{"id": "USN-2939-1", "bulletinFamily": "unix", "title": "LibTIFF vulnerabilities", "description": "It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.", "published": "2016-03-23T00:00:00", "modified": "2016-03-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2939-1/", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8781", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8665", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8784", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8683", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8783", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8782"], "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "type": "ubuntu", "lastseen": "2018-08-31T00:08:39", "history": [{"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff5", "packageVersion": "4.0.3-7ubuntu0.4"}, {"OS": "Ubuntu", "OSVersion": "15.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff5", "packageVersion": "4.0.3-12.3ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff4", "packageVersion": "3.9.5-2ubuntu1.9"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.", "edition": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "a475b4bb895d947f0222062e851c14f2cfa877807b61b3769b261c4e71fee2e2", "hashmap": [{"hash": "e20a1536f6bff4dbc36b3cef61da7717", "key": "modified"}, {"hash": "aff9dfe9f4658b61c7e27eec972cfca9", "key": "cvelist"}, {"hash": "0d806340e1ea638035869d94bcf7f520", "key": "references"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "b46b582e7d25e0b8179afec6e5a3b31a", "key": "affectedPackage"}, {"hash": "7aa2dfdbda7c056fbbcb7b5d37f1bdeb", "key": "title"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "e20a1536f6bff4dbc36b3cef61da7717", "key": "published"}, {"hash": "113e20025ea97ce424b931c5b43b7d5b", "key": "description"}, {"hash": "fbbc8f417358a57e0ca5bbf7213a0a5b", "key": "href"}], "history": [], "href": "https://usn.ubuntu.com/2939-1/", "id": "USN-2939-1", "lastseen": "2018-03-29T18:20:12", "modified": "2016-03-23T00:00:00", "objectVersion": "1.3", "published": "2016-03-23T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8781", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8665", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8784", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8683", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8783", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8782"], "reporter": "Ubuntu", "title": "LibTIFF vulnerabilities", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-03-29T18:20:12"}, {"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff5", "packageVersion": "4.0.3-7ubuntu0.4"}, {"OS": "Ubuntu", "OSVersion": "15.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff5", "packageVersion": "4.0.3-12.3ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff4", "packageVersion": "3.9.5-2ubuntu1.9"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "daba350cbabf0420a97bd2b3b7d00b765240d5450cc5971764cd1dcc8c251229", "hashmap": [{"hash": "e20a1536f6bff4dbc36b3cef61da7717", "key": "modified"}, {"hash": "aff9dfe9f4658b61c7e27eec972cfca9", "key": "cvelist"}, {"hash": "0d806340e1ea638035869d94bcf7f520", "key": "references"}, {"hash": "b46b582e7d25e0b8179afec6e5a3b31a", "key": "affectedPackage"}, {"hash": "7aa2dfdbda7c056fbbcb7b5d37f1bdeb", "key": "title"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "e20a1536f6bff4dbc36b3cef61da7717", "key": "published"}, {"hash": "113e20025ea97ce424b931c5b43b7d5b", "key": "description"}, {"hash": "fbbc8f417358a57e0ca5bbf7213a0a5b", "key": "href"}], "history": [], "href": "https://usn.ubuntu.com/2939-1/", "id": "USN-2939-1", "lastseen": "2018-08-30T20:09:18", "modified": "2016-03-23T00:00:00", "objectVersion": "1.3", "published": "2016-03-23T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8781", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8665", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8784", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8683", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8783", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8782"], "reporter": "Ubuntu", "title": "LibTIFF vulnerabilities", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T20:09:18"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "b46b582e7d25e0b8179afec6e5a3b31a"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "aff9dfe9f4658b61c7e27eec972cfca9"}, {"key": "cvss", "hash": "3873c836ae45fd496c2b40bae50467ed"}, {"key": "description", "hash": "113e20025ea97ce424b931c5b43b7d5b"}, {"key": "href", "hash": "fbbc8f417358a57e0ca5bbf7213a0a5b"}, {"key": "modified", "hash": "e20a1536f6bff4dbc36b3cef61da7717"}, {"key": "published", "hash": "e20a1536f6bff4dbc36b3cef61da7717"}, {"key": "references", "hash": "0d806340e1ea638035869d94bcf7f520"}, {"key": "reporter", "hash": "3d945423f8e9496c429a5d8c65b4604f"}, {"key": "title", "hash": "7aa2dfdbda7c056fbbcb7b5d37f1bdeb"}, {"key": "type", "hash": "1d41c853af58d3a7ae54990ce29417d8"}], "hash": "a475b4bb895d947f0222062e851c14f2cfa877807b61b3769b261c4e71fee2e2", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff5", "packageVersion": "4.0.3-7ubuntu0.4"}, {"OS": "Ubuntu", "OSVersion": "15.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff5", "packageVersion": "4.0.3-12.3ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libtiff4", "packageVersion": "3.9.5-2ubuntu1.9"}]}

{"openvas": [{"lastseen": "2017-07-24T12:54:41", "references": ["http://www.debian.org/security/2016/dsa-3467.html"], "pluginID": "703467", "description": "Several vulnerabilities have been\nfound in tiff, a Tag Image File Format library. Multiple out-of-bounds read and\nwrite flaws could cause an application using the tiff library to crash.", "edition": 2, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-02-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 3467-1 (tiff - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703467", "id": "OPENVAS:703467", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3467.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3467-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703467);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-8665\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\",\n \"CVE-2015-8783\", \"CVE-2015-8784\");\n script_name(\"Debian Security Advisory DSA 3467-1 (tiff - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-02-06 00:00:00 +0100 (Sat, 06 Feb 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3467.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tiff on Debian Linux\");\n script_tag(name: \"insight\", value: \"libtiff is a library providing support\nfor the Tag Image File Format (TIFF), a widely used format for storing image\ndata.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 4.0.2-6+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 4.0.6-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.6-1.\n\nWe recommend that you upgrade your tiff packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\nfound in tiff, a Tag Image File Format library. Multiple out-of-bounds read and\nwrite flaws could cause an application using the tiff library to crash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-alt-dev\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:48:45", "references": ["http://www.ubuntu.com/usn/usn-2939-1/", "2939-1"], "pluginID": "1361412562310842702", "description": "Check the version of tiff", "edition": 7, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-03-24T00:00:00", "title": "Ubuntu Update for tiff USN-2939-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310842702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842702", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tiff USN-2939-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842702\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-24 06:15:18 +0100 (Thu, 24 Mar 2016)\");\n script_cve_id(\"CVE-2015-8665\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\", \"CVE-2015-8784\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tiff USN-2939-1\");\n script_tag(name:\"summary\", value:\"Check the version of tiff\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that LibTIFF incorrectly\n handled certain malformed images. If a user or automated system were tricked\n into opening a specially crafted image, a remote attacker could crash the\n application, leading to a denial of service, or possibly execute arbitrary\n code with user privileges.\");\n script_tag(name:\"affected\", value:\"tiff on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2939-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2939-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.3-7ubuntu0.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.3-7ubuntu0.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.5-2ubuntu1.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.3-12.3ubuntu2.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.3-12.3ubuntu2.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:32", "references": ["http://www.debian.org/security/2016/dsa-3467.html"], "pluginID": "1361412562310703467", "description": "Several vulnerabilities have been\nfound in tiff, a Tag Image File Format library. Multiple out-of-bounds read and\nwrite flaws could cause an application using the tiff library to crash.", "edition": 3, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-02-06T00:00:00", "title": "Debian Security Advisory DSA 3467-1 (tiff - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:1361412562310703467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703467", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3467.nasl 8168 2017-12-19 07:30:15Z teissa $\n# Auto-generated from advisory DSA 3467-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703467\");\n script_version(\"$Revision: 8168 $\");\n script_cve_id(\"CVE-2015-8665\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\",\n \"CVE-2015-8783\", \"CVE-2015-8784\");\n script_name(\"Debian Security Advisory DSA 3467-1 (tiff - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-12-19 08:30:15 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-02-06 00:00:00 +0100 (Sat, 06 Feb 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3467.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tiff on Debian Linux\");\n script_tag(name: \"insight\", value: \"libtiff is a library providing support\nfor the Tag Image File Format (TIFF), a widely used format for storing image\ndata.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 4.0.2-6+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 4.0.6-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.6-1.\n\nWe recommend that you upgrade your tiff packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\nfound in tiff, a Tag Image File Format library. Multiple out-of-bounds read and\nwrite flaws could cause an application using the tiff library to crash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.3-12.3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-alt-dev\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.2-6+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:amd64\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5:i386\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff5-dev\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:amd64\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx5:i386\", ver:\"4.0.6-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:06", "references": ["https://alas.aws.amazon.com/ALAS-2016-734.html"], "pluginID": "1361412562310120723", "description": "Amazon Linux Local Security Checks", "edition": 4, "reporter": "This script is Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-26T00:00:00", "title": "Amazon Linux Local Check: alas-2016-734", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2016-5320", "CVE-2015-1547", "CVE-2015-8781", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-9655"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310120723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120723", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Amazon Linux security check\n# $Id: alas-2016-734.nasl 6574 2017-07-06 13:41:26Z cfischer $\n# \n# Authors:\n# Autogenerated by alas-generator developed by Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120723\");\nscript_version(\"$Revision: 6574 $\");\nscript_tag(name:\"creation_date\", value:\"2016-10-26 15:38:20 +0300 (Wed, 26 Oct 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:41:26 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2016-734\");\nscript_tag(name: \"insight\", value: \"Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655 , CVE-2015-1547 , CVE-2015-8784 , CVE-2015-8683 , CVE-2015-8665 , CVE-2015-8781 , CVE-2015-8782 , CVE-2015-8783 , CVE-2016-3990 , CVE-2016-5320 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update compat-libtiff3 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2016-734.html\");\nscript_cve_id(\"CVE-2014-9655\",\"CVE-2016-5320\",\"CVE-2016-3990\",\"CVE-2015-8784\",\"CVE-2015-8665\",\"CVE-2015-8781\",\"CVE-2015-8782\",\"CVE-2015-8783\",\"CVE-2015-1547\",\"CVE-2015-8683\");\nscript_tag(name:\"cvss_base\", value:\"6.8\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\n\nif(release == NULL)\n{\n exit(0);\n}\n\nif(release == \"AMAZON\")\n{\n if ((res = isrpmvuln(pkg:\"compat-libtiff3\", rpm:\"compat-libtiff3~3.9.4~18.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"compat-libtiff3-debuginfo\", rpm:\"compat-libtiff3-debuginfo~3.9.4~18.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:39:41", "references": ["https://lists.debian.org/debian-lts-announce/2017/03/msg00039.html"], "pluginID": "1361412562310890880", "description": "tiff3 is affected by multiple issues that can result at least in denial of\nservices of applications using libtiff4. Crafted TIFF files can be\nprovided to trigger: abort() calls via failing assertions, buffer overruns\n(both in read and write mode).\n\nCVE-2015-8781\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds write) via an invalid number of samples per pixel in a\nLogL compressed TIFF image.\n\nCVE-2015-8782\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds writes) via a crafted TIFF image.\n\nCVE-2015-8783\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds reads) via a crafted TIFF image.\n\nCVE-2015-8784\n\nThe NeXTDecode function in tif_next.c in LibTIFF allows remote\nattackers to cause a denial of service (out-of-bounds write) via a\ncrafted TIFF image.\n\nCVE-2016-9533\n\ntif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write\nvulnerabilities in heap allocated buffers.\n\nCVE-2016-9534\n\ntif_write.c in libtiff 4.0.6 has an issue in the error code path of\nTIFFFlushData1() that didn", "edition": 7, "reporter": "Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net", "published": "2018-01-12T00:00:00", "title": "Debian LTS Advisory ([SECURITY] [DLA 880-1] tiff3 security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2016-9534", "CVE-2016-9535", "CVE-2015-8781", "CVE-2015-8782", "CVE-2016-9533"], "modified": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310890880", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890880", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_880.nasl 10474 2018-07-10 08:12:26Z cfischer $\n#\n# Auto-generated from advisory DLA 880-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890880\");\n script_version(\"$Revision: 10474 $\");\n script_cve_id(\"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\", \"CVE-2015-8784\", \"CVE-2016-9533\", \"CVE-2016-9534\", \"CVE-2016-9535\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 880-1] tiff3 security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 10:12:26 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00039.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"tiff3 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.9.6-11+deb7u4.\n\nWe recommend that you upgrade your tiff3 packages.\");\n script_tag(name:\"summary\", value:\"tiff3 is affected by multiple issues that can result at least in denial of\nservices of applications using libtiff4. Crafted TIFF files can be\nprovided to trigger: abort() calls via failing assertions, buffer overruns\n(both in read and write mode).\n\nCVE-2015-8781\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds write) via an invalid number of samples per pixel in a\nLogL compressed TIFF image.\n\nCVE-2015-8782\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds writes) via a crafted TIFF image.\n\nCVE-2015-8783\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds reads) via a crafted TIFF image.\n\nCVE-2015-8784\n\nThe NeXTDecode function in tif_next.c in LibTIFF allows remote\nattackers to cause a denial of service (out-of-bounds write) via a\ncrafted TIFF image.\n\nCVE-2016-9533\n\ntif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write\nvulnerabilities in heap allocated buffers.\n\nCVE-2016-9534\n\ntif_write.c in libtiff 4.0.6 has an issue in the error code path of\nTIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp\nmembers.\n\nCVE-2016-9535\n\ntif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions\nthat can lead to assertion failures in debug mode, or buffer\noverflows in release mode, when dealing with unusual tile size\nlike YCbCr with subsampling.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.9.6-11+deb7u4\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.9.6-11+deb7u4\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.9.6-11+deb7u4\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:43", "references": ["https://advisories.mageia.org/MGASA-2016-0017.html"], "pluginID": "1361412562310131173", "description": "Mageia Linux Local Security Checks mgasa-2016-0017", "edition": 4, "reporter": "Eero Volotinen", "published": "2016-01-14T00:00:00", "title": "Mageia Linux Local Check: mgasa-2016-0017", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8683", "CVE-2015-1547", "CVE-2015-8665"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310131173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131173", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2016-0017.nasl 6562 2017-07-06 12:22:42Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.131173\");\nscript_version(\"$Revision: 6562 $\");\nscript_tag(name:\"creation_date\", value:\"2016-01-14 07:28:46 +0200 (Thu, 14 Jan 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:22:42 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2016-0017\");\nscript_tag(name: \"insight\", value: \"In libtiff, in tif_next.c, a potential out-of-bound write in NeXTDecode() triggered by the test case for CVE-2015-1547 (maptools bugzilla #2508). In libtiff, in tif_getimage.c, out-of-bound reads in the TIFFRGBAImage interface in case of unsupported values of SamplesPerPixel/ExtraSamples for LogLUV / CIELab (CVE-2015-8665, CVE-2015-8683).\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2016-0017.html\");\nscript_cve_id(\"CVE-2015-1547\",\"CVE-2015-8665\",\"CVE-2015-8683\");\nscript_tag(name:\"cvss_base\", value:\"4.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2016-0017\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.6~1.2.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:55", "references": ["https://www.redhat.com/archives/rhsa-announce/2016-August/msg00001.html", "2016:1547-01"], "pluginID": "1361412562310871643", "description": "Check the version of libtiff", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-04T00:00:00", "title": "RedHat Update for libtiff RHSA-2016:1547-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8668", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2016-3945", "CVE-2016-3991", "CVE-2014-9655"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871643", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871643", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtiff RHSA-2016:1547-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871643\");\n script_version(\"$Revision: 6690 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:51:07 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:33 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2014-8127\", \"CVE-2014-8129\", \"CVE-2014-8130\", \"CVE-2014-9330\",\n \"CVE-2014-9655\", \"CVE-2015-1547\", \"CVE-2015-7554\", \"CVE-2015-8665\",\n \"CVE-2015-8668\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\",\n \"CVE-2015-8783\", \"CVE-2015-8784\", \"CVE-2016-3632\", \"CVE-2016-3945\",\n \"CVE-2016-3990\", \"CVE-2016-3991\", \"CVE-2016-5320\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libtiff RHSA-2016:1547-01\");\n script_tag(name: \"summary\", value: \"Check the version of libtiff\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The libtiff packages contain a library of\nfunctions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could\nexploit these flaws to cause a crash or memory corruption and, possibly,\nexecute arbitrary code by tricking an application linked against libtiff\ninto processing specially crafted files. