiff4 3.9.5-2ubuntu1.4\r\n\r\nUbuntu 11.10:\r\n libtiff4 3.9.5-1ubuntu1.5\r\n\r\nUbuntu 10.04 LTS:\r\n libtiff4 3.9.2-2ubuntu0.12\r\n\r\nUbuntu 8.04 LTS:\r\n libtiff4 3.8.2-7ubuntu3.16\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1655-1\r\n CVE-2012-5581\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.4\r\n https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.5\r\n https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.12\r\n https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.16\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "cvss3": {}, "published": "2012-12-07T00:00:00", "title": "[USN-1655-1] LibTIFF vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28800", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28800", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2561-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nOctober 21, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : tiff\r\nVulnerability : buffer overflow\r\nProblem type : local(remote)\r\nDebian-specific: no\r\nCVE ID : CVE-2012-4447\r\n\r\nIt was discovered that a buffer overflow in libtiff's parsing of files\r\nusing PixarLog compression could lead to the execution of arbitrary\r\ncode.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 3.9.4-5+squeeze6.\r\n\r\nFor the testing distribution (wheezy) and the unstable distribution\r\nsid), this problem has been fixed in version 3.9.6-9 of the tiff3\r\nsource package and in version 4.0.2-4 of the tiff source package.\r\n\r\nWe recommend that you upgrade your tiff packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAlCEHHIACgkQXm3vHE4uylrbNgCgj1z+KMxqNBioKct5cwa7qD6S\r\nP2IAnjjisFo2oDGBS3cH4IECT7CVYxOd\r\n=4Wjs\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-10-28T00:00:00", "title": "[SECURITY] [DSA 2561-1] tiff security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447"], "modified": "2012-10-28T00:00:00", "id": "SECURITYVULNS:DOC:28685", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28685", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2023-01-26T13:35:54", "description": "## Releases\n\n * Ubuntu 12.10 \n * Ubuntu 12.04 \n * Ubuntu 11.10 \n * Ubuntu 10.04 \n * Ubuntu 8.04 \n\n## Packages\n\n * tiff \\- Tag Image File Format (TIFF) library\n\nIt was discovered that LibTIFF incorrectly handled certain malformed images \nusing the PixarLog compression format. If a user or automated system were \ntricked into opening a specially crafted TIFF image, a remote attacker \ncould crash the application, leading to a denial of service, or possibly \nexecute arbitrary code with user privileges. (CVE-2012-4447)\n\nHuzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly \nhandled certain malformed PPM images. If a user or automated system were \ntricked into opening a specially crafted PPM image, a remote attacker could \ncrash the application, leading to a denial of service, or possibly execute \narbitrary code with user privileges. (CVE-2012-4564)\n", "cvss3": {}, "published": "2012-11-15T00:00:00", "type": "ubuntu", "title": "LibTIFF vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564"], "modified": "2012-11-15T00:00:00", "id": "USN-1631-1", "href": "https://ubuntu.com/security/notices/USN-1631-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:36:39", "description": "## Releases\n\n * Ubuntu 12.04 \n * Ubuntu 11.10 \n * Ubuntu 11.04 \n * Ubuntu 10.04 \n * Ubuntu 8.04 \n\n## Packages\n\n * tiff \\- Tag Image File Format (TIFF) library\n\nHuzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly \nhandled certain malformed TIFF images. If a user or automated system were \ntricked into opening a specially crafted TIFF image, a remote attacker \ncould crash the application, leading to a denial of service, or possibly \nexecute arbitrary code with user privileges.