| nessus
via4
|
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2014-0222.NASL | | description | From Red Hat Security Advisory 2014:0222 :
Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)
A flaw was found in the way libtiff handled OJPEG-encoded TIFF images.
An attacker could use this flaw to create a specially crafted TIFF
file that would cause an application using libtiff to crash.
(CVE-2010-2596)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)
Red Hat would like to thank Emmanuel Bouillon of NCI Agency for
reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was
discovered by Murray McAllister of the Red Hat Security Response Team,
and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of
the Red Hat Security Response Team.
All libtiff users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against libtiff must be restarted for this update
to take effect. | | last seen | 2019-01-16 | | modified | 2018-07-18 | | plugin id | 72734 | | published | 2014-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72734 | | title | Oracle Linux 6 : libtiff (ELSA-2014-0222) |
| NASL family | Slackware Local Security Checks | | NASL id | SLACKWARE_SSA_2013-290-01.NASL | | description | New libtiff packages are available for Slackware 12.1, 12.2, 13.0,
13.1, 13.37, 14.0, and -current to fix security issues. | | last seen | 2019-01-16 | | modified | 2013-10-22 | | plugin id | 70499 | | published | 2013-10-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=70499 | | title | Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2013-208.NASL | | description | Updated libtiff packages fix security vulnerabilities :
A heap-based buffer overflow flaw was found in the way tiff2pdf of
libtiff performed write of TIFF image content into particular PDF
document file, in the tp_process_jpeg_strip() function. A remote
attacker could provide a specially crafted TIFF image format file,
that when processed by tiff2pdf would lead to tiff2pdf executable
crash or, potentially, arbitrary code execution with the privileges of
the user running the tiff2pdf binary (CVE-2013-1960).
A stack-based buffer overflow was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document
file, when malformed image-length and resolution values are used in
the TIFF file. A remote attacker could provide a specially crafted
TIFF image format file, that when processed by tiff2pdf would lead to
tiff2pdf executable crash (CVE-2013-1961). | | last seen | 2019-01-16 | | modified | 2018-07-19 | | plugin id | 69231 | | published | 2013-08-07 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69231 | | title | Mandriva Linux Security Advisory : libtiff (MDVSA-2013:208) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20140227_LIBTIFF_ON_SL6_X.NASL | | description | A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)
A flaw was found in the way libtiff handled OJPEG-encoded TIFF images.
An attacker could use this flaw to create a specially crafted TIFF
file that would cause an application using libtiff to crash.
(CVE-2010-2596)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)
All running applications linked against libtiff must be restarted for
this update to take effect. | | last seen | 2019-01-16 | | modified | 2018-12-28 | | plugin id | 72739 | | published | 2014-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72739 | | title | Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2014-307.NASL | | description | A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960 , CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231 , CVE-2013-4243 , CVE-2013-4244)
A flaw was found in the way libtiff handled OJPEG-encoded TIFF images.
An attacker could use this flaw to create a specially crafted TIFF
file that would cause an application using libtiff to crash.
(CVE-2010-2596)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961) | | last seen | 2019-01-16 | | modified | 2018-04-18 | | plugin id | 73061 | | published | 2014-03-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73061 | | title | Amazon Linux AMI : libtiff (ALAS-2014-307) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201402-21.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201402-21
(libTIFF: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in libTIFF. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker could entice a user to open a specially crafted TIFF
file with an application making use of libTIFF, possibly resulting in
execution of arbitrary code with the privileges of the user running the
application or a Denial of Service condition.
Workaround :
There is no known workaround at this time. | | last seen | 2019-01-16 | | modified | 2018-07-12 | | plugin id | 72635 | | published | 2014-02-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72635 | | title | GLSA-201402-21 : libTIFF: Multiple vulnerabilities |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2014-0223.NASL | | description | From Red Hat Security Advisory 2014:0223 :
Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)
Red Hat would like to thank Emmanuel Bouillon of NCI Agency for
reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was
discovered by Murray McAllister of the Red Hat Security Response Team,
and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of
the Red Hat Security Response Team.
All libtiff users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against libtiff must be restarted for this update
to take effect. | | last seen | 2019-01-16 | | modified | 2018-07-18 | | plugin id | 72735 | | published | 2014-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72735 | | title | Oracle Linux 5 : libtiff (ELSA-2014-0223) |
| NASL family | F5 Networks Local Security Checks | | NASL id | F5_BIGIP_SOL16715.NASL | | description | CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip
function in tiff2pdf in libtiff 4.0.3 and earlier allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted TIFF image file.
CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page
function in tiff2pdf in libtiff before 4.0.3 allows remote attackers
to cause a denial of service (application crash) via a crafted image
length and resolution in a TIFF image file.