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\");\n script_tag(name: \"affected\", value: \"libtiff on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"RHSA\", value: \"2016:1547-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2016-August/msg00001.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~18.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~3.9.4~18.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.4~18.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:39", "references": ["2016:1547", "http://lists.centos.org/pipermail/centos-announce/2016-August/021999.html"], "pluginID": "1361412562310882531", "description": "Check the version of libtiff", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-08T00:00:00", "title": "CentOS Update for libtiff CESA-2016:1547 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8668", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2016-3945", "CVE-2016-3991", "CVE-2014-9655"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882531", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtiff CESA-2016:1547 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882531\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-08 15:11:59 +0530 (Mon, 08 Aug 2016)\");\n script_cve_id(\"CVE-2014-8127\", \"CVE-2014-8129\", \"CVE-2014-8130\", \"CVE-2014-9330\", \n \"CVE-2014-9655\", \"CVE-2015-1547\", \"CVE-2015-7554\", \"CVE-2015-8665\", \n \"CVE-2015-8668\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\", \n \"CVE-2015-8783\", \"CVE-2015-8784\", \"CVE-2016-3632\", \"CVE-2016-3945\", \n \"CVE-2016-3990\", \"CVE-2016-3991\", \"CVE-2016-5320\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libtiff CESA-2016:1547 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of libtiff\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The libtiff packages contain a library of \nfunctions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could\nexploit these flaws to cause a crash or memory corruption and, possibly,\nexecute arbitrary code by tricking an application linked against libtiff\ninto processing specially crafted files. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\");\n script_tag(name: \"affected\", value: \"libtiff on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:1547\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-August/021999.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~3.9.4~18.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~3.9.4~18.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static\", rpm:\"libtiff-static~3.9.4~18.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:48:31", "references": ["http://lists.centos.org/pipermail/centos-announce/2016-August/022010.html", "2016:1546"], "pluginID": "1361412562310882532", "description": "Check the version of libtiff", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-08T00:00:00", "title": "CentOS Update for libtiff CESA-2016:1546 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8668", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2016-3945", "CVE-2016-3991", "CVE-2014-9655"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882532", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtiff CESA-2016:1546 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882532\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-08 15:11:57 +0530 (Mon, 08 Aug 2016)\");\n script_cve_id(\"CVE-2014-8127\", \"CVE-2014-8129\", \"CVE-2014-8130\", \"CVE-2014-9330\", \n \"CVE-2014-9655\", \"CVE-2015-1547\", \"CVE-2015-7554\", \"CVE-2015-8665\", \n \"CVE-2015-8668\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\", \n \"CVE-2015-8783\", \"CVE-2015-8784\", \"CVE-2016-3632\", \"CVE-2016-3945\", \n \"CVE-2016-3990\", \"CVE-2016-3991\", \"CVE-2016-5320\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libtiff CESA-2016:1546 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of libtiff\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The libtiff packages contain a library of \nfunctions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could\nexploit these flaws to cause a crash or memory corruption and, possibly,\nexecute arbitrary code by tricking an application linked against libtiff\ninto processing specially crafted files. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\");\n script_tag(name: \"affected\", value: \"libtiff on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:1546\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-August/022010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~25.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~4.0.3~25.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-static\", rpm:\"libtiff-static~4.0.3~25.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-tools\", rpm:\"libtiff-tools~4.0.3~25.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:45", "references": ["2016:1546-01", "https://www.redhat.com/archives/rhsa-announce/2016-August/msg00000.html"], "pluginID": "1361412562310871645", "description": "Check the version of libtiff", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-04T00:00:00", "title": "RedHat Update for libtiff RHSA-2016:1546-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8668", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2016-3945", "CVE-2016-3991", "CVE-2014-9655"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871645", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871645", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtiff RHSA-2016:1546-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871645\");\n script_version(\"$Revision: 6690 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:51:07 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:20 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2014-8127\", \"CVE-2014-8129\", \"CVE-2014-8130\", \"CVE-2014-9330\",\n \"CVE-2014-9655\", \"CVE-2015-1547\", \"CVE-2015-7554\", \"CVE-2015-8665\",\n \"CVE-2015-8668\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\",\n \"CVE-2015-8783\", \"CVE-2015-8784\", \"CVE-2016-3632\", \"CVE-2016-3945\",\n \"CVE-2016-3990\", \"CVE-2016-3991\", \"CVE-2016-5320\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libtiff RHSA-2016:1546-01\");\n script_tag(name: \"summary\", value: \"Check the version of libtiff\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The libtiff packages contain a library of\nfunctions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could\nexploit these flaws to cause a crash or memory corruption and, possibly,\nexecute arbitrary code by tricking an application linked against libtiff\ninto processing specially crafted files. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\");\n script_tag(name: \"affected\", value: \"libtiff on Red Hat Enterprise Linux\nServer (v. 7)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"RHSA\", value: \"2016:1546-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2016-August/msg00000.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtiff\", rpm:\"libtiff~4.0.3~25.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-debuginfo\", rpm:\"libtiff-debuginfo~4.0.3~25.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtiff-devel\", rpm:\"libtiff-devel~4.0.3~25.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:56:00", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808968", "https://packages.debian.org/source/wheezy/tiff", "https://packages.debian.org/source/jessie/tiff", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809021", "http://www.debian.org/security/2016/dsa-3467"], "pluginID": "88601", "description": "Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.", "edition": 7, "reporter": "Tenable", "published": "2016-02-08T00:00:00", "title": "Debian DSA-3467-1 : tiff - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tiff", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3467.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88601", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3467. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88601);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/11 12:34:08\");\n\n script_cve_id(\"CVE-2015-8665\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\", \"CVE-2015-8784\");\n script_xref(name:\"DSA\", value:\"3467\");\n\n script_name(english:\"Debian DSA-3467-1 : tiff - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in tiff, a Tag Image File\nFormat library. Multiple out-of-bounds read and write flaws could\ncause an application using the tiff library to crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2016/dsa-3467\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tiff packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 4.0.2-6+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 4.0.3-12.3+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-doc\", reference:\"4.0.2-6+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-opengl\", reference:\"4.0.2-6+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff-tools\", reference:\"4.0.2-6+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5\", reference:\"4.0.2-6+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5-alt-dev\", reference:\"4.0.2-6+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff5-dev\", reference:\"4.0.2-6+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiffxx5\", reference:\"4.0.2-6+deb7u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff-doc\", reference:\"4.0.3-12.3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff-opengl\", reference:\"4.0.3-12.3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff-tools\", reference:\"4.0.3-12.3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff5\", reference:\"4.0.3-12.3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiff5-dev\", reference:\"4.0.3-12.3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtiffxx5\", reference:\"4.0.3-12.3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:05:26", "references": [], "pluginID": "90147", "description": "It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2016-03-24T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : tiff vulnerabilities (USN-2939-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "modified": "2018-08-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtiff4", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libtiff5", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2939-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90147", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2939-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90147);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/08/06 12:58:58\");\n\n script_cve_id(\"CVE-2015-8665\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\", \"CVE-2015-8784\");\n script_xref(name:\"USN\", value:\"2939-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : tiff vulnerabilities (USN-2939-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that LibTIFF incorrectly handled certain malformed\nimages. If a user or automated system were tricked into opening a\nspecially crafted image, a remote attacker could crash the\napplication, leading to a denial of service, or possibly execute\narbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff4 and / or libtiff5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtiff4\", pkgver:\"3.9.5-2ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libtiff5\", pkgver:\"4.0.3-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libtiff5\", pkgver:\"4.0.3-12.3ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff4 / libtiff5\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:10", "references": ["https://packages.debian.org/source/squeeze-lts/tiff", "https://lists.debian.org/debian-lts-announce/2016/01/msg00030.html", "https://wiki.debian.org/LTS/"], "pluginID": "88491", "description": "Several security flaws have been found and solved in libtiff, a library that provides support for handling Tag Image File Format (TIFF). These flaws concern out of bounds reads and writes in the LogL16Decode, LogLuvDecode24, LogLuvDecode32, LogLuvDecodeTile, LogL16Encode, LogLuvEncode24, LogLuvEncode32 and NeXTDecode functions.\n\nThese IDs were assigned for the problems: CVE-2015-8781, CVE-2015-8782, CVE-2015-8783 and CVE-2015-8784.\n\nFor Debian 6 'Squeeze', these issues have been fixed in tiff version 3.9.4-5+squeeze14. We recommend you to upgrade your tiff packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2016-02-01T00:00:00", "title": "Debian DLA-405-1 : tiff security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8781", "CVE-2015-8782"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libtiffxx0c2", "p-cpe:/a:debian:debian_linux:libtiff-doc", "p-cpe:/a:debian:debian_linux:libtiff4", "p-cpe:/a:debian:debian_linux:libtiff-tools", "p-cpe:/a:debian:debian_linux:libtiff4-dev", "p-cpe:/a:debian:debian_linux:libtiff-opengl"], "id": "DEBIAN_DLA-405.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-405-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88491);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/07/09 12:26:57\");\n\n script_cve_id(\"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\", \"CVE-2015-8784\");\n\n script_name(english:\"Debian DLA-405-1 : tiff security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security flaws have been found and solved in libtiff, a\nlibrary that provides support for handling Tag Image File Format\n(TIFF). These flaws concern out of bounds reads and writes in the\nLogL16Decode, LogLuvDecode24, LogLuvDecode32, LogLuvDecodeTile,\nLogL16Encode, LogLuvEncode24, LogLuvEncode32 and NeXTDecode functions.\n\nThese IDs were assigned for the problems: CVE-2015-8781,\nCVE-2015-8782, CVE-2015-8783 and CVE-2015-8784.\n\nFor Debian 6 'Squeeze', these issues have been fixed in tiff version\n3.9.4-5+squeeze14. We recommend you to upgrade your tiff packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/01/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.debian.org/LTS/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiffxx0c2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-doc\", reference:\"3.9.4-5+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-opengl\", reference:\"3.9.4-5+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-tools\", reference:\"3.9.4-5+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4\", reference:\"3.9.4-5+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4-dev\", reference:\"3.9.4-5+squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiffxx0c2\", reference:\"3.9.4-5+squeeze14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:34:41", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=964225"], "pluginID": "88704", "description": "This update for tiff fixes the following issues :\n\n - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:\n Out-of-bounds writes for invalid images (boo#964225)", "edition": 5, "reporter": "Tenable", "published": "2016-02-12T00:00:00", "title": "openSUSE Security Update : tiff (openSUSE-2016-184)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8781", "CVE-2015-8782"], "modified": "2016-10-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:tiff", "p-cpe:/a:novell:opensuse:tiff-debugsource", "p-cpe:/a:novell:opensuse:libtiff5-32bit", "p-cpe:/a:novell:opensuse:tiff-debuginfo", "p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff5-debuginfo", "p-cpe:/a:novell:opensuse:libtiff5", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-184.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88704", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-184.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88704);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:28 $\");\n\n script_cve_id(\"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\");\n\n script_name(english:\"openSUSE Security Update : tiff (openSUSE-2016-184)\");\n script_summary(english:\"Check for the openSUSE-2016-184 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tiff fixes the following issues :\n\n - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:\n Out-of-bounds writes for invalid images (boo#964225)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=964225\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libtiff-devel-4.0.6-8.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libtiff5-4.0.6-8.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libtiff5-debuginfo-4.0.6-8.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tiff-4.0.6-8.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tiff-debuginfo-4.0.6-8.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tiff-debugsource-4.0.6-8.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-4.0.6-8.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.6-8.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.6-8.16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel-32bit / libtiff-devel / libtiff5-32bit / libtiff5 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:45", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=964225"], "pluginID": "88685", "description": "This update for tiff fixes the following issues :\n\n - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:\n Out-of-bounds writes for invalid images (boo#964225)", "edition": 5, "reporter": "Tenable", "published": "2016-02-11T00:00:00", "title": "openSUSE Security Update : tiff (openSUSE-2016-179)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8781", "CVE-2015-8782"], "modified": "2016-10-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:tiff", "p-cpe:/a:novell:opensuse:tiff-debugsource", "p-cpe:/a:novell:opensuse:libtiff5-32bit", "p-cpe:/a:novell:opensuse:tiff-debuginfo", "p-cpe:/a:novell:opensuse:libtiff-devel", "p-cpe:/a:novell:opensuse:libtiff5-debuginfo", "p-cpe:/a:novell:opensuse:libtiff5", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libtiff-devel-32bit"], "id": "OPENSUSE-2016-179.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-179.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88685);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:28 $\");\n\n script_cve_id(\"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\");\n\n script_name(english:\"openSUSE Security Update : tiff (openSUSE-2016-179)\");\n script_summary(english:\"Check for the openSUSE-2016-179 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tiff fixes the following issues :\n\n - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:\n Out-of-bounds writes for invalid images (boo#964225)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=964225\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tiff-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtiff-devel-4.0.6-10.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtiff5-4.0.6-10.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtiff5-debuginfo-4.0.6-10.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tiff-4.0.6-10.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tiff-debuginfo-4.0.6-10.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tiff-debugsource-4.0.6-10.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtiff-devel-32bit-4.0.6-10.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtiff5-32bit-4.0.6-10.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtiff5-debuginfo-32bit-4.0.6-10.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff-devel-32bit / libtiff-devel / libtiff5-32bit / libtiff5 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:00:35", "references": ["https://support.f5.com/csp/#/article/K35155453"], "pluginID": "94647", "description": "CVE-2015-8683\n\nThe putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.\n\nCVE-2015-8665 tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.\n\nCVE-2014-8129 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.\n\nCVE-2014-8130 The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.\n\nCVE-2014-8127 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.\n\nCVE-2014-9655 The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.\n\nCVE-2015-8781 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.\n\nCVE-2015-8782 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.\n\nCVE-2015-8783 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.