\n", "cvss3": {}, "published": "2012-07-19T00:00:00", "type": "ubuntu", "title": "tiff vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2012-07-19T00:00:00", "id": "USN-1511-1", "href": "https://ubuntu.com/security/notices/USN-1511-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:35:45", "description": "## Releases\n\n * Ubuntu 12.04 \n * Ubuntu 11.10 \n * Ubuntu 10.04 \n * Ubuntu 8.04 \n\n## Packages\n\n * tiff \\- Tag Image File Format (TIFF) library\n\nIt was discovered that LibTIFF incorrectly handled certain malformed \nimages using the DOTRANGE tag. If a user or automated system were \ntricked into opening a specially crafted TIFF image, a remote attacker \ncould crash the application, leading to a denial of service, or possibly \nexecute arbitrary code with user privileges.\n", "cvss3": {}, "published": "2012-12-05T00:00:00", "type": "ubuntu", "title": "LibTIFF vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2012-12-05T00:00:00", "id": "USN-1655-1", "href": "https://ubuntu.com/security/notices/USN-1655-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:29:23", "description": "The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF\n4.0.2 and earlier does not properly initialize the T2P context struct\npointer in certain error conditions, which allows context-dependent\nattackers to cause a denial of service (crash) and possibly execute\narbitrary code via a crafted TIFF image that triggers a heap-based buffer\noverflow.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=837577>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682195>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682115>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | not included in 4.0.2 tiff2pdf is not packaged in tiff3 in quantal\n", "cvss3": {}, "published": "2012-07-19T00:00:00", "type": "ubuntucve", "title": "CVE-2012-3401", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2012-07-19T00:00:00", "id": "UB:CVE-2012-3401", "href": "https://ubuntu.com/security/CVE-2012-3401", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:27:39", "description": "ppm2tiff does not check the return value of the TIFFScanlineSize function,\nwhich allows remote attackers to cause a denial of service (crash) and\npossibly execute arbitrary code via a crafted PPM image that triggers an\ninteger overflow, a zero-memory allocation, and a heap-based buffer\noverflow.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692345>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4564>\n", "cvss3": {}, "published": "2012-11-11T00:00:00", "type": "ubuntucve", "title": "CVE-2012-4564", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4564"], "modified": "2012-11-11T00:00:00", "id": "UB:CVE-2012-4564", "href": "https://ubuntu.com/security/CVE-2012-4564", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:27:21", "description": "Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows\nremote attackers to cause a denial of service (crash) and possibly execute\narbitrary code via a crafted DOTRANGE tag in a TIFF image.", "cvss3": {}, "published": "2012-11-28T00:00:00", "type": "ubuntucve", "title": "CVE-2012-5581", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2012-11-28T00:00:00", "id": "UB:CVE-2012-5581", "href": "https://ubuntu.com/security/CVE-2012-5581", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:27:45", "description": "Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows\nremote attackers to cause a denial of service (application crash) and\npossibly execute arbitrary code via a crafted TIFF image using the PixarLog\nCompression format.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=860198>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688944>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | as of 2012-10-05, patch may be incomplete. See oss-security discussion. incomplete fix in 