nessus
via4
|
NASL family | Huawei Local Security Checks | NASL id | EULEROS_SA-2017-1043.NASL | description | According to the versions of the compat-libtiff3 package installed,
the EulerOS installation on the remote host is affected by the
following vulnerabilities :
- The (1) putcontig8bitYCbCr21tile function in
tif_getimage.c or (2) NeXTDecode function in tif_next.c
in LibTIFF allows remote attackers to cause a denial of
service (uninitialized memory access) via a crafted
TIFF image, as demonstrated by libtiff-cvs-1.tif and
libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014
-8130,CVE-2014-9655)
- A flaw was discovered in the bmp2tiff utility. By
tricking a user into processing a specially crafted
file, a remote attacker could exploit this flaw to
cause a crash or memory corruption and, possibly,
execute arbitrary code with the privileges of the user
running the libtiff
tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201
5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20
16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2
015-8683)
- tools/tiffcp.c in libtiff has an out-of-bounds write on
tiled images with odd tile width versus image width.
Reported as MSVR 35103, aka 'cpStripToTile
heap-buffer-overflow.'(CVE-2016-9540)
- tif_predict.h and tif_predict.c in libtiff have
assertions that can lead to assertion failures in debug
mode, or buffer overflows in release mode, when dealing
with unusual tile size like YCbCr with subsampling.
Reported as MSVR 35105, aka 'Predictor
heap-buffer-overflow.'(CVE-2016-9535,CVE-2016-9533,CVE-
2016-9534,CVE-2016-9536,CVE-2016-9537)
- The NeXTDecode function in tif_next.c in LibTIFF allows
remote attackers to cause a denial of service
(uninitialized memory access) via a crafted TIFF image,
as demonstrated by libtiff5.tif.(CVE-2015-1547)
- The NeXTDecode function in tif_next.c in LibTIFF allows
remote attackers to cause a denial of service
(out-of-bounds write) via a crafted TIFF image, as
demonstrated by libtiff5.tif.(CVE-2015-8784)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-12-05 | plugin id | 99888 | published | 2017-05-01 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99888 | title | EulerOS 2.0 SP2 : compat-libtiff3 (EulerOS-SA-2017-1043) |
NASL family | Huawei Local Security Checks | NASL id | EULEROS_SA-2017-1044.NASL | description | According to the versions of the compat-libtiff3 package installed,
the EulerOS installation on the remote host is affected by the
following vulnerabilities :
- The (1) putcontig8bitYCbCr21tile function in
tif_getimage.c or (2) NeXTDecode function in tif_next.c
in LibTIFF allows remote attackers to cause a denial of
service (uninitialized memory access) via a crafted
TIFF image, as demonstrated by libtiff-cvs-1.tif and
libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014
-8130,CVE-2014-9655)
- A flaw was discovered in the bmp2tiff utility. By
tricking a user into processing a specially crafted
file, a remote attacker could exploit this flaw to
cause a crash or memory corruption and, possibly,
execute arbitrary code with the privileges of the user
running the libtiff
tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201
5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20
16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2
015-8683)
- tools/tiffcp.c in libtiff has an out-of-bounds write on
tiled images with odd tile width versus image width.
Reported as MSVR 35103, aka 'cpStripToTile
heap-buffer-overflow.'(CVE-2016-9540)
- tif_predict.h and tif_predict.c in libtiff have
assertions that can lead to assertion failures in debug
mode, or buffer overflows in release mode, when dealing
with unusual tile size like YCbCr with subsampling.
Reported as MSVR 35105, aka 'Predictor
heap-buffer-overflow.'(CVE-2016-9535,CVE-2016-9533,CVE-
2016-9534,CVE-2016-9536,CVE-2016-9537)
- The NeXTDecode function in tif_next.c in LibTIFF allows
remote attackers to cause a denial of service
(uninitialized memory access) via a crafted TIFF image,
as demonstrated by libtiff5.tif.(CVE-2015-1547)
- The NeXTDecode function in tif_next.c in LibTIFF allows
remote attackers to cause a denial of service
(out-of-bounds write) via a crafted TIFF image, as
demonstrated by libtiff5.tif.(CVE-2015-8784)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-12-05 | plugin id | 99889 | published | 2017-05-01 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99889 | title | EulerOS 2.0 SP1 : compat-libtiff3 (EulerOS-SA-2017-1044) |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2015-207.NASL | description | LibTIFF was updated fix various security issues that could lead to
crashes of the image decoder. (CVE-2014-9655, CVE-2014-8127,
CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-1547) | last seen | 2019-01-16 | modified | 2018-09-04 | plugin id | 81719 | published | 2015-03-10 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=81719 | title | openSUSE Security Update : tiff (openSUSE-2015-207) |
NASL family | F5 Networks Local Security Checks | NASL id | F5_BIGIP_SOL11220361.NASL | description | The NeXTDecode function in tif_next.c in LibTIFF allows remote
attackers to cause a denial of service (uninitialized memory access)
via a crafted TIFF image, as demonstrated by libtiff5.tif.