\n\nImpact\n\nAn attacker can use specially crafted TIFF files to execute arbitrary code with the limited privileges of the image optimization process.", "edition": 12, "reporter": "Tenable", "published": "2016-11-09T00:00:00", "title": "F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K35155453)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2014-8127", "CVE-2015-8683", "CVE-2014-8130", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2014-9655"], "modified": "2018-08-31T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_webaccelerator"], "id": "F5_BIGIP_SOL35155453.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=94647", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K35155453.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94647);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/08/31 12:25:01\");\n\n script_cve_id(\"CVE-2014-8127\", \"CVE-2014-8129\", \"CVE-2014-8130\", \"CVE-2014-9655\", \"CVE-2015-8665\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\");\n script_bugtraq_id(72323, 72352, 72353, 73441);\n\n script_name(english:\"F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K35155453)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2015-8683\n\nThe putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6\nallows remote attackers to cause a denial of service (out-of-bounds\nread) via a packed TIFF image.\n\nCVE-2015-8665 tif_getimage.c in LibTIFF 4.0.6 allows remote attackers\nto cause a denial of service (out-of-bounds read) via the\nSamplesPerPixel tag in a TIFF image.\n\nCVE-2014-8129 LibTIFF 4.0.3 allows remote attackers to cause a denial\nof service (out-of-bounds write) or possibly have unspecified other\nimpact via a crafted TIFF image, as demonstrated by failure of\ntif_next.c to verify that the BitsPerSample value is 2, and the\nt2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.\n\nCVE-2014-8130 The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3\ndoes not reject a zero size, which allows remote attackers to cause a\ndenial of service (divide-by-zero error and application crash) via a\ncrafted TIFF image that is mishandled by the TIFFWriteScanline\nfunction in tif_write.c, as demonstrated by tiffdither.\n\nCVE-2014-8127 LibTIFF 4.0.3 allows remote attackers to cause a denial\nof service (out-of-bounds read and crash) via a crafted TIFF image to\nthe (1) checkInkNamesString function in tif_dir.c in the thumbnail\ntool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool,\n(3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba\ntool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5)\ntiffdither tool, (6) NeXTDecode function in tif_next.c in the\ntiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function\nin tif_dirwrite.c in the tiffset tool.\n\nCVE-2014-9655 The (1) putcontig8bitYCbCr21tile function in\ntif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF\nallows remote attackers to cause a denial of service (uninitialized\nmemory access) via a crafted TIFF image, as demonstrated by\nlibtiff-cvs-1.tif and libtiff-cvs-2.tif.\n\nCVE-2015-8781 tif_luv.c in libtiff allows attackers to cause a denial\nof service (out-of-bounds write) via an invalid number of samples per\npixel in a LogL compressed TIFF image, a different vulnerability than\nCVE-2015-8782.\n\nCVE-2015-8782 tif_luv.c in libtiff allows attackers to cause a denial\nof service (out-of-bounds writes) via a crafted TIFF image, a\ndifferent vulnerability than CVE-2015-8781.\n\nCVE-2015-8783 tif_luv.c in libtiff allows attackers to cause a denial\nof service (out-of-bounds reads) via a crafted TIFF image.\n\nImpact\n\nAn attacker can use specially crafted TIFF files to execute arbitrary\ncode with the limited privileges of the image optimization process.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K35155453\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K35155453.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K35155453\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.2.1\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules AM / WAM\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:49", "references": ["https://alas.aws.amazon.com/ALAS-2016-734.html"], "pluginID": "93012", "description": "Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.\n(CVE-2014-9655 , CVE-2015-1547 , CVE-2015-8784 , CVE-2015-8683 , CVE-2015-8665 , CVE-2015-8781 , CVE-2015-8782 , CVE-2015-8783 , CVE-2016-3990 , CVE-2016-5320)", "edition": 6, "reporter": "Tenable", "published": "2016-08-18T00:00:00", "title": "Amazon Linux AMI : compat-libtiff3 (ALAS-2016-734)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2016-5320", "CVE-2015-1547", "CVE-2015-8781", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-9655"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:compat-libtiff3-debuginfo", "p-cpe:/a:amazon:linux:compat-libtiff3", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-734.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93012", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-734.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93012);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2014-9655\", \"CVE-2015-1547\", \"CVE-2015-8665\", \"CVE-2015-8683\", \"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\", \"CVE-2015-8784\", \"CVE-2016-3990\", \"CVE-2016-5320\");\n script_xref(name:\"ALAS\", value:\"2016-734\");\n\n script_name(english:\"Amazon Linux AMI : compat-libtiff3 (ALAS-2016-734)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws have been discovered in libtiff. A remote attacker\ncould exploit these flaws to cause a crash or memory corruption and,\npossibly, execute arbitrary code by tricking an application linked\nagainst libtiff into processing specially crafted files.\n(CVE-2014-9655 , CVE-2015-1547 , CVE-2015-8784 , CVE-2015-8683 ,\nCVE-2015-8665 , CVE-2015-8781 , CVE-2015-8782 , CVE-2015-8783 ,\nCVE-2016-3990 , CVE-2016-5320)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-734.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update compat-libtiff3' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:compat-libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:compat-libtiff3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"compat-libtiff3-3.9.4-18.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"compat-libtiff3-debuginfo-3.9.4-18.14.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-libtiff3 / compat-libtiff3-debuginfo\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:07", "references": ["https://www.suse.com/security/cve/CVE-2015-8782.html", "http://www.nessus.org/u?89612cb2", "https://www.suse.com/security/cve/CVE-2015-8781.html", "https://bugzilla.suse.com/964225", "https://www.suse.com/security/cve/CVE-2015-7554.html", "https://www.suse.com/security/cve/CVE-2015-8783.html", "https://bugzilla.suse.com/960341"], "pluginID": "88677", "description": "This update for tiff fixes the following issues :\n\n - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:\n Out-of-bounds writes for invalid images (bsc#964225)\n\n - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 9, "reporter": "Tenable", "published": "2016-02-10T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : tiff (SUSE-SU-2016:0353-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8781", "CVE-2015-7554", "CVE-2015-8782"], "modified": "2018-08-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libtiff3", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:tiff"], "id": "SUSE_SU-2016-0353-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0353-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88677);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/08/02 16:41:59\");\n\n script_cve_id(\"CVE-2015-7554\", \"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : tiff (SUSE-SU-2016:0353-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tiff fixes the following issues :\n\n - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:\n Out-of-bounds writes for invalid images (bsc#964225)\n\n - CVE-2015-7554: Out-of-bounds Write in the thumbnail and\n tiffcmp tools (bsc#960341)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/960341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/964225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7554.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8781.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8783.html\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160353-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89612cb2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-tiff-12389=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-tiff-12389=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-tiff-12389=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-tiff-12389=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtiff3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.163.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libtiff3-32bit-3.8.2-141.163.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libtiff3-3.8.2-141.163.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tiff-3.8.2-141.163.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libtiff3-3.8.2-141.163.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libtiff3-32bit-3.8.2-141.163.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libtiff3-3.8.2-141.163.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tiff\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:13", "references": ["https://packages.debian.org/source/squeeze-lts/tiff", "https://wiki.debian.org/LTS/", "https://lists.debian.org/debian-lts-announce/2016/01/msg00027.html"], "pluginID": "88387", "description": "Two security flaws have been found and solved in libtiff, library that provides support for handling Tag Image File Format (TIFF). These flaws concern out of bounds reads in the TIFFRGBAImage interface, when parsing unsupported values related to LogLUV and CIELab. CVE-2015-8665 was reported by limingxing and CVE-2015-8683 by zzf of Alibaba.\n\nFor Debian 6 'Squeeze', these issues have been fixed in tiff version 3.9.4-5+squeeze13. We recommend you to upgrade your tiff packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2016-01-27T00:00:00", "title": "Debian DLA-402-1 : tiff security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8683", "CVE-2015-8665"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libtiffxx0c2", "p-cpe:/a:debian:debian_linux:libtiff-doc", "p-cpe:/a:debian:debian_linux:libtiff4", "p-cpe:/a:debian:debian_linux:libtiff-tools", "p-cpe:/a:debian:debian_linux:libtiff4-dev", "p-cpe:/a:debian:debian_linux:libtiff-opengl"], "id": "DEBIAN_DLA-402.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88387", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-402-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88387);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/07/09 12:26:57\");\n\n script_cve_id(\"CVE-2015-8665\", \"CVE-2015-8683\");\n\n script_name(english:\"Debian DLA-402-1 : tiff security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security flaws have been found and solved in libtiff, library that\nprovides support for handling Tag Image File Format (TIFF). These\nflaws concern out of bounds reads in the TIFFRGBAImage interface, when\nparsing unsupported values related to LogLUV and CIELab. CVE-2015-8665\nwas reported by limingxing and CVE-2015-8683 by zzf of Alibaba.\n\nFor Debian 6 'Squeeze', these issues have been fixed in tiff version\n3.9.4-5+squeeze13. We recommend you to upgrade your tiff packages.\n\nLearn more about the Debian Long Term Support (LTS) Project and how to\napply these updates at: https://wiki.debian.org/LTS/\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/01/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/tiff\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.debian.org/LTS/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiffxx0c2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-doc\", reference:\"3.9.4-5+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-opengl\", reference:\"3.9.4-5+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff-tools\", reference:\"3.9.4-5+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4\", reference:\"3.9.4-5+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiff4-dev\", reference:\"3.9.4-5+squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtiffxx0c2\", reference:\"3.9.4-5+squeeze13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:56", "references": ["https://lists.debian.org/debian-lts-announce/2017/03/msg00039.html", "https://packages.debian.org/source/wheezy/tiff3"], "pluginID": "99107", "description": "tiff3 is affected by multiple issues that can result at least in denial of services of applications using libtiff4. Crafted TIFF files can be provided to trigger: abort() calls via failing assertions, buffer overruns (both in read and write mode).\n\nCVE-2015-8781\n\ntif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image.\n\nCVE-2015-8782\n\ntif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image.\n\nCVE-2015-8783\n\ntif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.\n\nCVE-2015-8784\n\nThe NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.\n\nCVE-2016-9533\n\ntif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers.\n\nCVE-2016-9534\n\ntif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. \n\nCVE-2016-9535\n\ntif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.9.6-11+deb7u4.\n\nWe recommend that you upgrade your tiff3 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2017-03-31T00:00:00", "title": "Debian DLA-880-1 : tiff3 security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2016-9534", "CVE-2016-9535", "CVE-2015-8781", "CVE-2015-8782", "CVE-2016-9533"], "modified": "2018-07-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libtiffxx0c2", "p-cpe:/a:debian:debian_linux:libtiff4", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libtiff4-dev"], "id": "DEBIAN_DLA-880.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99107", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-880-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99107);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/07/10 12:45:04\");\n\n script_cve_id(\"CVE-2015-8781\", \"CVE-2015-8782\", \"CVE-2015-8783\", \"CVE-2015-8784\", \"CVE-2016-9533\", \"CVE-2016-9534\", \"CVE-2016-9535\");\n\n script_name(english:\"Debian DLA-880-1 : tiff3 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tiff3 is affected by multiple issues that can result at least in\ndenial of services of applications using libtiff4. Crafted TIFF files\ncan be provided to trigger: abort() calls via failing assertions,\nbuffer overruns (both in read and write mode).\n\nCVE-2015-8781\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds write) via an invalid number of samples per pixel in a\nLogL compressed TIFF image.\n\nCVE-2015-8782\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds writes) via a crafted TIFF image.\n\nCVE-2015-8783\n\ntif_luv.c in libtiff allows attackers to cause a denial of service\n(out-of-bounds reads) via a crafted TIFF image.\n\nCVE-2015-8784\n\nThe NeXTDecode function in tif_next.c in LibTIFF allows remote\nattackers to cause a denial of service (out-of-bounds write) via a\ncrafted TIFF image.\n\nCVE-2016-9533\n\ntif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write\nvulnerabilities in heap allocated buffers.\n\nCVE-2016-9534\n\ntif_write.c in libtiff 4.0.6 has an issue in the error code path of\nTIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp\nmembers. \n\nCVE-2016-9535\n\ntif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that\ncan lead to assertion failures in debug mode, or buffer overflows in\nrelease mode, when dealing with unusual tile size like YCbCr with\nsubsampling.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.9.6-11+deb7u4.\n\nWe recommend that you upgrade your tiff3 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tiff3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiff4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtiffxx0c2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libtiff4\", reference:\"3.9.6-11+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiff4-dev\", reference:\"3.9.6-11+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtiffxx0c2\", reference:\"3.9.6-11+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:26:12", "references": [], "description": "USN-2939-1 LibTIFF vulnerabilities\n\n# \n\nLow\n\n# Vendor\n\nUbuntu, LibTIFF\n\n# Versions Affected\n\n * Ubuntu 14.04 \n\n# Description\n\nLibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.\n\nIt was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.\n\n# Affected Products and Versions\n\n_Severity is low unless otherwise noted. \n_\n\n * All versions of Cloud Foundry rootfs prior to 1.48.0 \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.48.0 and higher \n\n# Credit\n\nNone\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2939-1/>\n * <http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8665.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8683.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8781.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8782.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8783.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8784.html>\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2016-03-24T00:00:00", "title": "USN-2939-1 LibTIFF vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665"], "modified": "2016-03-24T00:00:00", "id": "CFOUNDRY:59FC9A5F51F25015CCCC9BDD3BD3CF91", "href": "https://www.cloudfoundry.org/blog/usn-2939-1/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2018-01-05T11:51:55", "references": ["http://www.securityfocus.com/bid/79728", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://www.securitytracker.com/id/1035508", "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "https://security.gentoo.org/glsa/201701-16", "http://www.ubuntu.com/usn/USN-2939-1", "http://www.openwall.com/lists/oss-security/2015/12/24/4", "http://www.openwall.com/lists/oss-security/2015/12/24/2", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "http://www.debian.org/security/2016/dsa-3467", "http://rhn.redhat.com/errata/RHSA-2016-1546.html"], "edition": 5, "description": "tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.", "reporter": "NVD", "published": "2016-04-13T13:59:04", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2015-8665", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8665"], "scanner": [], "cpe": ["cpe:/a:libtiff:libtiff:4.0.6"], "modified": "2018-01-04T21:30:21", "id": "CVE-2015-8665", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8665", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:56", "references": ["http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html", "https://security.gentoo.org/glsa/201701-16", "http://www.securityfocus.com/bid/81730", "http://www.ubuntu.com/usn/USN-2939-1", "http://bugzilla.maptools.org/show_bug.cgi?id=2522", "http://www.openwall.com/lists/oss-security/2016/01/24/3", "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "http://www.debian.org/security/2016/dsa-3467", "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "http://www.openwall.com/lists/oss-security/2016/01/24/7"], "description": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.", "edition": 4, "reporter": "NVD", "published": "2016-02-01T16:59:03", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "cve", "title": "CVE-2015-8783", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8783"], "scanner": [], "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:libtiff:libtiff"], "modified": "2018-01-04T21:30:21", "id": "CVE-2015-8783", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8783", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:56", "references": ["http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html", "https://security.gentoo.org/glsa/201701-16", "http://www.securityfocus.com/bid/81730", "http://www.ubuntu.com/usn/USN-2939-1", "http://bugzilla.maptools.org/show_bug.cgi?id=2522", "http://www.openwall.com/lists/oss-security/2016/01/24/3", "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "http://www.debian.org/security/2016/dsa-3467", "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "http://www.openwall.com/lists/oss-security/2016/01/24/7"], "description": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.", "edition": 