4.0.2\n", "cvss3": {}, "published": "2012-10-28T00:00:00", "type": "ubuntucve", "title": "CVE-2012-4447", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447"], "modified": "2012-10-28T00:00:00", "id": "UB:CVE-2012-4447", "href": "https://ubuntu.com/security/CVE-2012-4447", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:36:19", "description": "The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.", "cvss3": {}, "published": "2012-08-13T20:55:00", "type": "cve", "title": "CVE-2012-3401", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:libtiff:libtiff:3.7.0", "cpe:/a:libtiff:libtiff:3.9.3", "cpe:/a:libtiff:libtiff:4.0.1", "cpe:/a:libtiff:libtiff:4.0", "cpe:/a:libtiff:libtiff:3.9.1", "cpe:/a:libtiff:libtiff:3.7.3", "cpe:/a:libtiff:libtiff:3.7.1", "cpe:/a:libtiff:libtiff:3.6.1", "cpe:/a:libtiff:libtiff:3.9.0", "cpe:/a:libtiff:libtiff:3.5.4", "cpe:/a:libtiff:libtiff:3.5.2", "cpe:/a:libtiff:libtiff:3.5.3", "cpe:/a:libtiff:libtiff:4.0.2", "cpe:/a:libtiff:libtiff:3.9.2-5.2.1", "cpe:/a:libtiff:libtiff:3.5.7", "cpe:/a:libtiff:libtiff:3.8.1", "cpe:/a:libtiff:libtiff:3.9.4", "cpe:/a:libtiff:libtiff:3.5.5", "cpe:/a:libtiff:libtiff:3.7.2", "cpe:/a:libtiff:libtiff:3.9.2", "cpe:/a:libtiff:libtiff:3.5.1", "cpe:/a:libtiff:libtiff:3.7.4", "cpe:/a:libtiff:libtiff:3.4", "cpe:/a:libtiff:libtiff:3.9", "cpe:/a:libtiff:libtiff:3.8.2", "cpe:/a:libtiff:libtiff:3.8.0", "cpe:/a:libtiff:libtiff:3.6.0", "cpe:/a:libtiff:libtiff:3.5.6"], "id": "CVE-2012-3401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3401", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:58:20", "description": "ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.", "cvss3": {}, "published": "2012-11-11T13:00:00", "type": "cve", "title": "CVE-2012-4564", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4564"], "modified": "2020-11-12T13:48:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:libtiff:libtiff:4.0.3", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:redhat:enterprise_linux_eus:6.3", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:redhat:enterprise_linux_desktop:5.0"], "id": "CVE-2012-4564", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4564", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:18:36", "description": "Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.", "cvss3": {}, "published": "2013-01-04T22:55:00", "type": "cve", "title": "CVE-2012-5581", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2017-11-30T02:29:00", "cpe": ["cpe:/a:libtiff:libtiff:3.7.0", "cpe:/a:libtiff:libtiff:4.0.1", "cpe:/a:libtiff:libtiff:3.9.3", "cpe:/a:libtiff:libtiff:3.9.5", "cpe:/a:libtiff:libtiff:4.0", "cpe:/a:libtiff:libtiff:3.9.1", "cpe:/a:libtiff:libtiff:3.7.3", "cpe:/a:libtiff:libtiff:3.7.1", "cpe:/a:libtiff:libtiff:3.6.1", "cpe:/a:libtiff:libtiff:3.9.0", "cpe:/a:libtiff:libtiff:3.5.4", "cpe:/a:libtiff:libtiff:3.5.2", "cpe:/a:libtiff:libtiff:3.5.3", "cpe:/a:libtiff:libtiff:3.9.2-5.2.1", "cpe:/a:libtiff:libtiff:3.5.7", "cpe:/a:libtiff:libtiff:3.8.1", "cpe:/a:libtiff:libtiff:3.9.4", "cpe:/a:libtiff:libtiff:3.5.5", "cpe:/a:libtiff:libtiff:3.7.2", "cpe:/a:libtiff:libtiff:3.9.2", "cpe:/a:libtiff:libtiff:3.5.1", "cpe:/a:libtiff:libtiff:3.7.4", "cpe:/a:libtiff:libtiff:3.4", "cpe:/a:libtiff:libtiff:3.9", "cpe:/a:libtiff:libtiff:3.8.2", "cpe:/a:libtiff:libtiff:3.6.0", "cpe:/a:libtiff:libtiff:3.8.0", "cpe:/a:libtiff:libtiff:3.5.6"], "id": "CVE-2012-5581", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5581", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:55:56", "description": "Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.", "cvss3": {}, "published": "2012-10-28T15:55:00", "type": "cve", "title": "CVE-2012-4447", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447"], "modified": "2013-02-08T04:53:00", "cpe": ["cpe:/a:libtiff:libtiff:3.7.0", "cpe:/a:libtiff:libtiff:3.9.3", "cpe:/a:libtiff:libtiff:4.0.1", "cpe:/a:libtiff:libtiff:3.9.5", "cpe:/a:libtiff:libtiff:4.0", "cpe:/a:libtiff:libtiff:3.9.1", "cpe:/a:libtiff:libtiff:3.7.3", "cpe:/a:libtiff:libtiff:3.7.1", "cpe:/a:libtiff:libtiff:3.6.1", "cpe:/a:libtiff:libtiff:3.9.0", "cpe:/a:libtiff:libtiff:3.5.2", "cpe:/a:libtiff:libtiff:3.5.4", "cpe:/a:libtiff:libtiff:3.5.3", "cpe:/a:libtiff:libtiff:4.0.2", "cpe:/a:libtiff:libtiff:3.9.2-5.2.1", "cpe:/a:libtiff:libtiff:3.5.7", "cpe:/a:libtiff:libtiff:3.8.1", "cpe:/a:libtiff:libtiff:3.9.4", "cpe:/a:libtiff:libtiff:3.5.5", "cpe:/a:libtiff:libtiff:3.7.2", "cpe:/a:libtiff:libtiff:3.9.2", "cpe:/a:libtiff:libtiff:3.5.1", "cpe:/a:libtiff:libtiff:3.7.4", "cpe:/a:libtiff:libtiff:3.4", "cpe:/a:libtiff:libtiff:3.9", "cpe:/a:libtiff:libtiff:3.8.2", "cpe:/a:libtiff:libtiff:3.6.0", "cpe:/a:libtiff:libtiff:3.8.0", "cpe:/a:libtiff:libtiff:3.5.6"], "id": "CVE-2012-4447