CVE-2013-4231 Multiple buffer overflows in libtiff before 4.0.3 allow
remote attackers to cause a denial of service (out-of-bounds write)
via a crafted (1) extension block in a GIF image or (2) GIF raster
image to tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c.
CVE-2013-4232 Use-after-free vulnerability in the
t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3
allows remote attackers to cause a denial of service (crash) or
possible execute arbitrary code via a crafted TIFF image.
CVE-2013-4243 Heap-based buffer overflow in the readgifimage function
in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted height and width values in a GIF image.
CVE-2013-4244 The LZW decompressor in the gif2tiff tool in libtiff
4.0.3 and earlier allows context-dependent attackers to cause a denial
of service (out-of-bounds write and crash) or possibly execute
arbitrary code via a crafted GIF image. | | last seen | 2019-01-16 | | modified | 2019-01-04 | | plugin id | 84010 | | published | 2015-06-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=84010 | | title | F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K16715) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2014-0223.NASL | | description | Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)
Red Hat would like to thank Emmanuel Bouillon of NCI Agency for
reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was
discovered by Murray McAllister of the Red Hat Security Response Team,
and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of
the Red Hat Security Response Team.
All libtiff users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against libtiff must be restarted for this update
to take effect. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 72733 | | published | 2014-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72733 | | title | CentOS 5 : libtiff (CESA-2014:0223) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20140227_LIBTIFF_ON_SL5_X.NASL | | description | A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)
All running applications linked against libtiff must be restarted for
this update to take effect. | | last seen | 2019-01-16 | | modified | 2018-12-28 | | plugin id | 72738 | | published | 2014-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72738 | | title | Scientific Linux Security Update : libtiff on SL5.x i386/x86_64 |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-7361.NASL | | description | Repair minor security issues CVE-2013-1960, CVE-2013-1961
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-19 | | plugin id | 66501 | | published | 2013-05-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66501 | | title | Fedora 17 : libtiff-3.9.7-2.fc17 (2013-7361) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS11_LIBTIFF_20131217.NASL | | description | The remote Solaris system is missing necessary patches to address
security updates :
- ppm2tiff does not check the return value of the
TIFFScanlineSize function, which allows remote attackers
to cause a denial of service (crash) and possibly
execute arbitrary code via a crafted PPM image that
triggers an integer overflow, a zero-memory allocation,
and a heap-based buffer overflow. (CVE-2012-4564)
- Heap-based buffer overflow in the t2p_process_jpeg_strip
function in tiff2pdf in libtiff 4.0.3 and earlier allows
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted TIFF
image file. (CVE-2013-1960)
- Stack-based buffer overflow in the t2p_write_pdf_page
function in tiff2pdf in libtiff before 4.0.3 allows
remote attackers to cause a denial of service
(application crash) via a crafted image length and
resolution in a TIFF image file. (CVE-2013-1961) | | last seen | 2019-01-16 | | modified | 2018-11-15 | | plugin id | 80681 | | published | 2015-01-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80681 | | title | Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_4564_design_error1) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-7339.NASL | | description | Repair minor security issues CVE-2013-1960, CVE-2013-1961
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-19 | | plugin id | 66368 | | published | 2013-05-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66368 | | title | Fedora 19 : libtiff-4.0.3-6.fc19 (2013-7339) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2014-0222.NASL | | description | Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)
A flaw was found in the way libtiff handled OJPEG-encoded TIFF images.
An attacker could use this flaw to create a specially crafted TIFF
file that would cause an application using libtiff to crash.
(CVE-2010-2596)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)
Red Hat would like to thank Emmanuel Bouillon of NCI Agency for
reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was
discovered by Murray McAllister of the Red Hat Security Response Team,
and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of
the Red Hat Security Response Team.
All libtiff users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against libtiff must be restarted for this update
to take effect. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 72732 | | published | 2014-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72732 | | title | CentOS 6 : libtiff (CESA-2014:0222) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_LIBTIFF-DEVEL-130506.NASL | | description | This update fixes two buffer overflow security issues with libtiff :
- CVE-2013-1960
- CVE-2013-1961 | | last seen | 2018-09-02 | | modified | 2013-10-25 | | plugin id | 66463 | | published | 2013-05-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66463 | | title | SuSE 11.2 Security Update : libtiff (SAT Patch Number 7707) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-1832-1.NASL | | description | Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain
malformed images when using the tiff2pdf tool. If a user or automated
system were tricked into opening a specially crafted TIFF image, a
remote attacker could crash the application, leading to a denial of
service, or possibly execute arbitrary code with user privileges.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-12-01 | | plugin id | 66540 | | published | 2013-05-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66540 | | title | Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : tiff vulnerabilities (USN-1832-1) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-2698.NASL | | description | Multiple issues were discovered in the TIFF tools, a set of utilities
for TIFF image file manipulation and conversion.