(CVE-2015-1547)
Impact
This vulnerability allows a remote attacker to cause a
denial-of-service (DoS) attack.BIG-IP systems that use a BIG-IP AAM or
BIG-IP WebAccelerator policy configured with the Image Optimization
settings enabled for TIFF files are vulnerable to this issue. | last seen | 2019-01-16 | modified | 2019-01-04 | plugin id | 105400 | published | 2017-12-21 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=105400 | title | F5 Networks BIG-IP : LibTIFF vulnerability (K11220361) |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20160802_LIBTIFF_ON_SL6_X.NASL | description | Security Fix(es) :
- Multiple flaws have been discovered in libtiff. A remote
attacker could exploit these flaws to cause a crash or
memory corruption and, possibly, execute arbitrary code
by tricking an application linked against libtiff into
processing specially crafted files. (CVE-2014-9655,
CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,
CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,
CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
- Multiple flaws have been discovered in various libtiff
tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf,
tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking
a user into processing a specially crafted file, a
remote attacker could exploit these flaws to cause a
crash or memory corruption and, possibly, execute
arbitrary code with the privileges of the user running
the libtiff tool. (CVE-2014-8127, CVE-2014-8129,
CVE-2014-8130, CVE-2014-9330, CVE-2015-7554,
CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-12-28 | plugin id | 92698 | published | 2016-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92698 | title | Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2016-1546.NASL | description | An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,
CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,
CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools
(bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop,
tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing
a specially crafted file, a remote attacker could exploit these flaws
to cause a crash or memory corruption and, possibly, execute arbitrary
code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330,
CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 92681 | published | 2016-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92681 | title | CentOS 7 : libtiff (CESA-2016:1546) |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2016-1547.NASL | description | An update for libtiff is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,
CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,
CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools
(bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop,
tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing
a specially crafted file, a remote attacker could exploit these flaws
to cause a crash or memory corruption and, possibly, execute arbitrary
code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330,
CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 92682 | published | 2016-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92682 | title | CentOS 6 : libtiff (CESA-2016:1547) |
NASL family | Amazon Linux Local Security Checks | NASL id | ALA_ALAS-2016-734.NASL | description | Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2014-9655 , CVE-2015-1547 , CVE-2015-8784 , CVE-2015-8683 ,
CVE-2015-8665 , CVE-2015-8781 , CVE-2015-8782 , CVE-2015-8783 ,
CVE-2016-3990 , CVE-2016-5320) | last seen | 2019-01-16 | modified | 2018-04-18 | plugin id | 93012 | published | 2016-08-18 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=93012 | title | Amazon Linux AMI : compat-libtiff3 (ALAS-2016-734) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2015-8620.NASL | description | CVE-2014-9655 and CVE-2015-1547 #1190710
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2016-10-18 | plugin id | 83961 | published | 2015-06-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=83961 | title | Fedora 22 : libtiff-4.0.3-20.fc22 (2015-8620) |
NASL family | Mandriva Local Security Checks | NASL id | MANDRIVA_MDVSA-2015-147.NASL | description | Updated libtiff packages fix security vulnerabilities :
The libtiff image decoder library contains several issues that could
cause the decoder to crash when reading crafted TIFF images
(CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130,
CVE-2014-9655, CVE-2015-1547). | last seen | 2019-01-16 | modified | 2019-01-02 | plugin id | 82400 | published | 2015-03-30 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=82400 | title | Mandriva Linux Security Advisory : libtiff (MDVSA-2015:147-1) |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-201701-16.NASL | description | The remote host is affected by the vulnerability described in GLSA-201701-16
(libTIFF: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in libTIFF. Please review
the CVE identifier and bug reports referenced for details.