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4447", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-01-26T06:07:33", "description": "The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.", "cvss3": {}, "published": "2012-08-13T20:55:00", "type": "debiancve", "title": "CVE-2012-3401", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3401"], "modified": "2012-08-13T20:55:00", "id": "DEBIANCVE:CVE-2012-3401", "href": "https://security-tracker.debian.org/tracker/CVE-2012-3401", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T06:07:33", "description": "ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.", "cvss3": {}, "published": "2012-11-11T13:00:00", "type": "debiancve", "title": "CVE-2012-4564", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4564"], "modified": "2012-11-11T13:00:00", "id": "DEBIANCVE:CVE-2012-4564", "href": "https://security-tracker.debian.org/tracker/CVE-2012-4564", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T06:07:33", "description": "Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.", "cvss3": {}, "published": "2013-01-04T22:55:00", "type": "debiancve", "title": "CVE-2012-5581", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2013-01-04T22:55:00", "id": "DEBIANCVE:CVE-2012-5581", "href": "https://security-tracker.debian.org/tracker/CVE-2012-5581", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T06:07:33", "description": "Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.", "cvss3": {}, "published": "2012-10-28T15:55:00", "type": "debiancve", "title": "CVE-2012-4447", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447"], "modified": "2012-10-28T15:55:00", "id": "DEBIANCVE:CVE-2012-4447", "href": "https://security-tracker.debian.org/tracker/CVE-2012-4447", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:30:23", "description": "\nIt was discovered that ppm2tiff of the TIFF tools, a set of utilities\nfor TIFF manipulation and conversion, is not properly checking the return\nvalue of an internal function used in order to detect integer overflows.\nAs a consequence, ppm2tiff suffers of a heap-based buffer overflow.\nThis allows attacker to potentially execute arbitrary code via a crafted\nPPM image, especially in scenarios in which images are automatically\nprocessed.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze7.\n\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.2-5.\n\n\nWe recommend that you upgrade your tiff packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2012-11-18T00:00:00", "type": "osv", "title": "tiff - heap overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4564"], "modified": "2022-07-21T05:47:50", "id": "OSV:DSA-2575-1", "href": "https://osv.dev/vulnerability/DSA-2575-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:09:05", "description": "\nThe tiff library for handling TIFF image files contained a stack-based\nbuffer overflow, potentially allowing attackers who can submit such\nfiles to a vulnerable system to execute arbitrary code.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze8.\n\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.2-1 of the tiff\npackage, and version 3.9.6-10 of the tiff3 package.\n\n\nWe recommend that you upgrade your tiff packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2012-12-16T00:00:00", "type": "osv", "title": "tiff - buffer overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2022-08-10T07:08:58", "id": "OSV:DSA-2589-1", "href": "https://osv.dev/vulnerability/DSA-2589-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:30:26", "description": "\nIt was discovered that a buffer overflow in libtiff's parsing of files\nusing PixarLog compression could lead to the execution of arbitrary\ncode.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze6.\n\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 3.9.6-9 of the tiff3\nsource package and in version 4.0.2-4 of the tiff source package.