4, "reporter": "NVD", "published": "2016-02-01T16:59:02", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "cve", "title": "CVE-2015-8782", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8782"], "scanner": [], "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:libtiff:libtiff"], "modified": "2018-01-04T21:30:21", "id": "CVE-2015-8782", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8782", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:56", "references": ["http://www.securityfocus.com/bid/81696", "http://bugzilla.maptools.org/show_bug.cgi?id=2508", "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "http://www.openwall.com/lists/oss-security/2016/01/24/4", "https://security.gentoo.org/glsa/201701-16", "http://www.ubuntu.com/usn/USN-2939-1", "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "http://www.debian.org/security/2016/dsa-3467", "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "http://www.openwall.com/lists/oss-security/2016/01/24/8"], "edition": 4, "description": "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.", "reporter": "NVD", "published": "2016-04-13T13:59:06", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2015-8784", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8784"], "scanner": [], "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:libtiff:libtiff"], "modified": "2018-01-04T21:30:21", "id": "CVE-2015-8784", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8784", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:55", "references": ["http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://www.securitytracker.com/id/1035508", "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "http://www.openwall.com/lists/oss-security/2015/12/26/1", "https://security.gentoo.org/glsa/201701-16", "http://www.ubuntu.com/usn/USN-2939-1", "http://www.securityfocus.com/bid/79718", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "http://www.debian.org/security/2016/dsa-3467", "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "http://www.openwall.com/lists/oss-security/2015/12/25/1"], "edition": 5, "description": "The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.", "reporter": "NVD", "published": "2016-04-13T13:59:05", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2015-8683", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8683"], "scanner": [], "cpe": ["cpe:/a:libtiff:libtiff:4.0.6", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "modified": "2018-01-04T21:30:21", "id": "CVE-2015-8683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8683", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:55", "references": ["http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://rhn.redhat.com/errata/RHSA-2016-1547.html", "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html", "https://security.gentoo.org/glsa/201701-16", "http://www.securityfocus.com/bid/81730", "http://www.ubuntu.com/usn/USN-2939-1", "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0", "http://www.openwall.com/lists/oss-security/2016/01/24/3", "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "http://www.debian.org/security/2016/dsa-3467", "http://rhn.redhat.com/errata/RHSA-2016-1546.html", "http://www.openwall.com/lists/oss-security/2016/01/24/7"], "description": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.", "edition": 4, "reporter": "NVD", "published": "2016-02-01T16:59:01", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2015-8781", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8781"], "scanner": [], "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:libtiff:libtiff"], "modified": "2018-01-04T21:30:21", "id": "CVE-2015-8781", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8781", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-07-04T02:00:28", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.0.2-6+deb7u5", "arch": "all", "packageFilename": "libtiffxx5_4.0.2-6+deb7u5_all.deb", "packageName": "libtiffxx5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.0.3-12.3+deb8u1", "arch": "all", "packageFilename": "libtiff5_4.0.3-12.3+deb8u1_all.deb", "packageName": "libtiff5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.0.3-12.3+deb8u1", "arch": "all", "packageFilename": "libtiffxx5_4.0.3-12.3+deb8u1_all.deb", "packageName": "libtiffxx5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.0.3-12.3+deb8u1", "arch": "all", "packageFilename": "libtiff5-dev_4.0.3-12.3+deb8u1_all.deb", "packageName": "libtiff5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.0.2-6+deb7u5", "arch": "all", "packageFilename": "tiff_4.0.2-6+deb7u5_all.deb", "packageName": "tiff", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.0.2-6+deb7u5", "arch": "all", "packageFilename": "libtiff-tools_4.0.2-6+deb7u5_all.deb", "packageName": "libtiff-tools", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.0.2-6+deb7u5", "arch": "all", "packageFilename": "libtiff5-alt-dev_4.0.2-6+deb7u5_all.deb", "packageName": "libtiff5-alt-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.0.3-12.3+deb8u1", "arch": "all", "packageFilename": "libtiff-tools_4.0.3-12.3+deb8u1_all.deb", "packageName": "libtiff-tools", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.0.2-6+deb7u5", "arch": "all", "packageFilename": "libtiff5_4.0.2-6+deb7u5_all.deb", "packageName": "libtiff5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.0.2-6+deb7u5", "arch": "all", "packageFilename": "libtiff5-dev_4.0.2-6+deb7u5_all.deb", "packageName": "libtiff5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.0.3-12.3+deb8u1", "arch": "all", "packageFilename": "tiff_4.0.3-12.3+deb8u1_all.deb", "packageName": "tiff", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.0.3-12.3+deb8u1", "arch": "all", "packageFilename": "libtiff-opengl_4.0.3-12.3+deb8u1_all.deb", "packageName": "libtiff-opengl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.0.2-6+deb7u5", "arch": "all", "packageFilename": "libtiff-opengl_4.0.2-6+deb7u5_all.deb", "packageName": "libtiff-opengl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "4.0.3-12.3+deb8u1", "arch": "all", "packageFilename": "libtiff-doc_4.0.3-12.3+deb8u1_all.deb", "packageName": "libtiff-doc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "4.0.2-6+deb7u5", "arch": "all", "packageFilename": "libtiff-doc_4.0.2-6+deb7u5_all.deb", "packageName": "libtiff-doc", "operator": "lt"}], "description": "Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 4.0.2-6+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed in version 4.0.6-1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 4.0.6-1.\n\nWe recommend that you upgrade your tiff packages.", "edition": 2, "reporter": "Debian", "published": "2016-02-06T00:00:00", "title": "tiff -- security update", "type": "debian", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-9655"], "modified": "2016-02-06T00:00:00", "id": "DSA-3467", "href": "http://www.debian.org/security/dsa-3467", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T12:57:15", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "3.9.4-5+squeeze14", "arch": "all", "packageFilename": "tiff_3.9.4-5+squeeze14_all.deb", "packageName": "tiff", "operator": "lt"}], "description": "Several security flaws have been found and solved in libtiff, a library that provides support for handling Tag Image File Format (TIFF). These flaws concern out of bounds reads and writes in the LogL16Decode, LogLuvDecode24, LogLuvDecode32, LogLuvDecodeTile, LogL16Encode, LogLuvEncode24, LogLuvEncode32 and NeXTDecode functions.\n\nThese IDs were assigned for the problems: [CVE-2015-8781](<https://security-tracker.debian.org/tracker/CVE-2015-8781>), [CVE-2015-8782](<https://security-tracker.debian.org/tracker/CVE-2015-8782>), [CVE-2015-8783](<https://security-tracker.debian.org/tracker/CVE-2015-8783>) and [CVE-2015-8784](<https://security-tracker.debian.org/tracker/CVE-2015-8784>).\n\nFor Debian 6 Squeeze, these issues have been fixed in tiff version 3.9.4-5+squeeze14. We recommend you to upgrade your tiff packages.", "edition": 1, "reporter": "Debian", "published": "2016-01-30T00:00:00", "title": "tiff -- LTS security update", "type": "debian", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8781", "CVE-2015-8782"], "modified": "2016-01-30T00:00:00", "id": "DLA-405", "href": "http://www.debian.org/security/2016/dla-405", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-05T12:56:39", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "3.9.4-5+squeeze13", "arch": "all", "packageFilename": "tiff_3.9.4-5+squeeze13_all.deb", "packageName": "tiff", "operator": "lt"}], "edition": 2, "description": "Two security flaws have been found and solved in libtiff, library that provides support for handling Tag Image File Format (TIFF). These flaws concern out of bounds reads in the TIFFRGBAImage interface, when parsing unsupported values related to LogLUV and CIELab. [CVE-2015-8665](<https://security-tracker.debian.org/tracker/CVE-2015-8665>) was reported by limingxing and [CVE-2015-8683](<https://security-tracker.debian.org/tracker/CVE-2015-8683>) by zzf of Alibaba.\n\nFor Debian 6 Squeeze, these issues have been fixed in tiff version 3.9.4-5+squeeze13. We recommend you to upgrade your tiff packages.", "reporter": "Debian", "published": "2016-01-26T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "debian", "title": "tiff -- LTS security update", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8683", "CVE-2015-8665"], "modified": "2016-01-26T00:00:00", "id": "DLA-402", "href": "http://www.debian.org/security/2016/dla-402", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2018-04-07T13:09:12", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 608601 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H627024 on the **Diagnostics** &gt; **Identified** &gt; **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 | Medium | LibTIFF \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | 11.2.1 | 10.2.1 - 10.2.4 | Medium | LibTIFF \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable \n\n \n\n| None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.1.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.0.1 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate the risk posed by this vulnerability, you can ensure that TIFF file processing via BIG-IP AAM or WebAccelerator policies is disabled, or ensure that TIFF files processed by BIG-IP AAM and WebAccelerator cannot be modified by attackers.\n\n**Impact of action:** Performing the suggested mitigation should not have a negative impact on your system.\n\nFor more information about disabling image optimization, refer to:\n\n * BIG-IP AAM: The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration Implementations** _manual\n * BIG-IP WebAccelerator: The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP WebAccelerator System Implementations** _manual\n\n**Note**: For information about how to locate F5 product manuals, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2016-11-08T18:39:00", "type": "f5", "title": "Multiple LibTIFF vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-8783", "CVE-2014-8127", "CVE-2015-8683", "CVE-2014-8130", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2014-9655"], "modified": "2018-03-14T19:45:00", "href": "https://support.f5.com/csp/article/K35155453", "id": "F5:K35155453", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-08T17:26:33", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate the risk posed by this vulnerability, you can ensure that TIFF file processing via BIG-IP AAM or WebAccelerator policies is disabled, or ensure that TIFF files processed by BIG-IP AAM and WebAccelerator cannot be modified by attackers.\n\n**Impact of action:** Performing the suggested mitigation should not have a negative impact on your system.\n\nFor more information about disabling image optimization, refer to:\n\n * BIG-IP AAM: The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration Implementations** _guide\n * BIG-IP WebAccelerator: The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP WebAccelerator System Implementations** _guide\n\n**Note**: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "reporter": "f5", "published": "2016-11-08T00:00:00", "title": "SOL35155453 - Multiple LibTIFF vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP AAM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.2.1", "operator": "le"}, {"name": "BIG-IP AAM", "version": "12.1.1", "operator": "le"}], "cvelist": ["CVE-2015-8783", "CVE-2014-8127", "CVE-2015-8683", "CVE-2014-8130", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2014-9655"], "modified": "2016-11-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/35/sol35155453.html", "id": "SOL35155453", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T13:11:12", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 608601 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H627031 on the **Diagnostics** &gt; **Identified** &gt; **High** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 | High | LibTIFF \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | 11.2.1 | 10.2.1 - 10.2.4 | High | LibTIFF \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable \n\n \n\n| None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.1.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.0.1 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate the risk posed by this vulnerability, you can ensure that TIFF file processing via BIG-IP AAM or WebAccelerator policies is disabled, or ensure that TIFF files processed by BIG-IP AAM and WebAccelerator cannot be modified by attackers.\n\n**Impact of action:** Performing the suggested mitigation should not have a negative impact on your system.\n\nFor more information about disabling image optimization, refer to:\n\n * BIG-IP AAM: The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration Implementations**_ manual\n * BIG-IP WebAccelerator: The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP WebAccelerator System Implementations** _manual\n\n**Note**: For information about how to locate F5 product manuals, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2016-11-08T18:45:00", "title": "LibTIFF vulnerabilities CVE-2016-5314 and CVE-2015-8784", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2016-5314", "CVE-2015-8784", "CVE-2016-5320"], "modified": "2018-03-15T20:51:00", "id": "F5:K89096577", "href": "https://support.f5.com/csp/article/K89096577", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2016-09-28T21:04:12", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.9.4-18.14", "arch": "src", "packageFilename": "compat-libtiff3-3.9.4-18.14.amzn1.src", "packageName": "compat-libtiff3", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.9.4-18.14", "arch": "x86_64", "packageFilename": "compat-libtiff3-3.9.4-18.14.amzn1.x86_64", "packageName": "compat-libtiff3", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.9.4-18.14", "arch": "x86_64", "packageFilename": "compat-libtiff3-debuginfo-3.9.4-18.14.amzn1.x86_64", "packageName": "compat-libtiff3-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.9.4-18.14", "arch": "i686", "packageFilename": "compat-libtiff3-3.9.4-18.14.amzn1.i686", "packageName": "compat-libtiff3", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.9.4-18.14", "arch": "i686", "packageFilename": "compat-libtiff3-debuginfo-3.9.4-18.14.amzn1.i686", "packageName": "compat-libtiff3-debuginfo", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nMultiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. ([CVE-2014-9655 __](<https://access.redhat.com/security/cve/CVE-2014-9655>), [CVE-2015-1547 __](<https://access.redhat.com/security/cve/CVE-2015-1547>), [CVE-2015-8784 __](<https://access.redhat.com/security/cve/CVE-2015-8784>), [CVE-2015-8683 __](<https://access.redhat.com/security/cve/CVE-2015-8683>), [CVE-2015-8665 __](<https://access.redhat.com/security/cve/CVE-2015-8665>), [CVE-2015-8781 __](<https://access.redhat.com/security/cve/CVE-2015-8781>), [CVE-2015-8782 __](<https://access.redhat.com/security/cve/CVE-2015-8782>), [CVE-2015-8783 __](<https://access.redhat.com/security/cve/CVE-2015-8783>), [CVE-2016-3990 __](<https://access.redhat.com/security/cve/CVE-2016-3990>), [CVE-2016-5320 __](<https://access.redhat.com/security/cve/CVE-2016-5320>))\n\n \n**Affected Packages:** \n\n\ncompat-libtiff3\n\n \n**Issue Correction:** \nRun _yum update compat-libtiff3_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n compat-libtiff3-3.9.4-18.14.amzn1.i686 \n compat-libtiff3-debuginfo-3.9.4-18.14.amzn1.i686 \n \n src: \n compat-libtiff3-3.9.4-18.14.amzn1.src \n \n x86_64: \n compat-libtiff3-3.9.4-18.14.amzn1.x86_64 \n compat-libtiff3-debuginfo-3.9.4-18.14.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2016-08-17T13:30:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "amazon", "title": "Important: compat-libtiff3", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8683", "CVE-2016-5320", "CVE-2015-1547", "CVE-2015-8781", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-9655"], "modified": "2016-08-17T13:30:00", "id": "ALAS-2016-734", "href": "https://alas.aws.amazon.com/ALAS-2016-734.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-28T21:03:56", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "i686", "packageFilename": "libtiff-debuginfo-4.0.3-25.27.amzn1.i686", "packageName": "libtiff-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "x86_64", "packageFilename": "libtiff-static-4.0.3-25.27.amzn1.x86_64", "packageName": "libtiff-static", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "x86_64", "packageFilename": "libtiff-debuginfo-4.0.3-25.27.amzn1.x86_64", "packageName": "libtiff-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "src", "packageFilename": "libtiff-4.0.3-25.27.amzn1.src", "packageName": "libtiff", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "x86_64", "packageFilename": "libtiff-devel-4.0.3-25.27.amzn1.x86_64", "packageName": "libtiff-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "x86_64", "packageFilename": "libtiff-4.0.3-25.27.amzn1.x86_64", "packageName": "libtiff", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "i686", "packageFilename": "libtiff-static-4.0.3-25.27.amzn1.i686", "packageName": "libtiff-static", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "i686", "packageFilename": "libtiff-4.0.3-25.27.amzn1.i686", "packageName": "libtiff", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.0.3-25.27", "arch": "i686", "packageFilename": "libtiff-devel-4.0.3-25.27.amzn1.i686", "packageName": "libtiff-devel", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nMultiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. ([CVE-2014-9655 __](<https://access.redhat.com/security/cve/CVE-2014-9655>), [CVE-2015-1547 __](<https://access.redhat.com/security/cve/CVE-2015-1547>), [CVE-2015-8784 __](<https://access.redhat.com/security/cve/CVE-2015-8784>), [CVE-2015-8683 __](<https://access.redhat.com/security/cve/CVE-2015-8683>), [CVE-2015-8665 __](<https://access.redhat.com/security/cve/CVE-2015-8665>), [CVE-2015-8781 __](<https://access.redhat.com/security/cve/CVE-2015-8781>), [CVE-2015-8782 __](<https://access.redhat.com/security/cve/CVE-2015-8782>), [CVE-2015-8783 __](<https://access.redhat.com/security/cve/CVE-2015-8783>), [CVE-2016-3990 __](<https://access.redhat.com/security/cve/CVE-2016-3990>), [CVE-2016-5320 __](<https://access.redhat.com/security/cve/CVE-2016-5320>))\n\nMultiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. ([CVE-2014-8127 __](<https://access.redhat.com/security/cve/CVE-2014-8127>), [CVE-2014-8129 __](<https://access.redhat.com/security/cve/CVE-2014-8129>), [CVE-2014-8130 __](<https://access.redhat.com/security/cve/CVE-2014-8130>), [CVE-2014-9330 __](<https://access.redhat.com/security/cve/CVE-2014-9330>), [CVE-2015-7554 __](<https://access.redhat.com/security/cve/CVE-2015-7554>), [CVE-2015-8668 __](<https://access.redhat.com/security/cve/CVE-2015-8668>), [CVE-2016-3632 __](<https://access.redhat.com/security/cve/CVE-2016-3632>), [CVE-2016-3945 __](<https://access.redhat.com/security/cve/CVE-2016-3945>), [CVE-2016-3991 __](<https://access.redhat.com/security/cve/CVE-2016-3991>))\n\n \n**Affected Packages:** \n\n\nlibtiff\n\n \n**Issue Correction:** \nRun _yum update libtiff_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n libtiff-devel-4.0.3-25.27.amzn1.i686 \n libtiff-4.0.3-25.27.amzn1.i686 \n libtiff-static-4.0.3-25.27.amzn1.i686 \n libtiff-debuginfo-4.0.3-25.27.amzn1.i686 \n \n src: \n libtiff-4.0.3-25.27.amzn1.src \n \n x86_64: \n libtiff-devel-4.0.3-25.27.amzn1.x86_64 \n libtiff-4.0.3-25.27.amzn1.x86_64 \n libtiff-static-4.0.3-25.27.amzn1.x86_64 \n libtiff-debuginfo-4.0.3-25.27.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2016-08-17T13:30:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "amazon", "title": "Important: libtiff", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8668", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2016-3945", "CVE-2016-3991", "CVE-2014-9655"], "modified": "2016-08-17T13:30:00", "id": "ALAS-2016-733", "href": "https://alas.aws.amazon.com/ALAS-2016-733.