Impact :
A remote attacker could entice a user to process a specially crafted
image file, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2017-01-10 | plugin id | 96373 | published | 2017-01-10 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=96373 | title | GLSA-201701-16 : libTIFF: Multiple vulnerabilities |
NASL family | OracleVM Local Security Checks | NASL id | ORACLEVM_OVMSA-2016-0093.NASL | description | The remote OracleVM system is missing necessary patches to address
critical security updates :
- Update patch for (CVE-2014-8127)
- Related: #1335099
- Fix patches for (CVE-2016-3990, CVE-2016-5320)
- Related: #1335099
- Add patches for CVEs :
- CVE-2016-3632 CVE-2016-3945 (CVE-2016-3990)
- CVE-2016-3991 (CVE-2016-5320)
- Related: #1335099
- Update patch for (CVE-2014-8129)
- Related: #1335099
- Merge previously released fixes for CVEs :
- CVE-2013-1960 CVE-2013-1961 (CVE-2013-4231)
- CVE-2013-4232 CVE-2013-4243 (CVE-2013-4244)
- Resolves: #1335099
- Patch typos in (CVE-2014-8127)
- Related: #1299919
- Fix CVE-2014-8127 and CVE-2015-8668 patches
- Related: #1299919
- Fixed patches on preview CVEs
- Related: #1299919
- This resolves several CVEs
- CVE-2014-8127, CVE-2014-8129, (CVE-2014-8130)
- CVE-2014-9330, CVE-2014-9655, (CVE-2015-8781)
- CVE-2015-8784, CVE-2015-1547, (CVE-2015-8683)
- CVE-2015-8665, CVE-2015-7554, (CVE-2015-8668)
- Resolves: #1299919 | last seen | 2019-01-16 | modified | 2018-07-24 | plugin id | 92691 | published | 2016-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92691 | title | OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093) |
NASL family | Huawei Local Security Checks | NASL id | EULEROS_SA-2016-1034.NASL | description | According to the versions of the libtiff packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Multiple flaws have been discovered in libtiff. A
remote attacker could exploit these flaws to cause a
crash or memory corruption and, possibly, execute
arbitrary code by tricking an application linked
against libtiff into processing specially crafted
files.(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784,
CVE-2015-8683, CVE-2015-8665, CVE-2015-8781,
CVE-2015-8782, CVE-2015-8783, CVE-2016-3990,
CVE-2016-5320)
- Multiple flaws have been discovered in various libtiff
tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf,
tiffcrop, tiffdither, tiffsplit, tiff2rgba). By
tricking a user into processing a specially crafted
file, a remote attacker could exploit these flaws to
cause a crash or memory corruption and, possibly,
execute arbitrary code with the privileges of the user
running the libtiff tool.(CVE-2014-8127, CVE-2014-8129,
CVE-2014-8130, CVE-2014-9330, CVE-2015-7554,
CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-12-05 | plugin id | 99797 | published | 2017-05-01 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99797 | title | EulerOS 2.0 SP1 : libtiff (EulerOS-SA-2016-1034) |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2016-1547.NASL | description | An update for libtiff is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,
CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,
CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools
(bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop,
tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing
a specially crafted file, a remote attacker could exploit these flaws
to cause a crash or memory corruption and, possibly, execute arbitrary
code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330,
CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 92697 | published | 2016-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92697 | title | RHEL 6 : libtiff (RHSA-2016:1547) |
NASL family | Amazon Linux Local Security Checks | NASL id | ALA_ALAS-2015-553.NASL | description | Use of uninitialized memory was reported in in libtiff. | last seen | 2018-09-02 | modified | 2018-04-18 | plugin id | 84370 | published | 2015-06-25 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=84370 | title | Amazon Linux AMI : libtiff (ALAS-2015-553) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2015-6903.NASL | description | Fix CVE-2014-9655 and CVE-2015-1547
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2016-10-18 | plugin id | 83240 | published | 2015-05-05 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=83240 | title | Fedora 21 : mingw-libtiff-4.0.3-6.fc21 (2015-6903) |
NASL family | Debian Local Security Checks | NASL id | DEBIAN_DLA-610.NASL | description | Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that
resulted in libtiff writing out invalid tiff files when the
compression scheme in use relies on codec-specific TIFF tags embedded
in the image.
For Debian 7 'Wheezy', these problems have been fixed in version
3.9.6-11+deb7u3.