\n\n\nWe recommend that you upgrade your tiff packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2012-10-21T00:00:00", "type": "osv", "title": "tiff - buffer overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447"], "modified": "2022-07-21T05:47:49", "id": "OSV:DSA-2561-1", "href": "https://osv.dev/vulnerability/DSA-2561-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:30:32", "description": "\nSeveral vulnerabilities were discovered in TIFF, a library set and tools \nto support the Tag Image File Format (TIFF), allowing denial of service and\npotential privilege escalation.\n\n\nThese vulnerabilities can be exploited via a specially crafted TIFF image.\n\n\n* [CVE-2012-2113](https://security-tracker.debian.org/tracker/CVE-2012-2113)\nThe tiff2pdf utility has an integer overflow error when parsing images.\n* [CVE-2012-3401](https://security-tracker.debian.org/tracker/CVE-2012-3401)\nHuzaifa Sidhpurwala discovered heap-based buffer overflow in the \n t2p\\_read\\_tiff\\_init() function.\n* [CVE-2010-2482](https://security-tracker.debian.org/tracker/CVE-2010-2482)\nAn invalid td\\_stripbytecount field is not properly handle and can trigger a\n NULL pointer dereference.\n* [CVE-2010-2595](https://security-tracker.debian.org/tracker/CVE-2010-2595)\nAn array index error, related to downsampled OJPEG input in the\n TIFFYCbCrtoRGB function causes an unexpected crash.\n* [CVE-2010-2597](https://security-tracker.debian.org/tracker/CVE-2010-2597)\nAlso related to downsampled OJPEG input, the TIFFVStripSize function crash\n unexpectly.\n* [CVE-2010-2630](https://security-tracker.debian.org/tracker/CVE-2010-2630)\nThe TIFFReadDirectory function does not properly validate the data types of \n codec-specific tags that have an out-of-order position in a TIFF file.\n* [CVE-2010-4665](https://security-tracker.debian.org/tracker/CVE-2010-4665)\nThe tiffdump utility has an integer overflow in the ReadDirectory function.\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 3.9.4-5+squeeze5.\n\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 4.0.2-2.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.2-2.\n\n\nWe recommend that you upgrade your tiff packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "osv", "title": "tiff - several", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2113", "CVE-2010-2595", "CVE-2010-2482", "CVE-2010-4665", "CVE-2012-3401", "CVE-2010-2597", "CVE-2012-2088", "CVE-2010-2630"], "modified": "2022-07-21T05:47:48", "id": "OSV:DSA-2552-1", "href": "https://osv.dev/vulnerability/DSA-2552-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T23:45:22", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2575-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nNovember 18, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tiff\nVulnerability : heap-based buffer overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2012-4564\n\nIt was discovered that ppm2tiff of the tiff tools, a set of utilities\nfor TIFF manipulation and conversion, is not properly checking the return\nvalue of an internal function used in order to detect integer overflows.\nAs a consequence, ppm2tiff suffers of a heap-based buffer overflow.\nThis allows attacker to potentially execute arbitrary code via a crafted\nppm image, especially in scenarios in which images are automatically\nprocessed.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze7.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.0.2-5.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-11-18T14:22:07", "type": "debian", "title": "[SECURITY] [DSA 2575-1] tiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4564"], "modified": "2012-11-18T14:22:07", "id": "DEBIAN:DSA-2575-1:AAB47", "href": "https://lists.debian.org/debian-security-announce/2012/msg00219.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T23:38:40", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2589-1 security@debian.org\nhttp://www.debian.org/security/ \nDecember 16, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tiff\nVulnerability : buffer overflow\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-5581\nDebian Bug : 694693\n\nThe tiff library for handling TIFF image files contained a stack-based\nbuffer overflow, potentially allowing attackers who can submit such\nfiles to a vulnerable system to execute arbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze8.