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-12T21:09:16", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "ppc", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "ppc64", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "s390", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "s390x", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "src", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "ppc", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-3.9.4-18.el6_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "ppc64", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "s390", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-3.9.4-18.el6_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "s390x", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "ppc", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "ppc64", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "s390", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "s390x", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff-static", "packageFilename": "libtiff-static-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "ppc64", "packageName": "libtiff-static", "packageFilename": "libtiff-static-3.9.4-18.el6_8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "s390x", "packageName": "libtiff-static", "packageFilename": "libtiff-static-3.9.4-18.el6_8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageName": "libtiff-static", "packageFilename": "libtiff-static-3.9.4-18.el6_8.x86_64.rpm", "operator": "lt"}], "description": "The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)", "reporter": "RedHat", "published": "2016-08-02T18:27:54", "type": "redhat", "title": "(RHSA-2016:1547) Important: libtiff security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-8127", "CVE-2014-8129", "CVE-2014-8130", "CVE-2014-9330", "CVE-2014-9655", "CVE-2015-1547", "CVE-2015-7554", "CVE-2015-8665", "CVE-2015-8668", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8783", "CVE-2015-8784", "CVE-2016-3632", "CVE-2016-3945", "CVE-2016-3990", "CVE-2016-3991", "CVE-2016-5320"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:07", "id": "RHSA-2016:1547", "href": "https://access.redhat.com/errata/RHSA-2016:1547", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-15T14:25:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff", "packageFilename": "libtiff-4.0.3-25.el7_2.i686.rpm", "arch": "i686", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff", "packageFilename": "libtiff-4.0.3-25.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff", "packageFilename": "libtiff-4.0.3-25.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff", "packageFilename": "libtiff-4.0.3-25.el7_2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff", "packageFilename": "libtiff-4.0.3-25.el7_2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff", "packageFilename": "libtiff-4.0.3-25.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff", "packageFilename": "libtiff-4.0.3-25.el7_2.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff", "packageFilename": "libtiff-4.0.3-25.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm", "arch": "i686", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-debuginfo", "packageFilename": "libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.i686.rpm", "arch": "i686", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-static", "packageFilename": "libtiff-static-4.0.3-25.el7_2.i686.rpm", "arch": "i686", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-static", "packageFilename": "libtiff-static-4.0.3-25.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-static", "packageFilename": "libtiff-static-4.0.3-25.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-static", "packageFilename": "libtiff-static-4.0.3-25.el7_2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-static", "packageFilename": "libtiff-static-4.0.3-25.el7_2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-static", "packageFilename": "libtiff-static-4.0.3-25.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-static", "packageFilename": "libtiff-static-4.0.3-25.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-tools", "packageFilename": "libtiff-tools-4.0.3-25.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-tools", "packageFilename": "libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-tools", "packageFilename": "libtiff-tools-4.0.3-25.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageName": "libtiff-tools", "packageFilename": "libtiff-tools-4.0.3-25.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)", "reporter": "RedHat", "published": "2016-08-02T18:26:49", "type": "redhat", "title": "(RHSA-2016:1546) Important: libtiff security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-8127", "CVE-2014-8129", "CVE-2014-8130", "CVE-2014-9330", "CVE-2014-9655", "CVE-2015-1547", "CVE-2015-7554", "CVE-2015-8665", "CVE-2015-8668", "CVE-2015-8683", "CVE-2015-8781", "CVE-2015-8782", "CVE-2015-8783", "CVE-2015-8784", "CVE-2016-3632", "CVE-2016-3945", "CVE-2016-3990", "CVE-2016-3991", "CVE-2016-5320"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:32:47", "id": "RHSA-2016:1546", "href": "https://access.redhat.com/errata/RHSA-2016:1546", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:26:31", "references": ["https://rhn.redhat.com/errata/RHSA-2016-1546.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageFilename": "libtiff-static-4.0.3-25.el7_2.x86_64.rpm", "packageName": "libtiff-static", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageFilename": "libtiff-4.0.3-25.el7_2.i686.rpm", "packageName": "libtiff", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageFilename": "libtiff-4.0.3-25.el7_2.x86_64.rpm", "packageName": "libtiff", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.x86_64.rpm", "packageName": "libtiff-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageFilename": "libtiff-4.0.3-25.el7_2.src.rpm", "packageName": "libtiff", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageFilename": "libtiff-tools-4.0.3-25.el7_2.x86_64.rpm", "packageName": "libtiff-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageFilename": "libtiff-static-4.0.3-25.el7_2.i686.rpm", "packageName": "libtiff-static", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.i686.rpm", "packageName": "libtiff-devel", "arch": "i686", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2016:1546\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/022010.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\nlibtiff-static\nlibtiff-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1546.html", "edition": 1, "reporter": "CentOS Project", "published": "2016-08-02T21:57:58", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "libtiff security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8668", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2016-3945", "CVE-2016-3991", "CVE-2014-9655"], "modified": "2016-08-02T21:57:58", "href": "http://lists.centos.org/pipermail/centos-announce/2016-August/022010.html", "id": "CESA-2016:1546", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:24:56", "references": ["https://rhn.redhat.com/errata/RHSA-2016-1547.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "any", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff-static", "packageFilename": "libtiff-static-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageName": "libtiff-static", "packageFilename": "libtiff-static-3.9.4-18.el6_8.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageName": "libtiff", "packageFilename": "libtiff-3.9.4-18.el6_8.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2016:1547\n\n\nThe libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/021999.html\n\n**Affected packages:**\nlibtiff\nlibtiff-devel\nlibtiff-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1547.html", "edition": 1, "reporter": "CentOS Project", "published": "2016-08-02T15:06:00", "title": "libtiff security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8668", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2016-3945", "CVE-2016-3991", "CVE-2014-9655"], "modified": "2016-08-02T15:06:00", "href": "http://lists.centos.org/pipermail/centos-announce/2016-August/021999.html", "id": "CESA-2016:1547", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:35", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "arch": "i686", "packageFilename": "libtiff-4.0.3-25.el7_2.i686.rpm", "packageName": "libtiff", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "arch": "x86_64", "packageFilename": "libtiff-static-4.0.3-25.el7_2.x86_64.rpm", "packageName": "libtiff-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "arch": "x86_64", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.x86_64.rpm", "packageName": "libtiff-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "arch": "src", "packageFilename": "libtiff-4.0.3-25.el7_2.src.rpm", "packageName": "libtiff", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "arch": "x86_64", "packageFilename": "libtiff-4.0.3-25.el7_2.x86_64.rpm", "packageName": "libtiff", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "arch": "i686", "packageFilename": "libtiff-devel-4.0.3-25.el7_2.i686.rpm", "packageName": "libtiff-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "arch": "x86_64", "packageFilename": "libtiff-tools-4.0.3-25.el7_2.x86_64.rpm", "packageName": "libtiff-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.0.3-25.el7_2", "arch": "i686", "packageFilename": "libtiff-static-4.0.3-25.el7_2.i686.rpm", "packageName": "libtiff-static", "operator": "lt"}], "description": "[4.0.3-25]\n- Add patches for CVEs:\n CVE-2015-7554, CVE-2015-8683, CVE-2015-8665,\n CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,\n CVE-2015-8784\n- Related: #1299920\n[4.0.3-24]\n- Update patches for CVEs:\n CVE-2014-8127, CVE-2014-8130\n- Related: #1299920\n[4.0.3-23]\n- Update patches:\n CVE-2014-9330, CVE-2014-8127, CVE-2014-8129\n CVE-2014-8130\n- Related: #1299920\n[4.0.3-22]\n- Update patch for CVE-2015-8668\n- Related: #1299920\n[4.0.3-21]\n- Remove patches for CVEs:\n CVE-2014-8127, CVE-2014-8129, CVE-2014-8130,\n CVE-2014-9330, CVE-2015-7554, CVE-2015-8665,\n CVE-2015-8683, CVE-2015-8781, CVE-2015-8784\n- Add patches for CVEs:\n CVE-2016-3632, CVE-2016-3945, CVE-2016-3990,\n CVE-2016-3991, CVE-2016-5320\n- Update patches for CVEs:\n CVE-2014-9655, CVE-2015-1547, CVE-2015-8668\n- Related: #1299920\n[4.0.3-20]\n- CVE-2014-8127 should contain only two fixes\n- Related: #1299920\n[4.0.3-19]\n- Revert previous patch CVE-2014-8127\n- Related: #1299920\n[4.0.3-18]\n- Fix patch CVE-2014-8127. Wrongly applied\n- Related: #1299920\n[4.0.3-17]\n- Fix patch CVE-2015-8668. Wrongly applied by me\n- Related: #1299920\n[4.0.3-16]\n- Fixed patches on preview CVEs\n- Related: #1299920\n[4.0.3-15]\n- This resolves several CVEs\n- CVE-2014-8127, CVE-2014-8129, CVE-2014-8130\n- CVE-2014-9330, CVE-2014-9655, CVE-2015-8781\n- CVE-2015-8784, CVE-2015-1547, CVE-2015-8683\n- CVE-2015-8665, CVE-2015-7554, CVE-2015-8668\n- Resolves: #1299920", "edition": 3, "reporter": "Oracle", "published": "2016-08-02T00:00:00", "title": "libtiff security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2015-8668", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2016-3945", "CVE-2016-3991", "CVE-2014-9655"], "modified": "2016-08-02T00:00:00", "id": "ELSA-2016-1546", "href": "http://linux.oracle.com/errata/ELSA-2016-1546.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:45:24", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageFilename": "libtiff-3.9.4-18.el6_8.x86_64.rpm", "packageName": "libtiff", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "src", "packageFilename": "libtiff-3.9.4-18.el6_8.src.rpm", "packageName": "libtiff", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "src", "packageFilename": "libtiff-3.9.4-18.el6_8.src.rpm", "packageName": "libtiff", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageFilename": "libtiff-3.9.4-18.el6_8.i686.rpm", "packageName": "libtiff", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageFilename": "libtiff-3.9.4-18.el6_8.i686.rpm", "packageName": "libtiff", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageFilename": "libtiff-static-3.9.4-18.el6_8.i686.rpm", "packageName": "libtiff-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.x86_64.rpm", "packageName": "libtiff-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "x86_64", "packageFilename": "libtiff-static-3.9.4-18.el6_8.x86_64.rpm", "packageName": "libtiff-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.i686.rpm", "packageName": "libtiff-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.9.4-18.el6_8", "arch": "i686", "packageFilename": "libtiff-devel-3.9.4-18.el6_8.i686.rpm", "packageName": "libtiff-devel", "operator": "lt"}], "description": "[3.9.4-18]\n- Update patch for CVE-2014-8127\n- Related: #1335099\n[3.9.4-17]\n- Fix patches for CVE-2016-3990 and CVE-2016-5320\n- Related: #1335099\n[3.9.4-16]\n- Add patches for CVEs:\n- CVE-2016-3632 CVE-2016-3945 CVE-2016-3990\n- CVE-2016-3991 CVE-2016-5320\n- Related: #1335099\n[3.9.4-15]\n- Update patch for CVE-2014-8129\n- Related: #1335099\n[3.9.4-14]\n- Merge previously released fixes for CVEs:\n- CVE-2013-1960 CVE-2013-1961 CVE-2013-4231\n- CVE-2013-4232 CVE-2013-4243 CVE-2013-4244\n- Resolves: #1335099\n[3.9.4-13]\n- Patch typos in CVE-2014-8127\n- Related: #1299919\n[3.9.4-12]\n- Fix CVE-2014-8127 and CVE-2015-8668 patches\n- Related: #1299919\n[3.9.4-11]\n- Fixed patches on preview CVEs\n- Related: #1299919", "edition": 3, "reporter": "Oracle", "published": "2016-08-02T00:00:00", "title": "libtiff security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8783", "CVE-2015-8784", "CVE-2013-4232", "CVE-2015-8668", "CVE-2013-1960", "CVE-2014-8127", "CVE-2016-3632", "CVE-2014-9330", "CVE-2015-8683", "CVE-2016-5320", "CVE-2013-4243", "CVE-2013-1961", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-3990", "CVE-2015-8782", "CVE-2015-8665", "CVE-2014-8129", "CVE-2013-4244", "CVE-2016-3945", "CVE-2016-3991", "CVE-2013-4231", "CVE-2014-9655"], "modified": "2016-08-02T00:00:00", "id": "ELSA-2016-1547", "href": "http://linux.oracle.com/errata/ELSA-2016-1547.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:26", "references": ["http://www.openwall.com/lists/oss-security/2015/12/24/2"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.0.6_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tiff", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "*", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-f10-tiff", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.9.4_2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-c6-tiff", "operator": "lt"}], "description": "\nLMX of Qihoo 360 Codesafe Team discovered an out-of-bounds read in\n\t tif_getimage.c. An attacker could create a specially-crafted TIFF\n\t file that could cause libtiff to crash.\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-12-24T00:00:00", "title": "tiff -- out-of-bounds read in tif_getimage.c", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8665"], "modified": "2016-09-06T00:00:00", "id": "BD349F7A-B3B9-11E5-8255-5453ED2E2B49", "href": "https://vuxml.freebsd.org/freebsd/bd349f7a-b3b9-11e5-8255-5453ed2e2b49.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:14:26", "references": ["http://www.openwall.com/lists/oss-security/2015/12/25/2"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "4.0.6_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tiff", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "*", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-f10-tiff", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.9.4_2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-c6-tiff", "operator": "lt"}], "description": "\nzzf of Alibaba discovered an out-of-bounds vulnerability in the code\n\t processing the LogLUV and CIE Lab image format files. An attacker\n\t could create a specially-crafted TIFF file that could cause libtiff\n\t to crash.\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-12-25T00:00:00", "title": "tiff -- out-of-bounds read in CIE Lab image format", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8683"], "modified": "2016-09-06T00:00:00", "id": "B65E4914-B3BC-11E5-8255-5453ED2E2B49", "href": "https://vuxml.freebsd.org/freebsd/b65e4914-b3bc-11e5-8255-5453ed2e2b49.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:06", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "4.0.7", "arch": "x86_64", "packageFilename": "libtiff-4.0.7-x86_64-1_slack14.2.txz", "packageName": "libtiff", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "4.0.7", "arch": "i586", "packageFilename": "libtiff-4.0.7-i586-1_slack14.2.txz", "packageName": "libtiff", "operator": "lt"}], "description": "New libtiff packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/libtiff-4.0.7-i586-1_slack14.2.txz: Upgraded.\n This release contains security fixes and improvements.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3622\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3658\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5652\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5875\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9273\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9448\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libtiff-4.0.7-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libtiff-4.0.7-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libtiff-4.0.7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libtiff-4.0.7-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 package:\na0b2f84a88036a4e8e01165d522fdf09 libtiff-4.0.7-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nfccecb6c9e1eea06607442bd6b58e63f libtiff-4.0.7-x86_64-1_slack14.2.txz\n\nSlackware -current package:\na1699ec0db14b6563390f78f9c9bee8e l/libtiff-4.0.7-i586-1.txz\n\nSlackware x86_64 -current package:\n9e5280389d6fc4a80fb0c42a026a942c l/libtiff-4.0.7-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libtiff-4.0.7-i586-1_slack14.2.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2017-04-08T13:11:36", "title": "libtiff", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-3622", "CVE-2016-9448", "CVE-2016-3623", "CVE-2014-8127", "CVE-2016-3658", "CVE-2015-8683", "CVE-2016-5323", "CVE-2016-5652", "CVE-2015-8665", "CVE-2016-5321", "CVE-2016-5875", "CVE-2016-9273"], "modified": "2017-04-08T13:11:36", "id": "SSA-2017-098-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.395195", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2017-01-09T18:13:57", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658", "https://bugs.gentoo.org/show_bug.cgi?id=585508", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186", "https://bugs.gentoo.org/show_bug.cgi?id=484542", "https://bugs.gentoo.org/show_bug.cgi?id=561880", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331", "https://bugs.gentoo.org/show_bug.cgi?id=585274", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316", "https://bugs.gentoo.org/show_bug.cgi?id=534108", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318", "https://bugs.gentoo.org/show_bug.cgi?id=572876", "https://bugs.gentoo.org/show_bug.cgi?id=599746", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655", "https://bugs.gentoo.org/show_bug.cgi?id=538318", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.0.7", "arch": "all", "packageName": "media-libs/tiff", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "### Background\n\nThe TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifier and bug reports referenced for details. \n\n### Impact\n\nA remote attacker could entice a user to process a specially crafted image file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libTIFF users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-4.0.7\"", "reporter": "Gentoo Foundation", "published": "2017-01-09T00:00:00", "title": "libTIFF: Multiple vulnerabilities", "type": "gentoo", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9453", "CVE-2016-3622", "CVE-2015-8783", "CVE-2016-5314", "CVE-2016-9448", "CVE-2016-3623", "CVE-2015-8784", "CVE-2016-5319", "CVE-2016-3631", "CVE-2015-8668", "CVE-2016-3625", "CVE-2016-3619", "CVE-2016-5322", "CVE-2016-5318", "CVE-2014-8127", "CVE-2016-3621", "CVE-2016-3658", "CVE-2016-9297", "CVE-2016-3632", "CVE-2014-9330", "CVE-2016-9318", "CVE-2016-3620", "CVE-2015-8683", "CVE-2016-5316", "CVE-2016-5320", "CVE-2015-7313", "CVE-2016-3186", "CVE-2013-4243", "CVE-2016-5323", "CVE-2016-5652", "CVE-2016-5315", "CVE-2014-8130", "CVE-2015-1547", "CVE-2015-8781", "CVE-2015-7554", "CVE-2016-8331", "CVE-2016-3990", "CVE-2016-3633", "CVE-2016-6223", "CVE-2016-5317", "CVE-2016-3624", "CVE-2015-8782", "CVE-2016-9532", "CVE-2015-8665", "CVE-2016-5102", "CVE-2014-8128", "CVE-2014-8129", "CVE-2016-5321", "CVE-2016-3634", "CVE-2016-3945", "CVE-2016-3991", "CVE-2016-5875", "CVE-2016-9273", "CVE-2014-9655"], "modified": "2017-01-09T00:00:00", "id": "GLSA-201701-16", "href": "https://security.gentoo.org/glsa/201701-16", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-12-07T17:30:03", "references": ["https://bugzilla.suse.com/984815", "https://bugzilla.suse.com/914890", "https://bugzilla.suse.com/987351", "https://bugzilla.suse.com/1010161", "https://bugzilla.suse.com/974840", "https://bugzilla.suse.com/1010163", "https://bugzilla.suse.com/1011103", "https://bugzilla.suse.com/974449", "https://bugzilla.suse.com/1007280", "https://bugzilla.suse.com/984813", "https://bugzilla.suse.com/1011107"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "i586", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.7-10.35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "libtiff5", "packageFilename": "libtiff5-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "i586", "packageName": "tiff-debuginfo", "packageFilename": "tiff-debuginfo-4.0.7-10.35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "libtiff5-debuginfo-32bit", "packageFilename": "libtiff5-debuginfo-32bit-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "i586", "packageName": "libtiff5-debuginfo", "packageFilename": "libtiff5-debuginfo-4.0.7-10.35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "libtiff5-32bit", "packageFilename": "libtiff5-32bit-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "i586", "packageName": "libtiff5", "packageFilename": "libtiff5-4.0.7-10.35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "tiff-debuginfo", "packageFilename": "tiff-debuginfo-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "i586", "packageName": "tiff-debugsource", "packageFilename": "tiff-debugsource-4.0.7-10.35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "libtiff-devel", "packageFilename": "libtiff-devel-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "i586", "packageName": "tiff", "packageFilename": "tiff-4.0.7-10.35.1.i586.