- CVE-2013-1960
Emmanuel Bouillon discovered a heap-based buffer
overflow in the tp_process_jpeg_strip function in the
tiff2pdf tool. This could potentially lead to a crash or
arbitrary code execution.
- CVE-2013-1961
Emmanuel Bouillon discovered many stack-based buffer
overflows in the TIFF tools. These issues could
potentially lead to a crash or arbitrary code execution. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 66916 | | published | 2013-06-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66916 | | title | Debian DSA-2698-1 : tiff - buffer overflow |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2014-0222.NASL | | description | Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)
A flaw was found in the way libtiff handled OJPEG-encoded TIFF images.
An attacker could use this flaw to create a specially crafted TIFF
file that would cause an application using libtiff to crash.
(CVE-2010-2596)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)
Red Hat would like to thank Emmanuel Bouillon of NCI Agency for
reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was
discovered by Murray McAllister of the Red Hat Security Response Team,
and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of
the Red Hat Security Response Team.
All libtiff users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against libtiff must be restarted for this update
to take effect. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 72736 | | published | 2014-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72736 | | title | RHEL 6 : libtiff (RHSA-2014:0222) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2014-0223.NASL | | description | Updated libtiff packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
A heap-based buffer overflow and a use-after-free flaw were found in
the tiff2pdf tool. An attacker could use these flaws to create a
specially crafted TIFF file that would cause tiff2pdf to crash or,
possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)
Multiple buffer overflow flaws were found in the gif2tiff tool. An
attacker could use these flaws to create a specially crafted GIF file
that could cause gif2tiff to crash or, possibly, execute arbitrary
code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)
Multiple buffer overflow flaws were found in the tiff2pdf tool. An
attacker could use these flaws to create a specially crafted TIFF file
that would cause tiff2pdf to crash. (CVE-2013-1961)
Red Hat would like to thank Emmanuel Bouillon of NCI Agency for
reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was
discovered by Murray McAllister of the Red Hat Security Response Team,
and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of
the Red Hat Security Response Team.
All libtiff users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against libtiff must be restarted for this update
to take effect. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 72737 | | published | 2014-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72737 | | title | RHEL 5 : libtiff (RHSA-2014:0223) |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2016-0093.NASL | | description | The remote OracleVM system is missing necessary patches to address
critical security updates :
- Update patch for (CVE-2014-8127)
- Related: #1335099
- Fix patches for (CVE-2016-3990, CVE-2016-5320)
- Related: #1335099
- Add patches for CVEs :
- CVE-2016-3632 CVE-2016-3945 (CVE-2016-3990)
- CVE-2016-3991 (CVE-2016-5320)
- Related: #1335099
- Update patch for (CVE-2014-8129)
- Related: #1335099
- Merge previously released fixes for CVEs :
- CVE-2013-1960 CVE-2013-1961 (CVE-2013-4231)
- CVE-2013-4232 CVE-2013-4243 (CVE-2013-4244)
- Resolves: #1335099
- Patch typos in (CVE-2014-8127)
- Related: #1299919
- Fix CVE-2014-8127 and CVE-2015-8668 patches
- Related: #1299919
- Fixed patches on preview CVEs
- Related: #1299919
- This resolves several CVEs
- CVE-2014-8127, CVE-2014-8129, (CVE-2014-8130)
- CVE-2014-9330, CVE-2014-9655, (CVE-2015-8781)
- CVE-2015-8784, CVE-2015-1547, (CVE-2015-8683)
- CVE-2015-8665, CVE-2015-7554, (CVE-2015-8668)
- Resolves: #1299919 | | last seen | 2019-01-16 | | modified | 2018-07-24 | | plugin id | 92691 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92691 | | title | OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2013-431.NASL | | description | libtiff security update :
- CVE-2013-1961.patch [bnc#818117]
- CVE-2013-1960.patch [bnc#817573] | | last seen | 2018-11-13 | | modified | 2018-11-10 | | plugin id | 75005 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=75005 | | title | openSUSE Security Update : tiff (openSUSE-SU-2013:0944-1) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-7369.NASL | | description | Repair minor security issues CVE-2013-1960, CVE-2013-1961
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2015-10-19 | | plugin id | 66401 | | published | 2013-05-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66401 | | title | Fedora 18 : libtiff-4.0.3-6.fc18 (2013-7369) |
|
