Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2017:0225
HistoryFeb 01, 2017 - 7:02 a.m.

(RHSA-2017:0225) Moderate: libtiff security update

2017-02-0107:02:26
access.redhat.com
60

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)

  • Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536)

OSVersionArchitecturePackageVersionFilename
RedHat6i686libtiff-debuginfo< 3.9.4-21.el6_8libtiff-debuginfo-3.9.4-21.el6_8.i686.rpm
RedHat6x86_64libtiff-debuginfo< 3.9.4-21.el6_8libtiff-debuginfo-3.9.4-21.el6_8.x86_64.rpm
RedHat7ppc64libtiff-debuginfo< 4.0.3-27.el7_3libtiff-debuginfo-4.0.3-27.el7_3.ppc64.rpm
RedHat6i686libtiff-devel< 3.9.4-21.el6_8libtiff-devel-3.9.4-21.el6_8.i686.rpm
RedHat7s390libtiff-static< 4.0.3-27.el7_3libtiff-static-4.0.3-27.el7_3.s390.rpm
RedHat7s390xlibtiff-tools< 4.0.3-27.el7_3libtiff-tools-4.0.3-27.el7_3.s390x.rpm
RedHat6s390libtiff< 3.9.4-21.el6_8libtiff-3.9.4-21.el6_8.s390.rpm
RedHat7ppc64lelibtiff-static< 4.0.3-27.el7_3libtiff-static-4.0.3-27.el7_3.ppc64le.rpm
RedHat7ppc64lelibtiff< 4.0.3-27.el7_3libtiff-4.0.3-27.el7_3.ppc64le.rpm
RedHat7s390libtiff-devel< 4.0.3-27.el7_3libtiff-devel-4.0.3-27.el7_3.s390.rpm
Rows per page:
1-10 of 591

Related

nessus 31
openvas 25
oraclelinux 1
freebsd 1
amazon 1
centos 1
f5 2
ubuntucve 8
debian 5
osv 6
debiancve 8
veracode 9
cve 9
prion 9
redhatcve 7
checkpoint_advisories 1
talos 1
seebug 1
alpinelinux 1
ubuntu 2
cloudfoundry 1
threatpost 1
archlinux 2
ibm 2
altlinux 1
slackware 1
suse 1
apple 2
mageia 1
gentoo 1
nessus
nessus
CentOS 6 / 7 : libtiff (CESA-2017:0225)
2017-02-02 00:00:00
FreeBSD : tiff -- multiple vulnerabilities (fb74eacc-ec8a-11e6-bc8a-0011d823eebd)
2017-02-07 00:00:00
EulerOS 2.0 SP1 : libtiff (EulerOS-SA-2017-1019)
2017-05-01 00:00:00
openvas
openvas
CentOS Update for libtiff CESA-2017:0225 centos6
2017-02-03 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2017-1020)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2017-1019)
2020-01-23 00:00:00
oraclelinux
oraclelinux
libtiff security update
2017-02-01 00:00:00
freebsd
freebsd
tiff -- multiple vulnerabilities
2016-11-19 00:00:00
amazon
amazon
Medium: libtiff, compat-libtiff3
2017-03-06 14:00:00
centos
centos
libtiff security update
2017-02-01 12:51:43
f5
f5
K45593826 : LibTIFF vulnerabilities CVE-2015-8870, CVE-2016-5652, CVE-2016-9536, CVE-2016-9537, and CVE-2016-9540
2017-04-12 00:00:00
K34527393 : LibTIFF vulnerabilities CVE-2016-9533, CVE-2016-9534, and CVE-2016-9535
2017-04-12 00:00:00
ubuntucve
ubuntucve
CVE-2016-9536
2016-11-22 00:00:00
CVE-2016-9534
2016-11-22 00:00:00
CVE-2016-9537
2016-11-22 00:00:00
debian
debian
[SECURITY] [DLA 795-1] tiff security update
2017-01-23 23:01:22
[SECURITY] [DLA 880-1] tiff3 security update
2017-03-30 19:36:30
[SECURITY] [DSA 3762-1] tiff security update
2017-01-13 15:45:16
osv
osv
tiff3 - security update
2017-03-30 00:00:00
tiff - security update
2017-01-23 00:00:00
CVE-2016-5652
2017-01-06 21:59:01
debiancve
debiancve
CVE-2015-8870
2016-12-06 18:59:00
CVE-2016-9540
2016-11-22 19:59:00
CVE-2016-9535
2016-11-22 19:59:00
veracode
veracode
Out-of-bounds Write
2019-05-02 06:09:59
Denial Of Service (DoS)
2019-01-15 09:15:37
Denial Of Service (DoS)
2018-08-01 02:51:10
cve
cve
CVE-2016-9537
2016-11-22 19:59:00
CVE-2016-9534
2016-11-22 19:59:00
CVE-2015-8870
2016-12-06 18:59:00
prion
prion
Integer overflow
2016-12-06 18:59:00
Heap overflow
2016-11-22 19:59:00
Heap overflow
2016-11-22 19:59:00
redhatcve
redhatcve
CVE-2016-9540
2016-11-23 17:18:49
CVE-2016-9535
2016-11-23 17:18:06
CVE-2016-9536
2016-11-23 17:19:09
checkpoint_advisories
checkpoint_advisories
LibTIFF tiffcrop Integer Overflow (CVE-2016-9537)
2017-06-05 00:00:00
talos
talos
LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability
2016-10-25 00:00:00
seebug
seebug
LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability(CVE-2016-5652)
2017-10-12 00:00:00
alpinelinux
alpinelinux
CVE-2016-5652
2017-01-06 21:59:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2017-07-19 00:00:00
LibTIFF vulnerabilities
2017-02-27 00:00:00
cloudfoundry
cloudfoundry
USN-3212-1: LibTIFF vulnerabilities | Cloud Foundry
2017-03-17 00:00:00
threatpost
threatpost
Remote Code Execution Vulnerabilities Plague LibTIFF Library
2016-10-26 12:34:20
archlinux
archlinux
[ASA-201611-26] libtiff: multiple issues
2016-11-25 00:00:00
[ASA-201611-27] lib32-libtiff: multiple issues
2016-11-25 00:00:00
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF
2023-12-07 22:45:03
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF
2023-12-07 22:45:02
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.0.10.0.57.f9fc01c3-alt1
2019-04-09 00:00:00
slackware
slackware
[slackware-security] libtiff
2017-04-08 20:11:36
suse
suse
Security update for tiff (important)
2016-12-07 15:08:51
apple
apple
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support
2017-08-29 02:52:03
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
2017-03-27 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2017-07-01 10:04:05
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2017-01-09 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON
Related for RHSA-2017:0225
nessus31openvas25oraclelinux1freebsd1amazon1centos1f52ubuntucve8debian5osv6debiancve8veracode9cve9prion9redhatcve7checkpoint_advisories1talos1seebug1alpinelinux1ubuntu2cloudfoundry1threatpost1archlinux2ibm2altlinux1slackware1suse1apple2mageia1gentoo1