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "libtiff-devel-32bit", "packageFilename": "libtiff-devel-32bit-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "tiff", "packageFilename": "tiff-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "libtiff5-debuginfo", "packageFilename": "libtiff5-debuginfo-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.0.7-10.35.1", "arch": "x86_64", "packageName": "tiff-debugsource", "packageFilename": "tiff-debugsource-4.0.7-10.35.1.x86_64.rpm", "operator": "lt"}], "edition": 1, "description": "Tiff was updated to version 4.0.7. This update fixes the following issues:\n\n * libtiff/tif_aux.c\n + Fix crash in TIFFVGetFieldDefaulted() when requesting Predictor tag\n and that the zip/lzw codec is not configured.\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2591\">http://bugzilla.maptools.org/show_bug.cgi?id=2591</a>)\n * libtiff/tif_compress.c\n + Make TIFFNoDecode() return 0 to indicate an error and make upper\n level read routines treat it accordingly.\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2517\">http://bugzilla.maptools.org/show_bug.cgi?id=2517</a>)\n * libtiff/tif_dir.c\n + Discard values of SMinSampleValue and SMaxSampleValue when they have\n been read and the value of SamplesPerPixel is changed afterwards\n (like when reading a OJPEG compressed image with a missing\n SamplesPerPixel tag, and whose photometric is RGB or YCbCr, forcing\n SamplesPerPixel being 3). Otherwise when rewriting the directory\n (for example with tiffset, we will expect 3 values whereas the array\n had been allocated with just\n one), thus causing a out of bound read access. (CVE-2014-8127,\n boo#914890, duplicate: CVE-2016-3658, boo#974840)\n * libtiff/tif_dirread.c\n + In TIFFFetchNormalTag(), do not dereference NULL pointer when values\n of tags with TIFF_SETGET_C16_ASCII/TIFF_SETGET_C32_ASCII access are\n 0-byte arrays. (CVE-2016-9448, boo#1011103)\n + In TIFFFetchNormalTag(), make sure that values of tags with\n TIFF_SETGET_C16_ASCII/TIFF_SETGET_C32_ASCII access are null\n terminated, to avoid potential read outside buffer in\n _TIFFPrintField(). (CVE-2016-9297, boo#1010161)\n + Prevent reading ColorMap or TransferFunction if BitsPerPixel &gt; 24,\n so as to avoid huge memory allocation and file read attempts\n + Reject images with OJPEG compression that have no\n TileOffsets/StripOffsets tag, when OJPEG compression is disabled.\n Prevent null pointer dereference in TIFFReadRawStrip1() and other\n functions that expect td_stripbytecount to be non NULL.\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2585\">http://bugzilla.maptools.org/show_bug.cgi?id=2585</a>)\n + When compiled with DEFER_STRILE_LOAD, fix regression, when reading a\n one-strip file without a StripByteCounts tag.\n + Workaround false positive warning of Clang Static Analyzer about\n null pointer dereference in TIFFCheckDirOffset().\n * libtiff/tif_dirwrite.c\n + Avoid null pointer dereference on td_stripoffset when writing\n directory, if FIELD_STRIPOFFSETS was artificially set for a hack\n case in OJPEG case. Fixes (CVE-2014-8127, boo#914890, duplicate:\n CVE-2016-3658, boo#974840)\n + Fix truncation to 32 bit of file offsets in TIFFLinkDirectory() and\n TIFFWriteDirectorySec() when aligning directory offsets on an even\n offset (affects BigTIFF).\n * libtiff/tif_dumpmode.c\n + DumpModeEncode() should return 0 in case of failure so that the\n above mentionned functions detect the error.\n * libtiff/tif_fax3.c\n + remove dead assignment in Fax3PutEOLgdal().\n * libtiff/tif_fax3.h\n + make Param member of TIFFFaxTabEnt structure a uint16 to reduce size\n of the binary.\n * libtiff/tif_getimage.c\n + Fix out-of-bound reads in TIFFRGBAImage interface in case of\n unsupported values of SamplesPerPixel/ExtraSamples for\n LogLUV/CIELab. Add explicit call to TIFFRGBAImageOK() in\n TIFFRGBAImageBegin(). Fix CVE-2015-8665 and CVE-2015-8683.\n + TIFFRGBAImageOK: Reject attempts to read floating point images.\n * libtiff/tif_luv.c\n + Fix potential out-of-bound writes in decode functions in non debug\n builds by replacing assert()s by regular if checks\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2522\">http://bugzilla.maptools.org/show_bug.cgi?id=2522</a>). Fix potential\n out-of-bound reads in case of short input data.\n + Validate that for COMPRESSION_SGILOG and PHOTOMETRIC_LOGL, there is\n only one sample per pixel. Avoid potential invalid memory write on\n corrupted/unexpected images when using the TIFFRGBAImageBegin()\n interface\n * libtiff/tif_next.c\n + Fix potential out-of-bound write in NeXTDecode()\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2508\">http://bugzilla.maptools.org/show_bug.cgi?id=2508</a>)\n * libtiff/tif_pixarlog.c\n + Avoid zlib error messages to pass a NULL string to %s formatter,\n which is undefined behaviour in sprintf().\n + Fix out-of-bounds write vulnerabilities in heap allocated buffers.\n Reported as MSVR 35094.\n + Fix potential buffer write overrun in PixarLogDecode() on\n corrupted/unexpected images (CVE-2016-5875, boo#987351)\n * libtiff/tif_predict.c\n + PredictorSetup: Enforce bits-per-sample requirements of floating\n point predictor (3). (CVE-2016-3622, boo#974449)\n * libtiff/tif_predict.h, libtiff/tif_predict.c\n + Replace assertions by runtime checks to avoid assertions in debug\n mode, or buffer overflows in release mode. Can happen when dealing\n with unusual tile size like YCbCr with subsampling. Reported as MSVR\n 35105.\n * libtiff/tif_read.c\n + Fix out-of-bounds read on memory-mapped files in TIFFReadRawStrip1()\n and TIFFReadRawTile1() when stripoffset is beyond tmsize_t max value\n + Make TIFFReadEncodedStrip() and TIFFReadEncodedTile() directly use\n user provided buffer when no compression (and other conditions) to\n save a memcpy().\n * libtiff/tif_strip.c\n + Make TIFFNumberOfStrips() return the td-&gt;td_nstrips value when it is\n non-zero, instead of recomputing it. This is needed in\n TIFF_STRIPCHOP mode where td_nstrips is modified. Fixes a read\n outsize of array in tiffsplit (or other utilities using\n TIFFNumberOfStrips()). (CVE-2016-9273, boo#1010163)\n * libtiff/tif_write.c\n + Fix issue in error code path of TIFFFlushData1() that didn't reset\n the tif_rawcc and tif_rawcp members. I'm not completely sure if that\n could happen in practice outside of the odd behaviour of\n t2p_seekproc() of tiff2pdf). The report points that a better fix\n could be to check the return value of TIFFFlushData1() in places\n where it isn't done currently, but it seems this patch is enough.\n Reported as MSVR 35095.\n + Make TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() directly use\n user provided buffer when no compression to save a memcpy().\n + TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() should return -1\n in case of failure of tif_encodestrip() as documented\n * tools/fax2tiff.c\n + Fix segfault when specifying -r without argument.\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2572\">http://bugzilla.maptools.org/show_bug.cgi?id=2572</a>)\n * tools/Makefile.am\n + The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and\n ycbcr are completely removed from the distribution. The libtiff\n tools rgb2ycbcr and thumbnail are only built in the build tree for\n testing. Old files are put in new 'archive' subdirectory of the\n source repository, but not in distribution archives. These changes\n are made in order to lessen the maintenance burden.\n * tools/tiff2bw.c\n + Fix weight computation that could result of color value\n overflow (no security implication). Fix\n <a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2550\">http://bugzilla.maptools.org/show_bug.cgi?id=2550</a>.\n * tools/tiff2pdf.c\n + Avoid undefined behaviour related to overlapping of source and\n destination buffer in memcpy() call in t2p_sample_rgbaa_to_rgb()\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2577\">http://bugzilla.maptools.org/show_bug.cgi?id=2577</a>)\n + Fix out-of-bounds write vulnerabilities in heap allocate buffer in\n t2p_process_jpeg_strip(). Reported as MSVR 35098.\n + Fix potential integer overflows on 32 bit builds in\n t2p_read_tiff_size()\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2576\">http://bugzilla.maptools.org/show_bug.cgi?id=2576</a>)\n + Fix read -largely- outsize of buffer in\n t2p_readwrite_pdf_image_tile(), causing crash, when reading a JPEG\n compressed image with TIFFTAG_JPEGTABLES length being one.\n (CVE-2016-9453, boo#1011107)\n + Fix write buffer overflow of 2 bytes on JPEG compressed images. Also\n prevents writing 2 extra uninitialized bytes to the file stream.\n (TALOS-CAN-0187, CVE-2016-5652, boo#1007280)\n * tools/tiffcp.c\n + Fix out-of-bounds write on tiled images with odd tile width vs image\n width. Reported as MSVR 35103.\n + Fix read of undefined variable in case of missing required tags.\n Found on test case of MSVR 35100.\n * tools/tiffcrop.c\n + Avoid access outside of stack allocated array on a tiled separate\n TIFF with more than 8 samples per pixel. (CVE-2016-5321,\n CVE-2016-5323, boo#984813, boo#984815)\n + Fix memory leak in (recent) error code path.\n + Fix multiple uint32 overflows in writeBufferToSeparateStrips(),\n writeBufferToContigTiles() and writeBufferToSeparateTiles() that\n could cause heap buffer overflows.\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2592\">http://bugzilla.maptools.org/show_bug.cgi?id=2592</a>)\n + Fix out-of-bound read of up to 3 bytes in\n readContigTilesIntoBuffer(). Reported as MSVR 35092.\n + Fix read of undefined buffer in readContigStripsIntoBuffer() due to\n uint16 overflow. Reported as MSVR 35100.\n + Fix various out-of-bounds write vulnerabilities in heap or stack\n allocated buffers. Reported as MSVR 35093, MSVR 35096 and MSVR 35097.\n + readContigTilesIntoBuffer: Fix signed/unsigned comparison warning.\n * tools/tiffdump.c\n + Fix a few misaligned 64-bit reads warned by -fsanitize\n + ReadDirectory: Remove uint32 cast to_TIFFmalloc() argument which\n resulted in Coverity report. Added more mutiplication\n overflow checks\n * tools/tiffinfo.c\n + Fix out-of-bound read on some tiled images.\n (<a rel=\"nofollow\" href=\"http://bugzilla.maptools.org/show_bug.cgi?id=2517\">http://bugzilla.maptools.org/show_bug.cgi?id=2517</a>)\n + TIFFReadContigTileData: Fix signed/unsigned comparison warning.\n + TIFFReadSeparateTileData: Fix signed/unsigned comparison warning.\n\n", "reporter": "Suse", "published": "2016-12-07T15:08:51", "type": "suse", "title": "Security update for tiff (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9453", "CVE-2016-3622", "CVE-2016-9448", "CVE-2014-8127", "CVE-2016-3658", "CVE-2016-9297", "CVE-2015-8683", "CVE-2016-5323", "CVE-2016-5652", "CVE-2015-7554", "CVE-2015-8665", "CVE-2016-5321", "CVE-2016-5875", "CVE-2016-9273"], "modified": "2016-12-07T15:08:51", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html", "id": "OPENSUSE-SU-2016:3035-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-11-26T01:23:04", "references": ["https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7", "https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55", "http://seclists.org/oss-sec/2016/q2/24", "https://access.redhat.com/security/cve/CVE-2016-5875", "https://access.redhat.com/security/cve/CVE-2016-5316", "https://access.redhat.com/security/cve/CVE-2016-9538", "http://bugzilla.maptools.org/show_bug.cgi?id=2566", "http://www.openwall.com/lists/oss-security/2016/07/13/3", "https://access.redhat.com/security/cve/CVE-2016-6223", "https://access.redhat.com/security/cve/CVE-2016-9539", "https://access.redhat.com/security/cve/CVE-2016-5318", "http://seclists.org/bugtraq/2015/Dec/138", "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt", "https://access.redhat.com/security/cve/CVE-2016-3945", "http://www.openwall.com/lists/oss-security/2016/04/07/1", "http://seclists.org/oss-sec/2016/q2/22", "http://seclists.org/oss-sec/2015/q3/601", "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "http://seclists.org/oss-sec/2016/q2/29", "http://seclists.org/oss-sec/2016/q2/486", "https://access.redhat.com/security/cve/CVE-2016-3631", "https://access.redhat.com/security/cve/CVE-2016-3623", "http://bugzilla.maptools.org/show_bug.cgi?id=2548", "http://www.simplesystems.org/libtiff/v4.0.7.html", "http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1", "https://access.redhat.com/security/cve/CVE-2016-3634", "http://bugzilla.maptools.org/show_bug.cgi?id=2560", "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "http://seclists.org/oss-sec/2016/q2/27", "https://access.redhat.com/security/cve/CVE-2016-9297", "http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2", "https://access.redhat.com/security/cve/CVE-2016-9453", "https://access.redhat.com/security/cve/CVE-2015-8668", "http://bugzilla.maptools.org/show_bug.cgi?id=2483", "http://seclists.org/oss-sec/2016/q2/28", "http://www.openwall.com/lists/oss-security/2016/03/30/2", "http://bugzilla.maptools.org/show_bug.cgi?id=2579", "https://access.redhat.com/security/cve/CVE-2016-9537", "https://access.redhat.com/security/cve/CVE-2016-3186", "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2", "http://seclists.org/oss-sec/2016/q4/464", "http://seclists.org/oss-sec/2016/q2/21", "https://access.redhat.com/security/cve/CVE-2016-5315", "https://access.redhat.com/security/cve/CVE-2016-9536", "http://bugzilla.maptools.org/show_bug.cgi?id=2500", "https://access.redhat.com/security/cve/CVE-2016-5322", "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b", "http://bugzilla.maptools.org/show_bug.cgi?id=2545", "https://access.redhat.com/security/cve/CVE-2016-5321", "http://www.openwall.com/lists/oss-security/2016/06/15/8", "http://www.openwall.com/lists/oss-security/2015/12/24/4", "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3", "https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e", "https://access.redhat.com/security/cve/CVE-2014-8127", "https://access.redhat.com/security/cve/CVE-2016-9273", "http://www.openwall.com/lists/oss-security/2016/11/09/20", "https://access.redhat.com/security/cve/CVE-2016-3619", "http://www.openwall.com/lists/oss-security/2016/06/15/9", "http://bugzilla.maptools.org/show_bug.cgi?id=2552", "https://access.redhat.com/security/cve/CVE-2016-3658", "https://access.redhat.com/security/cve/CVE-2016-5102", "https://access.redhat.com/security/cve/CVE-2010-2596", "http://www.talosintelligence.com/reports/TALOS-2016-0187/", "http://bugzilla.maptools.org/show_bug.cgi?id=2561", "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "http://bugzilla.maptools.org/show_bug.cgi?id=2592", "http://www.openwall.com/lists/oss-security/2016/11/11/14", "http://seclists.org/oss-sec/2016/q2/23", "https://access.redhat.com/security/cve/CVE-2016-9540", "https://access.redhat.com/security/cve/CVE-2016-9532", "http://bugzilla.maptools.org/show_bug.cgi?id=2543", "http://www.openwall.com/lists/oss-security/2016/06/15/3", "https://access.redhat.com/security/cve/CVE-2016-3624", "http://www.openwall.com/lists/oss-security/2016/06/15/2", "http://www.openwall.com/lists/oss-security/2016/04/08/13", "http://bugzilla.maptools.org/show_bug.cgi?id=2565", "https://access.redhat.com/security/cve/CVE-2016-3620", "https://access.redhat.com/security/cve/CVE-2016-3632", "http://www.openwall.com/lists/oss-security/2016/04/08/11", "https://access.redhat.com/security/cve/CVE-2016-9533", "http://bugzilla.maptools.org/show_bug.cgi?id=2544", "https://access.redhat.com/security/cve/CVE-2016-3625", "https://access.redhat.com/security/cve/CVE-2016-9534", "http://seclists.org/oss-sec/2016/q2/30", "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53", "https://access.redhat.com/security/cve/CVE-2016-5323", "https://access.redhat.com/security/cve/CVE-2015-8683", "http://bugzilla.maptools.org/show_bug.cgi?id=2536", "https://access.redhat.com/security/cve/CVE-2015-7313", "https://access.redhat.com/security/cve/CVE-2016-5314", "http://bugzilla.maptools.org/show_bug.cgi?id=2569", "http://www.openwall.com/lists/oss-security/2016/06/15/7", "http://seclists.org/oss-sec/2016/q2/57", "https://access.redhat.com/security/cve/CVE-2016-3633", "http://www.openwall.com/lists/oss-security/2016/06/15/1", "http://bugzilla.maptools.org/show_bug.cgi?id=2549", "http://bugzilla.maptools.org/show_bug.cgi?id=2593", "http://bugzilla.maptools.org/show_bug.cgi?id=2559#c3", "https://access.redhat.com/security/cve/CVE-2016-9448", "http://seclists.org/oss-sec/2016/q2/33", "https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed", "https://access.redhat.com/security/cve/CVE-2016-5319", "https://access.redhat.com/security/cve/CVE-2016-3621", "http://www.openwall.com/lists/oss-security/2016/09/29/", "http://bugzilla.maptools.org/show_bug.cgi?id=2563#c4", "https://access.redhat.com/security/cve/CVE-2016-5317", "http://www.openwall.com/lists/oss-security/2016/06/29/6", "http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6", "https://access.redhat.com/security/cve/CVE-2016-3991", "https://github.com/vadz/libtiff/commit/b5d6803f0898e931cf772d3d0755704ab8488e63", "http://bugzilla.maptools.org/show_bug.cgi?id=2554", "https://access.redhat.com/security/cve/CVE-2016-3622", "https://access.redhat.com/security/cve/CVE-2016-5320", "http://bugzilla.maptools.org/show_bug.cgi?id=2562", "http://bugzilla.maptools.org/show_bug.cgi?id=2567", "http://bugzilla.maptools.org/show_bug.cgi?id=2587", "https://access.redhat.com/security/cve/CVE-2016-5652", "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt", "http://bugzilla.maptools.org/show_bug.cgi?id=2590", "http://www.openwall.com/lists/oss-security/2015/12/25/1", "http://www.openwall.com/lists/oss-security/2016/04/08/12", "http://seclists.org/oss-sec/2016/q2/548", "https://access.redhat.com/security/cve/CVE-2014-8130", "http://bugzilla.maptools.org/show_bug.cgi?id=2570", "https://access.redhat.com/security/cve/CVE-2016-3990", "https://access.redhat.com/security/cve/CVE-2016-9535", "https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496", "http://www.openwall.com/lists/oss-security/2016/06/15/5", "https://access.redhat.com/security/cve/CVE-2015-8665"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "4.0.7-1", "arch": "any", "packageName": "lib32-libtiff", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2010-2596 (denial of service)\n\nThe OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2,\nas used in tiff2ps, allows remote attackers to cause a denial of\nservice (assertion failure and application exit) via a crafted TIFF\nimage, related to &quot;downsampled OJPEG input.&quot;\n\n- CVE-2014-8127 (information disclosure)\n\nLibTIFF provides support for the Tag Image File Format (TIFF), a widely\nused format for storing image data. It is composed of a library for\nworking with TIFF files along with a small collection of tools for\ndoing simple manipulations of TIFF images.