K000157985: LibTIFF vulnerabilities CVE-2020-35522, CVE-2020-35521, CVE-2020-35524, and CVE-2020-35523

Security Advisory Description CVE-2020-35522 In LibTIFF, there is a memory malloc failure in tifpixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. CVE-2020-35521 A flaw was found in libtiff. Due to a memory allocation failure in tifread.c, a...

Linux Distros Unpatched Vulnerability : CVE-2020-35523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow flaw was found in libtiff that exists in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a us...

Rocky Linux 8 : libtiff (RLSA-2021:4241)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4241 advisory. - A flaw was found in libtiff. Due to a memory allocation failure in tifread.c, a crafted TIFF file can lead to an abort, resulting in denial of service...

BELL-CVE-2020-35523 CVE-2020-35523 does not affect BellSoft software

Bulletin has no description...

Ubuntu: Security Advisory (USN-5841-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM : LibTIFF vulnerabilities (USN-5841-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5841-1 advisory. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted...

CVE-2020-35523 affecting package libtiff for versions less than 4.1.0-3

CVE-2020-35523 affecting package libtiff for versions less than 4.1.0-3. A patched version of the package is available...

openSUSE: Security Advisory for tiff (openSUSE-SU-2022:0480-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:0496-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:0480-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2021-2873)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libtiff security and bug fix update

4.0.9-20 - Rebuild for fixed binutils 1954437 4.0.9-19 - Fix CVE-2020-35521 1945539 - Fix CVE-2020-35522 1945555 - Fix CVE-2020-35523 1945542 - Fix CVE-2020-35524 1945546...

Moderate: Red Hat Security Advisory: libtiff security and bug fix update

An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RLSA-2021:4241 Moderate: libtiff security and bug fix update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Integer overflow in tifgetimage.c CVE-2020-35523 libtiff: Heap-based buffer overflow in TIFF2PDF tool CVE-2020-35524 libtiff: Memory allocation failure in tiff2rgba...

Moderate: libtiff security and bug fix update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Integer overflow in tifgetimage.c CVE-2020-35523 libtiff: Heap-based buffer overflow in TIFF2PDF tool CVE-2020-35524 libtiff: Memory allocation failure in tiff2rgba...

libtiff security and bug fix update

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2021-2400)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for compat-libtiff3 (EulerOS-SA-2021-2214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : compat-libtiff3 (EulerOS-SA-2021-2214)

According to the version of the compat-libtiff3 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow flaw was found in libtiff that exists in the tifgetimage.c file. This flaw allows an attacker to inject and execute...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2021-2025)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...