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.2-1 of the tiff\npackage, and version 3.9.6-10 of the tiff3 package.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-12-16T16:04:53", "type": "debian", "title": "[SECURITY] [DSA 2589-1] tiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5581"], "modified": "2012-12-16T16:04:53", "id": "DEBIAN:DSA-2589-1:FAE46", "href": "https://lists.debian.org/debian-security-announce/2012/msg00233.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T23:45:50", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2561-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 21, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tiff\nVulnerability : buffer overflow\nProblem type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2012-4447\n\nIt was discovered that a buffer overflow in libtiff's parsing of files\nusing PixarLog compression could lead to the execution of arbitrary\ncode.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze6.\n\nFor the testing distribution (wheezy) and the unstable distribution\nsid), this problem has been fixed in version 3.9.6-9 of the tiff3\nsource package and in version 4.0.2-4 of the tiff source package.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-10-21T16:03:07", "type": "debian", "title": "[SECURITY] [DSA 2561-1] tiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447"], "modified": "2012-10-21T16:03:07", "id": "DEBIAN:DSA-2561-1:F7874", "href": "https://lists.debian.org/debian-security-announce/2012/msg00205.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T23:46:02", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2552-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nSeptember 26, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tiff\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-2482 CVE-2010-2595 CVE-2010-2597 CVE-2010-2630 \n CVE-2010-4665 CVE-2012-2113 CVE-2012-3401\nDebian Bug : 678140\n\nSeveral vulnerabilities were discovered in Tiff, a library set and tools \nto support the Tag Image File Format (TIFF), allowing denial of service and\npotential privilege escalation.\n\nThese vulnerabilities can be exploited via a specially crafted TIFF image.\n\nCVE-2012-2113\n The tiff2pdf utility has an integer overflow error when parsing images.\n\nCVE-2012-3401\n Huzaifa Sidhpurwala discovered heap-based buffer overflow in the \n t2p_read_tiff_init() function.\n\nCVE-2010-2482\n An invalid td_stripbytecount field is not properly handle and can trigger a\n NULL pointer dereference.\n\nCVE-2010-2595\n An array index error, related to "downsampled OJPEG input." in the\n TIFFYCbCrtoRGB function causes an unexpected crash.\n\nCVE-2010-2597\n Also related to "downsampled OJPEG input", the TIFFVStripSize function crash\n unexpectly.\n\nCVE-2010-2630\n The TIFFReadDirectory function does not properly validate the data types of \n codec-specific tags that have an out-of-order position in a TIFF file.\n\nCVE-2010-4665\n The tiffdump utility has an integer overflow in the ReadDirectory function.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 3.9.4-5+squeeze5.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 4.0.2-2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.2-2.\n\nWe recommend that you upgrade your tiff packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-09-26T21:55:26", "type": "debian", "title": "[SECURITY] [DSA 2552-1] tiff security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2482", "CVE-2010-2595", "CVE-2010-2597", "CVE-2010-2630", "CVE-2010-4665", "CVE-2012-2113", "CVE-2012-3401"], "modified": "2012-09-26T21:55:26", "id": "DEBIAN:DSA-2552-1:0E29C", "href": "https://lists.debian.org/debian-security-announce/2012/msg00198.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:09:09", "description": "### Background\n\nlibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libTIFF 4.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-4.0.3-r6\"\n \n\nAll libTIFF 3.