\nMultiple out-of-bounds reads can be triggered with malformed TIFF\nimages in the following LibTIFF tools: thumbnail, tiff2bw, tiff2rgba,\ntiff2ps, tiffdither, tiffmedian, tiffset\n\n- CVE-2014-8130 (denial of service)\n\nA floating point exception due to a division by zero in the tiffdither\ntool can be triggered with a malformed TIFF file leading to denial of\nservice.\n\n- CVE-2015-7313 (denial of service)\n\nA denial of service flaw was found in the way libtiff parsed certain\ntiff files. An attacker could use this flaw to create a specially\ncrafted TIFF file that would cause an application using libtiff to\nexhaust all available memory on the system.\n\n- CVE-2015-8665 (denial of service)\n\ntif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a\ndenial of service (out-of-bounds read) via the SamplesPerPixel tag in a\nTIFF image.\n\n- CVE-2015-8668 (arbitrary code execution)\n\nHeap-based buffer overflow in the PackBitsPreEncode function in\ntif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote\nattackers to execute arbitrary code or cause a denial of service via a\nlarge width field in a BMP image.\n\n- CVE-2015-8683 (denial of service)\n\nAn out-bounds-read flaw was found in the way libtiff processed CIE Lab\nimage format files. A attacker could create a specially-crafted CIE Lab\nimage format files which could cause libtiff to crash.\n\n- CVE-2016-3186 (denial of service)\n\nA buffer overflow vulnerability was reported in libtiff library, in the\nreadextension function in the gif2tiff component. A maliciously crafted\nGIF file could cause the application to crash resulting in denial of\nservice.\n\n- CVE-2016-3619 (denial of service)\n\nAn out-of-bounds read vulnerability has been discovered in the\nDumpModeEncode function when handling maliciously crafted BMP files,\nwhile doing operation _TIFFmemcpy. An attacker could exploit this issue\nto cause a denial of service.\n\n- CVE-2016-3620 (denial of service)\n\nAn out-of-bounds read vulnerability has been discovered in ZIPEncode\nfunction in tif_zip.c. Running bmp2tiff on a specially crafted BMP file\nresults in an application crash.\n\n- CVE-2016-3621 (denial of service)\n\nThe LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF\n4.0.6 and earlier, when the &quot;-c lzw&quot; option is used, allows remote\nattackers to cause a denial of service (buffer over-read) via a crafted\nBMP image.\n\n- CVE-2016-3622 (denial of service)\n\nDivision by zero vulnerability was found in fpAcc function in\ntif_predict.c in tiff2rgba, allowing attacker to cause a denial of\nservice via a crafted TIFF image.\n\n- CVE-2016-3623 (denial of service)\n\nDivision by zero vulnerability was found in cvtRaster function in\nrgb2ycybr.c, allowing attacker to cause a denial of service via a\ncrafted TIFF image.\n\n- CVE-2016-3624 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability was found in cvtClump function in\nrgb2ycybr.c, allowing attacker to cause a denial of service or possibly\nexecute arbitrary code via a crafted TIFF image.\n\n- CVE-2016-3625 (denial of service)\n\nAn out-of-bounds read vulnerability was found in tif_read.c in tiff2bw,\nallowing attacker to cause a denial of service via a crafted TIFF\nimage.\n\n- CVE-2016-3631 (denial of service)\n\nThe (1) cpStrips and (2) cpTiles functions in the thumbnail tool in\nLibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of\nservice (out-of-bounds read) via vectors related to the bytecounts[]\narray variable.\n\n- CVE-2016-3632 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability was found in _TIFFVGetField\nfunction in tif_dirinfo.c, allowing attacker to cause a denial of\nservice or code execution via a crafted TIFF image.\n\n- CVE-2016-3633 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the _setrow function\nin the libtiff library. Using a thumbnail command on a maliciously\ncrafted image could cause the application to crash.\n\n- CVE-2016-3634 (denial of service)\n\nA vulnerability was found in the libtiff library. Using the tagCompare\nfunction with the thumbnail command on a maliciously crafted tiff file\ncould cause an out-of-bounds read leading to application crash.\n\n- CVE-2016-3658 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the\nTIFFWriteDirectoryTagLongLong8Array function in the libtiff library.\nUsing a tiffset command on a maliciously crafted image could result in\na denial-of-service.\n\n- CVE-2016-3945 (arbitrary code execution)\n\nWhen libtiff's tiff2rgba handles a maliciously-crafted tiff file(width=\n8388640, height=31) an illegal write happens. This vulnerability exists\nin the function cvt_by_strip (and cvt_by_tile ) due to an improper\nbuffer allocation. An attacker may control the write address and/or\nvalue to result in denial-of-service or arbitrary code execution.\n\n- CVE-2016-3990 (arbitrary code execution)\n\nAn out-of-bounds write flaw was found in libtiff v4.0.6 when using\ntiffcp command to handle malicious tiff file. The vulnerability exists\nin the function horizontalDifference8(). An attacker could control the\nhead data of next heap which contains pre_size field and size filed to\nresult in denial of service or arbitrary code execution.\n\n- CVE-2016-3991 (arbitrary code execution)\n\nAn out-of-bounds write caused by a heap overflow when using tiffcrop\ntool. The vulnerability is located in the loadImage() function of\ntiffcrop.c. loadImage() will read the numbers of tiles by calling\nTIFFNumberOfTiles(). However, if the numbers of tiles is 0, loadImage()\nwill still read tile data by calling readContigTilesIntoBuffer() from\nthe image, regardless of the numbers. In that case, loadImage() will\nallocate 3 bytes of heap to store a tile data, and a heap overflow\noccurs if a tile data is beyond 3 bytes. This will cause denial of\nservice or arbitrary code execution upon freeing the buffer.\n\n- CVE-2016-5102 (denial of service)\n\nA vulnerability was found in libtiff. A maliciously crafted file could\ncause the application to crash via buffer overflow in gif2tiff tool.\n\n- CVE-2016-5314 (arbitrary code execution)\n\nA vulnerability was found in libtiff. A maliciously crafted TIFF file\ncould cause the application to crash when using rgb2ycbcr command via\nan out-of-bounds write in the PixarLogDecode() function.\n\n- CVE-2016-5315 (denial of service)\n\nAn out-of-bounds read vulnerability was found in in the setByteArray()\nfunction inlibtiff. A maliciously crafted TIFF file could cause the\napplication to crash when using rgb2ycbcr.\n\n- CVE-2016-5316 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the PixarLogCleanup()\nfunction in libtiff. A maliciously crafted TIFF file could cause the\napplication to crash when using rgb2ycbcr.\n\n- CVE-2016-5317 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability was found in the PixarLogDecode()\nfunction in libtiff. A maliciously crafted TIFF file could cause the\napplication to crash or possibly execute arbitrary code when generating\na thumbnail for it.\n\n- CVE-2016-5318 (arbitrary code execution)\n\nA stack-based buffer overflow vulnerability was reported in thumbnail's\n_TIFFVGetField() function. Memory corruption can be triggered when\nhandling maliciously crafted tiff file causing application to crash or\npossibly execute arbitrary code.\n\n- CVE-2016-5319 (arbitrary code execution)\n\nHeap-based buffer overflow vulnerability was found in tif_packbits.c in\nPackBitsEncode function. Memory corruption can be triggered when\nbmp2tiff is handling maliciously crafted bmp file causing application\nto crash or possibly execute arbitrary code.\n\n- CVE-2016-5320 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability was found in the PixarLogDecode()\nfunction in libtiff. A maliciously crafted TIFF file could cause the\napplication to crash or even execute arbitrary code on a vulnerable\nmachine when using the rgb2ycbcr command.\n\n- CVE-2016-5321 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the DumpModeDecode()\nfunction in libtiff. A maliciously crafted TIFF file could cause the\napplication to crash when using tiffcrop command.\n\n- CVE-2016-5322 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the\nextractContigSamplesBytes() function in libtiff. A maliciously crafted\nTIFF file could cause the application to crash when using the tiffcrop\ncommand.\n\n- CVE-2016-5323 (denial of service)\n\nWhen using the tiffcrop command and a crafted TIFF image, the function\n_TIFFFax3fill() runs without checking the value of the divisor and\ncauses a divide by zero flaw. Attackers can exploit this issue to cause\na denial of service.\n\n- CVE-2016-5652 (arbitrary code execution)\n\nAn exploitable heap based buffer overflow exists in the handling of\nTIFF images in LibTIFF&#8217;s TIFF2PDF tool. A crafted TIFF document can\nlead to a heap based buffer overflow via JPEG Compression Tables\nresulting in remote code execution. This vulnerability can be triggered\nvia a saved TIFF file delivered by other means.\n\n- CVE-2016-5875 (arbitrary code execution)\n\nThere is a heap-based buffer overflow on libtiff/tif_pixarlog.c. The\nvulnerability allows an attacker to control the size of the allocated\nheap-buffer while independently controlling the data to be written to\nthe buffer with no restrictions on the size of the written data.\n\n- CVE-2016-6223 (information disclosure)\n\nAn out-of-bounds read vulnerability on memory-mapped files in\nTIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond\ntmsize_t max value was found. The vulnerability allows an attacker to\nspecify a negative index into the file-content buffer and copy data\nfrom that position until the end of the buffer. This will allow an\nattacker to crash the process by accessing unmapped memory and\n(depending on how LibTIFF is used) might also allow an attacker to leak\nsensitive information.\n\n- CVE-2016-9273 (denial of service)\n\nA heap buffer overflow has been discovered resulting in a read outside\nof the array boundaries leading to an application crash.\n\n- CVE-2016-9297 (denial of service)\n\nA buffer read overflow has been discovered in libtiff. The function\nTIFFFetchNormalTag() in libtiff/tif_dirread.c did not make sure that\nvalues of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII\naccess are null terminated leading to potential read outside the buffer\nin _TIFFPrintField().\n\n- CVE-2016-9448 (denial of service)\n\nA null pointer dereference vulnerability in TIFFFetchNormalTag() occurs\nwhen values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII\naccess are 0-byte arrays leading to denial of service.\n\n- CVE-2016-9453 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability has been discovered caused by a\nmemcpy call without proper bounds checks. A malicious tiff file handled\nby tiff2pdf will cause an illegal write to a potentially attacker\ncontrolled target address.\n\n- CVE-2016-9532 (arbitrary code execution)\n\nMultiple uint32 overflows have been discovered that are leading to a\nheap buffer overflow in writeBufferToSeparateStrips(). A maliciously\ncrafted TIFF file could cause the application to crash or even execute\narbitrary code on a vulnerable machine.\n\n- CVE-2016-9533 (arbitrary code execution)\n\ntif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities\nin heap allocated buffers. Reported as MSVR 35094, aka &quot;PixarLog\nhorizontalDifference heap-buffer-overflow.&quot;\n\n- CVE-2016-9534 (arbitrary code execution)\n\ntif_write.c in libtiff 4.0.6 has an issue in the error code path of\nTIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members.\nReported as MSVR 35095, aka &quot;TIFFFlushData1 heap-buffer-overflow.&quot;\n\n- CVE-2016-9535 (arbitrary code execution)\n\ntif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that\ncan lead to assertion failures in debug mode, or buffer overflows in\nrelease mode, when dealing with unusual tile size like YCbCr with\nsubsampling. Reported as MSVR 35105, aka &quot;Predictor heap-buffer-\noverflow.&quot;\n\n- CVE-2016-9536 (arbitrary code execution)\n\nIt was found that tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds\nwrite vulnerabilities in heap allocated buffers in\nt2p_process_jpeg_strip().\n\n- CVE-2016-9537 (arbitrary code execution)\n\nIt was found that tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds\nwrite vulnerabilities in heap allocated buffers.\n\n- CVE-2016-9538 (denial of service)\n\nIt was found that tools/tiffcrop.c in libtiff 4.0.6 reads an undefined\nbuffer in readContigStripsIntoBuffer() because of a uint16 integer\noverflow.\n\n- CVE-2016-9539 (information disclosure)\n\nIt was found that tools/tiffcrop.c in libtiff 4.0.6 has an out-of-\nbounds read in readContigTilesIntoBuffer() leading to possible\ninformation disclosure.\n\n- CVE-2016-9540 (arbitrary code execution)\n\nIt was found that tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds\nheap write on tiled images with odd tile width versus image width. This\nhas also been reported as MSVR 35103, aka &quot;cpStripToTile heap-buffer-\noverflow.&quot;", "reporter": "Arch Linux", "published": "2016-11-25T00:00:00", "type": "archlinux", "title": "lib32-libtiff: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9453", "CVE-2016-3622", "CVE-2016-9536", "CVE-2016-5314", "CVE-2016-9448", "CVE-2016-3623", "CVE-2016-5319", "CVE-2016-3631", "CVE-2015-8668", "CVE-2016-3625", "CVE-2016-3619", "CVE-2016-5322", "CVE-2016-5318", "CVE-2016-9540", "CVE-2014-8127", "CVE-2016-3621", "CVE-2016-3658", "CVE-2016-9297", "CVE-2016-3632", "CVE-2010-2596", "CVE-2016-9539", "CVE-2016-3620", "CVE-2015-8683", "CVE-2016-5316", "CVE-2016-9534", "CVE-2016-5320", "CVE-2015-7313", "CVE-2016-9535", "CVE-2016-3186", "CVE-2016-5323", "CVE-2016-5652", "CVE-2016-5315", "CVE-2014-8130", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-3990", "CVE-2016-3633", "CVE-2016-6223", "CVE-2016-5317", "CVE-2016-3624", "CVE-2016-9532", "CVE-2015-8665", "CVE-2016-5102", "CVE-2016-5321", "CVE-2016-3634", "CVE-2016-3945", "CVE-2016-3991", "CVE-2016-5875", "CVE-2016-9533", "CVE-2016-9273"], "modified": "2016-11-25T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-November/000774.html", "id": "ASA-201611-27", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-26T01:23:04", "references": ["https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7", "https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55", "http://seclists.org/oss-sec/2016/q2/24", "https://access.redhat.com/security/cve/CVE-2016-5875", "https://access.redhat.com/security/cve/CVE-2016-5316", "https://access.redhat.com/security/cve/CVE-2016-9538", "http://bugzilla.maptools.org/show_bug.cgi?id=2566", "http://www.openwall.com/lists/oss-security/2016/07/13/3", "https://access.redhat.com/security/cve/CVE-2016-6223", "https://access.redhat.com/security/cve/CVE-2016-9539", "https://access.redhat.com/security/cve/CVE-2016-5318", "http://seclists.org/bugtraq/2015/Dec/138", "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt", "https://access.redhat.com/security/cve/CVE-2016-3945", "http://www.openwall.com/lists/oss-security/2016/04/07/1", "http://seclists.org/oss-sec/2016/q2/22", "http://seclists.org/oss-sec/2015/q3/601", "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "http://seclists.org/oss-sec/2016/q2/29", "http://seclists.org/oss-sec/2016/q2/486", "https://access.redhat.com/security/cve/CVE-2016-3631", "https://access.redhat.com/security/cve/CVE-2016-3623", "http://bugzilla.maptools.org/show_bug.cgi?id=2548", "http://www.simplesystems.org/libtiff/v4.0.7.html", "http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1", "https://access.redhat.com/security/cve/CVE-2016-3634", "http://bugzilla.maptools.org/show_bug.cgi?id=2560", "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "http://seclists.org/oss-sec/2016/q2/27", "https://access.redhat.com/security/cve/CVE-2016-9297", "http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2", "https://access.redhat.com/security/cve/CVE-2016-9453", "https://access.redhat.com/security/cve/CVE-2015-8668", "http://bugzilla.maptools.org/show_bug.cgi?id=2483", "http://seclists.org/oss-sec/2016/q2/28", "http://www.openwall.com/lists/oss-security/2016/03/30/2", "http://bugzilla.maptools.org/show_bug.cgi?id=2579", "https://access.redhat.com/security/cve/CVE-2016-9537", "https://access.redhat.com/security/cve/CVE-2016-3186", "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2", "http://seclists.org/oss-sec/2016/q4/464", "http://seclists.org/oss-sec/2016/q2/21", "https://access.redhat.com/security/cve/CVE-2016-5315", "https://access.redhat.com/security/cve/CVE-2016-9536", "http://bugzilla.maptools.org/show_bug.cgi?id=2500", "https://access.redhat.com/security/cve/CVE-2016-5322", "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b", "http://bugzilla.maptools.org/show_bug.cgi?id=2545", "https://access.redhat.com/security/cve/CVE-2016-5321", "http://www.openwall.com/lists/oss-security/2016/06/15/8", "http://www.openwall.com/lists/oss-security/2015/12/24/4", "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3", "https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e", "https://access.redhat.com/security/cve/CVE-2014-8127", "https://access.redhat.com/security/cve/CVE-2016-9273", "http://www.openwall.com/lists/oss-security/2016/11/09/20", "https://access.redhat.com/security/cve/CVE-2016-3619", "http://www.openwall.com/lists/oss-security/2016/06/15/9", "http://bugzilla.maptools.org/show_bug.cgi?id=2552", "https://access.redhat.com/security/cve/CVE-2016-3658", "https://access.redhat.com/security/cve/CVE-2016-5102", "https://access.redhat.com/security/cve/CVE-2010-2596", "http://www.talosintelligence.com/reports/TALOS-2016-0187/", "http://bugzilla.maptools.org/show_bug.cgi?id=2561", "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "http://bugzilla.maptools.org/show_bug.cgi?id=2592", "http://www.openwall.com/lists/oss-security/2016/11/11/14", "http://seclists.org/oss-sec/2016/q2/23", "https://access.redhat.com/security/cve/CVE-2016-9540", "https://access.redhat.com/security/cve/CVE-2016-9532", "http://bugzilla.maptools.org/show_bug.cgi?id=2543", "http://www.openwall.com/lists/oss-security/2016/06/15/3", "https://access.redhat.com/security/cve/CVE-2016-3624", "http://www.openwall.com/lists/oss-security/2016/06/15/2", "http://www.openwall.com/lists/oss-security/2016/04/08/13", "http://bugzilla.maptools.org/show_bug.cgi?id=2565", "https://access.redhat.com/security/cve/CVE-2016-3620", "https://access.redhat.com/security/cve/CVE-2016-3632", "http://www.openwall.com/lists/oss-security/2016/04/08/11", "https://access.redhat.com/security/cve/CVE-2016-9533", "http://bugzilla.maptools.org/show_bug.cgi?id=2544", "https://access.redhat.com/security/cve/CVE-2016-3625", "https://access.redhat.com/security/cve/CVE-2016-9534", "http://seclists.org/oss-sec/2016/q2/30", "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53", "https://access.redhat.com/security/cve/CVE-2016-5323", "https://access.redhat.com/security/cve/CVE-2015-8683", "http://bugzilla.maptools.org/show_bug.cgi?id=2536", "https://access.redhat.com/security/cve/CVE-2015-7313", "https://access.redhat.com/security/cve/CVE-2016-5314", "http://bugzilla.maptools.org/show_bug.cgi?id=2569", "http://www.openwall.com/lists/oss-security/2016/06/15/7", "http://seclists.org/oss-sec/2016/q2/57", "https://access.redhat.com/security/cve/CVE-2016-3633", "http://www.openwall.com/lists/oss-security/2016/06/15/1", "http://bugzilla.maptools.org/show_bug.cgi?id=2549", "http://bugzilla.maptools.org/show_bug.cgi?id=2593", "http://bugzilla.maptools.org/show_bug.cgi?id=2559#c3", "https://access.redhat.com/security/cve/CVE-2016-9448", "http://seclists.org/oss-sec/2016/q2/33", "https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed", "https://access.redhat.com/security/cve/CVE-2016-5319", "https://access.redhat.com/security/cve/CVE-2016-3621", "http://www.openwall.com/lists/oss-security/2016/09/29/", "http://bugzilla.maptools.org/show_bug.cgi?id=2563#c4", "https://access.redhat.com/security/cve/CVE-2016-5317", "http://www.openwall.com/lists/oss-security/2016/06/29/6", "http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6", "https://access.redhat.com/security/cve/CVE-2016-3991", "https://github.com/vadz/libtiff/commit/b5d6803f0898e931cf772d3d0755704ab8488e63", "http://bugzilla.maptools.org/show_bug.cgi?id=2554", "https://access.redhat.com/security/cve/CVE-2016-3622", "https://access.redhat.com/security/cve/CVE-2016-5320", "http://bugzilla.maptools.org/show_bug.cgi?id=2562", "http://bugzilla.maptools.org/show_bug.cgi?id=2567", "http://bugzilla.maptools.org/show_bug.cgi?id=2587", "https://access.redhat.com/security/cve/CVE-2016-5652", "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt", "http://bugzilla.maptools.org/show_bug.cgi?id=2590", "http://www.openwall.com/lists/oss-security/2015/12/25/1", "http://www.openwall.com/lists/oss-security/2016/04/08/12", "http://seclists.org/oss-sec/2016/q2/548", "https://access.redhat.com/security/cve/CVE-2014-8130", "http://bugzilla.maptools.org/show_bug.cgi?id=2570", "https://access.redhat.com/security/cve/CVE-2016-3990", "https://access.redhat.com/security/cve/CVE-2016-9535", "https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496", "http://www.openwall.com/lists/oss-security/2016/06/15/5", "https://access.redhat.com/security/cve/CVE-2015-8665"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "4.0.7-1", "arch": "any", "packageName": "libtiff", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2010-2596 (denial of service)\n\nThe OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2,\nas used in tiff2ps, allows remote attackers to cause a denial of\nservice (assertion failure and application exit) via a crafted TIFF\nimage, related to &quot;downsampled OJPEG input.&quot;\n\n- CVE-2014-8127 (information disclosure)\n\nLibTIFF provides support for the Tag Image File Format (TIFF), a widely\nused format for storing image data. It is composed of a library for\nworking with TIFF files along with a small collection of tools for\ndoing simple manipulations of TIFF images.\nMultiple out-of-bounds reads can be triggered with malformed TIFF\nimages in the following LibTIFF tools: thumbnail, tiff2bw, tiff2rgba,\ntiff2ps, tiffdither, tiffmedian, tiffset\n\n- CVE-2014-8130 (denial of service)\n\nA floating point exception due to a division by zero in the tiffdither\ntool can be triggered with a malformed TIFF file leading to denial of\nservice.\n\n- CVE-2015-7313 (denial of service)\n\nA denial of service flaw was found in the way libtiff parsed certain\ntiff files. An attacker could use this flaw to create a specially\ncrafted TIFF file that would cause an application using libtiff to\nexhaust all available memory on the system.\n\n- CVE-2015-8665 (denial of service)\n\ntif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a\ndenial of service (out-of-bounds read) via the SamplesPerPixel tag in a\nTIFF image.\n\n- CVE-2015-8668 (arbitrary code execution)\n\nHeap-based buffer overflow in the PackBitsPreEncode function in\ntif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote\nattackers to execute arbitrary code or cause a denial of service via a\nlarge width field in a BMP image.\n\n- CVE-2015-8683 (denial of service)\n\nAn out-bounds-read flaw was found in the way libtiff processed CIE Lab\nimage format files. A attacker could create a specially-crafted CIE Lab\nimage format files which could cause libtiff to crash.\n\n- CVE-2016-3186 (denial of service)\n\nA buffer overflow vulnerability was reported in libtiff library, in the\nreadextension function in the gif2tiff component. A maliciously crafted\nGIF file could cause the application to crash resulting in denial of\nservice.\n\n- CVE-2016-3619 (denial of service)\n\nAn out-of-bounds read vulnerability has been discovered in the\nDumpModeEncode function when handling maliciously crafted BMP files,\nwhile doing operation _TIFFmemcpy. An attacker could exploit this issue\nto cause a denial of service.\n\n- CVE-2016-3620 (denial of service)\n\nAn out-of-bounds read vulnerability has been discovered in ZIPEncode\nfunction in tif_zip.c. Running bmp2tiff on a specially crafted BMP file\nresults in an application crash.\n\n- CVE-2016-3621 (denial of service)\n\nThe LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF\n4.0.6 and earlier, when the &quot;-c lzw&quot; option is used, allows remote\nattackers to cause a denial of service (buffer over-read) via a crafted\nBMP image.\n\n- CVE-2016-3622 (denial of service)\n\nDivision by zero vulnerability was found in fpAcc function in\ntif_predict.c in tiff2rgba, allowing attacker to cause a denial of\nservice via a crafted TIFF image.\n\n- CVE-2016-3623 (denial of service)\n\nDivision by zero vulnerability was found in cvtRaster function in\nrgb2ycybr.c, allowing attacker to cause a denial of service via a\ncrafted TIFF image.\n\n- CVE-2016-3624 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability was found in cvtClump function in\nrgb2ycybr.c, allowing attacker to cause a denial of service or possibly\nexecute arbitrary code via a crafted TIFF image.\n\n- CVE-2016-3625 (denial of service)\n\nAn out-of-bounds read vulnerability was found in tif_read.c in tiff2bw,\nallowing attacker to cause a denial of service via a crafted TIFF\nimage.\n\n- CVE-2016-3631 (denial of service)\n\nThe (1) cpStrips and (2) cpTiles functions in the thumbnail tool in\nLibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of\nservice (out-of-bounds read) via vectors related to the bytecounts[]\narray variable.\n\n- CVE-2016-3632 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability was found in _TIFFVGetField\nfunction in tif_dirinfo.c, allowing attacker to cause a denial of\nservice or code execution via a crafted TIFF image.\n\n- CVE-2016-3633 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the _setrow function\nin the libtiff library. Using a thumbnail command on a maliciously\ncrafted image could cause the application to crash.\n\n- CVE-2016-3634 (denial of service)\n\nA vulnerability was found in the libtiff library. Using the tagCompare\nfunction with the thumbnail command on a maliciously crafted tiff file\ncould cause an out-of-bounds read leading to application crash.\n\n- CVE-2016-3658 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the\nTIFFWriteDirectoryTagLongLong8Array function in the libtiff library.\nUsing a tiffset command on a maliciously crafted image could result in\na denial-of-service.\n\n- CVE-2016-3945 (arbitrary code execution)\n\nWhen libtiff's tiff2rgba handles a maliciously-crafted tiff file(width=\n8388640, height=31) an illegal write happens. This vulnerability exists\nin the function cvt_by_strip (and cvt_by_tile ) due to an improper\nbuffer allocation. An attacker may control the write address and/or\nvalue to result in denial-of-service or arbitrary code execution.\n\n- CVE-2016-3990 (arbitrary code execution)\n\nAn out-of-bounds write flaw was found in libtiff v4.0.6 when using\ntiffcp command to handle malicious tiff file. The vulnerability exists\nin the function horizontalDifference8(). An attacker could control the\nhead data of next heap which contains pre_size field and size filed to\nresult in denial of service or arbitrary code execution.\n\n- CVE-2016-3991 (arbitrary code execution)\n\nAn out-of-bounds write caused by a heap overflow when using tiffcrop\ntool. The vulnerability is located in the loadImage() function of\ntiffcrop.c. loadImage() will read the numbers of tiles by calling\nTIFFNumberOfTiles(). However, if the numbers of tiles is 0, loadImage()\nwill still read tile data by calling readContigTilesIntoBuffer() from\nthe image, regardless of the numbers. In that case, loadImage() will\nallocate 3 bytes of heap to store a tile data, and a heap overflow\noccurs if a tile data is beyond 3 bytes. This will cause denial of\nservice or arbitrary code execution upon freeing the buffer.\n\n- CVE-2016-5102 (denial of service)\n\nA vulnerability was found in libtiff. A maliciously crafted file could\ncause the application to crash via buffer overflow in gif2tiff tool.\n\n- CVE-2016-5314 (arbitrary code execution)\n\nA vulnerability was found in libtiff. A maliciously crafted TIFF file\ncould cause the application to crash when using rgb2ycbcr command via\nan out-of-bounds write in the PixarLogDecode() function.\n\n- CVE-2016-5315 (denial of service)\n\nAn out-of-bounds read vulnerability was found in in the setByteArray()\nfunction inlibtiff. A maliciously crafted TIFF file could cause the\napplication to crash when using rgb2ycbcr.\n\n- CVE-2016-5316 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the PixarLogCleanup()\nfunction in libtiff. A maliciously crafted TIFF file could cause the\napplication to crash when using rgb2ycbcr.\n\n- CVE-2016-5317 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability was found in the PixarLogDecode()\nfunction in libtiff. A maliciously crafted TIFF file could cause the\napplication to crash or possibly execute arbitrary code when generating\na thumbnail for it.\n\n- CVE-2016-5318 (arbitrary code execution)\n\nA stack-based buffer overflow vulnerability was reported in thumbnail's\n_TIFFVGetField() function. Memory corruption can be triggered when\nhandling maliciously crafted tiff file causing application to crash or\npossibly execute arbitrary code.\n\n- CVE-2016-5319 (arbitrary code execution)\n\nHeap-based buffer overflow vulnerability was found in tif_packbits.c in\nPackBitsEncode function. Memory corruption can be triggered when\nbmp2tiff is handling maliciously crafted bmp file causing application\nto crash or possibly execute arbitrary code.\n\n- CVE-2016-5320 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability was found in the PixarLogDecode()\nfunction in libtiff. A maliciously crafted TIFF file could cause the\napplication to crash or even execute arbitrary code on a vulnerable\nmachine when using the rgb2ycbcr command.\n\n- CVE-2016-5321 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the DumpModeDecode()\nfunction in libtiff. A maliciously crafted TIFF file could cause the\napplication to crash when using tiffcrop command.\n\n- CVE-2016-5322 (denial of service)\n\nAn out-of-bounds read vulnerability was found in the\nextractContigSamplesBytes() function in libtiff. A maliciously crafted\nTIFF file could cause the application to crash when using the tiffcrop\ncommand.\n\n- CVE-2016-5323 (denial of service)\n\nWhen using the tiffcrop command and a crafted TIFF image, the function\n_TIFFFax3fill() runs without checking the value of the divisor and\ncauses a divide by zero flaw. Attackers can exploit this issue to cause\na denial of service.\n\n- CVE-2016-5652 (arbitrary code execution)\n\nAn exploitable heap based buffer overflow exists in the handling of\nTIFF images in LibTIFF&#8217;s TIFF2PDF tool. A crafted TIFF document can\nlead to a heap based buffer overflow via JPEG Compression Tables\nresulting in remote code execution. This vulnerability can be triggered\nvia a saved TIFF file delivered by other means.\n\n- CVE-2016-5875 (arbitrary code execution)\n\nThere is a heap-based buffer overflow on libtiff/tif_pixarlog.c. The\nvulnerability allows an attacker to control the size of the allocated\nheap-buffer while independently controlling the data to be written to\nthe buffer with no restrictions on the size of the written data.\n\n- CVE-2016-6223 (information disclosure)\n\nAn out-of-bounds read vulnerability on memory-mapped files in\nTIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond\ntmsize_t max value was found. The vulnerability allows an attacker to\nspecify a negative index into the file-content buffer and copy data\nfrom that position until the end of the buffer. This will allow an\nattacker to crash the process by accessing unmapped memory and\n(depending on how LibTIFF is used) might also allow an attacker to leak\nsensitive information.\n\n- CVE-2016-9273 (denial of service)\n\nA heap buffer overflow has been discovered resulting in a read outside\nof the array boundaries leading to an application crash.\n\n- CVE-2016-9297 (denial of service)\n\nA buffer read overflow has been discovered in libtiff. The function\nTIFFFetchNormalTag() in libtiff/tif_dirread.c did not make sure that\nvalues of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII\naccess are null terminated leading to potential read outside the buffer\nin _TIFFPrintField().\n\n- CVE-2016-9448 (denial of service)\n\nA null pointer dereference vulnerability in TIFFFetchNormalTag() occurs\nwhen values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII\naccess are 0-byte arrays leading to denial of service.\n\n- CVE-2016-9453 (arbitrary code execution)\n\nAn out-of-bounds write vulnerability has been discovered caused by a\nmemcpy call without proper bounds checks. A malicious tiff file handled\nby tiff2pdf will cause an illegal write to a potentially attacker\ncontrolled target address.\n\n- CVE-2016-9532 (arbitrary code execution)\n\nMultiple uint32 overflows have been discovered that are leading to a\nheap buffer overflow in writeBufferToSeparateStrips(). A maliciously\ncrafted TIFF file could cause the application to crash or even execute\narbitrary code on a vulnerable machine.\n\n- CVE-2016-9533 (arbitrary code execution)\n\ntif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities\nin heap allocated buffers. Reported as MSVR 35094, aka &quot;PixarLog\nhorizontalDifference heap-buffer-overflow.&quot;\n\n- CVE-2016-9534 (arbitrary code execution)\n\ntif_write.c in libtiff 4.0.6 has an issue in the error code path of\nTIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members.\nReported as MSVR 35095, aka &quot;TIFFFlushData1 heap-buffer-overflow.&quot;\n\n- CVE-2016-9535 (arbitrary code execution)\n\ntif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that\ncan lead to assertion failures in debug mode, or buffer overflows in\nrelease mode, when dealing with unusual tile size like YCbCr with\nsubsampling. Reported as MSVR 35105, aka &quot;Predictor heap-buffer-\noverflow.&quot;\n\n- CVE-2016-9536 (arbitrary code execution)\n\nIt was found that tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds\nwrite vulnerabilities in heap allocated buffers in\nt2p_process_jpeg_strip().\n\n- CVE-2016-9537 (arbitrary code execution)\n\nIt was found that tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds\nwrite vulnerabilities in heap allocated buffers.\n\n- CVE-2016-9538 (denial of service)\n\nIt was found that tools/tiffcrop.c in libtiff 4.0.6 reads an undefined\nbuffer in readContigStripsIntoBuffer() because of a uint16 integer\noverflow.\n\n- CVE-2016-9539 (information disclosure)\n\nIt was found that tools/tiffcrop.c in libtiff 4.0.6 has an out-of-\nbounds read in readContigTilesIntoBuffer() leading to possible\ninformation disclosure.\n\n- CVE-2016-9540 (arbitrary code execution)\n\nIt was found that tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds\nheap write on tiled images with odd tile width versus image width. This\nhas also been reported as MSVR 35103, aka &quot;cpStripToTile heap-buffer-\noverflow.&quot;", "reporter": "Arch Linux", "published": "2016-11-25T00:00:00", "type": "archlinux", "title": "libtiff: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9453", "CVE-2016-3622", "CVE-2016-9536", "CVE-2016-5314", "CVE-2016-9448", "CVE-2016-3623", "CVE-2016-5319", "CVE-2016-3631", "CVE-2015-8668", "CVE-2016-3625", "CVE-2016-3619", "CVE-2016-5322", "CVE-2016-5318", "CVE-2016-9540", "CVE-2014-8127", "CVE-2016-3621", "CVE-2016-3658", "CVE-2016-9297", "CVE-2016-3632", "CVE-2010-2596", "CVE-2016-9539", "CVE-2016-3620", "CVE-2015-8683", "CVE-2016-5316", "CVE-2016-9534", "CVE-2016-5320", "CVE-2015-7313", "CVE-2016-9535", "CVE-2016-3186", "CVE-2016-5323", "CVE-2016-5652", "CVE-2016-5315", "CVE-2014-8130", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-3990", "CVE-2016-3633", "CVE-2016-6223", "CVE-2016-5317", "CVE-2016-3624", "CVE-2016-9532", "CVE-2015-8665", "CVE-2016-5102", "CVE-2016-5321", "CVE-2016-3634", "CVE-2016-3945", "CVE-2016-3991", "CVE-2016-5875", "CVE-2016-9533", "CVE-2016-9273"], "modified": "2016-11-25T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-November/000773.html", "id": "ASA-201611-26", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kitploit": [{"lastseen": "2018-08-31T14:37:43", "references": ["https://github.com/ilpianista/arch-audit"], "description": "[  ](<https://4.bp.blogspot.com/-Uf2o3nvS9iI/V-iDG8z9gdI/AAAAAAAAGNQ/lMp_2XaKabgLXdkrp0YBjUx8yOnf0IZzwCLcB/s1600/archlinux-logo-dark.png>)\n\n \nAn utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data \n \nUses data collected by the awesome [ Arch CVE Monitoring Team ](<https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team>) . \n \n** Installation ** \n \n** From AUR ** \nThe PKGBUILD is available [ on AUR ](<https://aur.archlinux.org/packages/arch-audit>) . \nAfter the installation just execute ` arch-audit ` . \n \n** From sources ** \n\n \n \n git clone https://github.com/ilpianista/arch-audit\n cd arch-audit\n cargo build\n cargo run\n\n \n** Example output ** \n\n \n \n $ arch-audit\n Package libwmf is affected by [\"CVE-2009-1364\", \"CVE-2006-3376\", \"CVE-2007-0455\", \"CVE-2007-2756\", \"CVE-2007-3472\", \"CVE-2007-3473\", \"CVE-2007-3477\", \"CVE-2009-3546\", \"CVE-2015-0848\", \"CVE-2015-4588\", \"CVE-2015-4695\", \"CVE-2015-4696\"]. VULNERABLE!\n Package libtiff is affected by [\"CVE-2016-5875\", \"CVE-2016-5314\", \"CVE-2016-5315\", \"CVE-2016-5316\", \"CVE-2016-5317\", \"CVE-2016-5320\", \"CVE-2016-5321\", \"CVE-2016-5322\", \"CVE-2016-5323\", \"CVE-2016-5102\", \"CVE-2016-3991\", \"CVE-2016-3990\", \"CVE-2016-3945\", \"CVE-2016-3658\", \"CVE-2016-3634\", \"CVE-2016-3633\", \"CVE-2016-3632\", \"CVE-2016-3631\", \"CVE-2016-3625\", \"CVE-2016-3624\", \"CVE-2016-3623\", \"CVE-2016-3622\", \"CVE-2016-3621\", \"CVE-2016-3620\", \"CVE-2016-3619\", \"CVE-2016-3186\", \"CVE-2015-8668\", \"CVE-2015-7313\", \"CVE-2014-8130\", \"CVE-2014-8127\", \"CVE-2010-2596\", \"CVE-2016-6223\"]. VULNERABLE!\n Package libtiff is affected by [\"CVE-2015-7554\", \"CVE-2015-8683\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-8751\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-5221\"]. VULNERABLE!\n Package jasper is affected by [\"CVE-2015-5203\"]. VULNERABLE!\n Package lib32-openssl is affected by [\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\"]. Update to 1:1.0.2.i-1!\n Package wireshark-cli is affected by [\"CVE-2016-7180\", \"CVE-2016-7175\", \"CVE-2016-7176\", \"CVE-2016-7177\", \"CVE-2016-7178\", \"CVE-2016-7179\"]. Update to 2.2.0-1!\n Package wpa_supplicant is affected by [\"CVE-2016-4477\", \"CVE-2016-4476\"]. VULNERABLE!\n Package openssl is affected by [\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\"]. Update to 1.0.2.i-1!\n Package crypto++ is affected by [\"CVE-2016-7420\"]. VULNERABLE!\n Package bzip2 is affected by [\"CVE-2016-3189\"]. VULNERABLE!\n Package libimobiledevice is affected by [\"CVE-2016-5104\"]. VULNERABLE!\n Package libusbmuxd is affected by [\"CVE-2016-5104\"]. VULNERABLE!\n Package gdk-pixbuf2 is affected by [\"CVE-2016-6352\"]. VULNERABLE!\n \n $ arch-audit --upgradable --quiet\n wireshark-cli>=2.2.0-1\n openssl>=1.0.2.i-1\n lib32-openssl>=1:1.0.2.i-1\n \n $ arch-audit -uf \"%n|%c\"\n openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306\n wireshark-cli|CVE-2016-7180,CVE-2016-7175,CVE-2016-7176,CVE-2016-7177,CVE-2016-7178,CVE-2016-7179\n lib32-openssl|CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306\n\n \n \n\n\n** [ Download arch-audit ](<https://github.com/ilpianista/arch-audit>) **\n", "edition": 1, "reporter": "KitPloit", "published": "2016-10-15T14:30:02", "title": "arch-audit - An utility like pkg-audit for Arch Linux", "type": "kitploit", "enchantments": {"score": {"modified": "2018-08-31T14:37:43", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "tools", "cvelist": ["CVE-2016-3622", "CVE-2009-3546", "CVE-2016-5314", "CVE-2016-7176", "CVE-2016-4476", "CVE-2016-7420", "CVE-2016-3623", "CVE-2016-6306", "CVE-2016-3631", "CVE-2015-8668", "CVE-2016-3625", "CVE-2016-2183", "CVE-2016-3619", "CVE-2016-2178", "CVE-2016-5322", "CVE-2014-8127", "CVE-2016-3621", "CVE-2016-6302", "CVE-2016-3658", "CVE-2016-7177", "CVE-2016-3632", "CVE-2016-7180", "CVE-2016-2177", "CVE-2010-2596", "CVE-2016-7179", "CVE-2016-5104", "CVE-2016-3189", "CVE-2016-3620", "CVE-2015-8751", "CVE-2007-2756", "CVE-2016-6352", "CVE-2015-8683", "CVE-2016-5316", "CVE-2016-2180", "CVE-2016-5320", "CVE-2015-4695", "CVE-2007-3477", "CVE-2015-7313", "CVE-2016-3186", "CVE-2016-7175", "CVE-2016-5323", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-5315", "CVE-2014-8130", "CVE-2015-5203", "CVE-2015-7554", "CVE-2007-3472", "CVE-2016-3990", "CVE-2016-4477", "CVE-2016-3633", "CVE-2016-6223", "CVE-2007-0455", "CVE-2016-5317", "CVE-2016-3624", "CVE-2007-3473", "CVE-2015-4588", "CVE-2015-5221", "CVE-2016-6303", "CVE-2015-4696", "CVE-2016-5102", "CVE-2006-3376", "CVE-2016-2182", "CVE-2009-1364", "CVE-2016-5321", "CVE-2016-3634", "CVE-2016-3945", "CVE-2016-3991", "CVE-2016-5875", "CVE-2016-2179", "CVE-2016-7178", "CVE-2015-0848"], "modified": "2016-10-15T14:30:02", "toolHref": "http://www.kitploit.com/2016/10/arch-audit-utility-like-pkg-audit-for.html", "id": "KITPLOIT:2973941148692546578", "href": "http://www.kitploit.com/2016/10/arch-audit-utility-like-pkg-audit-for.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}