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-3.9.7-r1:3\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "gentoo", "title": "libTIFF: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4447", "CVE-2012-4564", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232", "CVE-2013-4244"], "modified": "2014-02-21T00:00:00", "id": "GLSA-201402-21", "href": "https://security.gentoo.org/glsa/201402-21", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-17T19:12:22", "description": "### Background\n\nlibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libTIFF 4.0 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-4.0.2-r1\"\n \n\nAll libTIFF 3.9 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-3.9.5-r2\"", "cvss3": {}, "published": "2012-09-23T00:00:00", "type": "gentoo", "title": "libTIFF: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2347", "CVE-2009-5022", "CVE-2010-1411", "CVE-2010-2065", "CVE-2010-2067", "CVE-2010-2233", "CVE-2010-2443", "CVE-2010-2481", "CVE-2010-2482", "CVE-2010-2483", "CVE-2010-2595", "CVE-2010-2596", "CVE-2010-2597", "CVE-2010-2630", "CVE-2010-2631", "CVE-2010-3087", "CVE-2010-4665", "CVE-2011-0192", "CVE-2011-1167", "CVE-2012-1173", "CVE-2012-2088", "CVE-2012-2113", "CVE-2012-3401"], "modified": "2014-06-02T00:00:00", "id": "GLSA-201209-02", "href": "https://security.gentoo.org/glsa/201209-02", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2021-07-28T14:46:36", "description": "New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,\n14.0, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/libtiff-3.9.7-i486-1_slack14.0.txz: Upgraded.\n Patched overflows, crashes, and out of bounds writes.\n Thanks to mancha for the backported patches.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libtiff-3.9.7-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libtiff-3.9.7-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libtiff-3.9.7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libtiff-3.9.7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libtiff-3.9.7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libtiff-3.9.7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libtiff-3.9.7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libtiff-3.9.7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libtiff-3.9.7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libtiff-3.9.7-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libtiff-3.9.7-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\n4119dd6983587cc822c926b87cabdda8 libtiff-3.9.7-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n97736443343ba31c3d041eef3560b4ae libtiff-3.9.7-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\ncff78f2b00f74132a47a4e16ede860c9 libtiff-3.9.7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nde4d32b50320fc281e735c25f1556450 libtiff-3.9.7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\neacdd28fc4c28f3fb557f63bc8b91ceb libtiff-3.9.7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nd09b713720b2405b46f275dbeb0cb44f libtiff-3.9.7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n89bee8ce291da41be1b094820d339f36 libtiff-3.9.7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nff80be9f6782f5abd15fc8f61453671f libtiff-3.9.7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nb46e7c734d91c5f244f29ddaf4e63575 libtiff-3.9.7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n8f191ca18a44da5f0dbab9eefba93db6 libtiff-3.9.7-x86_64-1_slack14.0.txz\n\nSlackware -current package:\n68f02cadea225a0f1d1e085842bc9f43 l/libtiff-3.9.7-i486-1.txz\n\nSlackware x86_64 -current package:\n77b0fa68c52be40b5d9a1037a8925f70 l/libtiff-3.9.7-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libtiff-3.9.7-i486-1_slack14.0.txz", "cvss3": {}, "published": "2013-10-18T19:38:32", "type": "slackware", "title": "[slackware-security] libtiff", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2088", "CVE-2012-2113", "CVE-2012-4447", "CVE-2012-4564", "CVE-2013-1960", "CVE-2013-1961", "CVE-2013-4231", "CVE-2013-4232", "CVE-2013-4244"], "modified": "2013-10-18T19:38:32", "id": "SSA-2013-290-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.543193", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
RedHat Update for libtiff RHSA-2012:1590-01