We recommend that you upgrade your tiff3 packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues. | last seen | 2019-01-16 | modified | 2018-07-09 | plugin id | 93322 | published | 2016-09-06 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=93322 | title | Debian DLA-610-2 : tiff3 regression update |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2015-6907.NASL | description | Fix CVE-2014-9655 and CVE-2015-1547
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2016-10-18 | plugin id | 83214 | published | 2015-05-04 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=83214 | title | Fedora 22 : mingw-libtiff-4.0.3-6.fc22 (2015-6907) |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20160802_LIBTIFF_ON_SL7_X.NASL | description | Security Fix(es) :
- Multiple flaws have been discovered in libtiff. A remote
attacker could exploit these flaws to cause a crash or
memory corruption and, possibly, execute arbitrary code
by tricking an application linked against libtiff into
processing specially crafted files. (CVE-2014-9655,
CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,
CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,
CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
- Multiple flaws have been discovered in various libtiff
tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf,
tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking
a user into processing a specially crafted file, a
remote attacker could exploit these flaws to cause a
crash or memory corruption and, possibly, execute
arbitrary code with the privileges of the user running
the libtiff tool. (CVE-2014-8127, CVE-2014-8129,
CVE-2014-8130, CVE-2014-9330, CVE-2015-7554,
CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-12-28 | plugin id | 92720 | published | 2016-08-04 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92720 | title | Scientific Linux Security Update : libtiff on SL7.x x86_64 |
NASL family | Oracle Linux Local Security Checks | NASL id | ORACLELINUX_ELSA-2016-1547.NASL | description | From Red Hat Security Advisory 2016:1547 :
An update for libtiff is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,
CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,
CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools
(bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop,
tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing
a specially crafted file, a remote attacker could exploit these flaws
to cause a crash or memory corruption and, possibly, execute arbitrary
code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330,
CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-07-24 | plugin id | 92690 | published | 2016-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92690 | title | Oracle Linux 6 : libtiff (ELSA-2016-1547) |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2016-1546.NASL | description | An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,
CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,
CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools
(bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop,
tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing
a specially crafted file, a remote attacker could exploit these flaws
to cause a crash or memory corruption and, possibly, execute arbitrary
code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330,
CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 92696 | published | 2016-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92696 | title | RHEL 7 : libtiff (RHSA-2016:1546) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2015-8673.NASL | description | Security fix for CVE-2014-9655, CVE-2015-1547
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2016-10-18 | plugin id | 83929 | published | 2015-06-02 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=83929 | title | Fedora 21 : libtiff-4.0.3-20.fc21 (2015-8673) |
NASL family | Oracle Linux Local Security Checks | NASL id | ORACLELINUX_ELSA-2016-1546.NASL | description | From Red Hat Security Advisory 2016:1546 :
An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating
Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,
CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,
CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools
(bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop,
tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing
a specially crafted file, a remote attacker could exploit these flaws
to cause a crash or memory corruption and, possibly, execute arbitrary
code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330,
CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-07-24 | plugin id | 92689 | published | 2016-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92689 | title | Oracle Linux 7 : libtiff (ELSA-2016-1546) |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2015-476.NASL | description | tiff was updated to version 4.0.4 to fix six security issues found by
fuzzing initiatives.
These security issues were fixed :
- CVE-2014-8127: Out-of-bounds write (bnc#914890).
- CVE-2014-9655: Access of uninitialized memory
(bnc#916927).
- CVE-2014-8130: Out-of-bounds write (bnc#914890).
- CVE-2015-1547: Use of uninitialized memory in NeXTDecode
(bnc#916925).
- CVE-2014-8129: Out-of-bounds write (bnc#914890).
- CVE-2014-8128: Out-of-bounds write (bnc#914890). | last seen | 2019-01-16 | modified | 2018-09-04 | plugin id | 84655 | published | 2015-07-13 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=84655 | title | openSUSE Security Update : tiff (openSUSE-2015-476) |
NASL family | Amazon Linux Local Security Checks | NASL id | ALA_ALAS-2016-733.NASL | description | Multiple flaws have been discovered in libtiff. A remote attacker
could exploit these flaws to cause a crash or memory corruption and,
possibly, execute arbitrary code by tricking an application linked
against libtiff into processing specially crafted files.
(CVE-2014-9655 , CVE-2015-1547 , CVE-2015-8784 , CVE-2015-8683 ,
CVE-2015-8665 , CVE-2015-8781 , CVE-2015-8782 , CVE-2015-8783 ,
CVE-2016-3990 , CVE-2016-5320)
Multiple flaws have been discovered in various libtiff tools
(bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop,
tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing
a specially crafted file, a remote attacker could exploit these flaws
to cause a crash or memory corruption and, possibly, execute arbitrary
code with the privileges of the user running the libtiff tool.
(CVE-2014-8127 , CVE-2014-8129 , CVE-2014-8130 , CVE-2014-9330 ,
CVE-2015-7554 , CVE-2015-8668 , CVE-2016-3632 , CVE-2016-3945 ,
CVE-2016-3991) | last seen | 2019-01-16 | modified | 2018-04-18 | plugin id | 93011 | published | 2016-08-18 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=93011 | title | Amazon Linux AMI : libtiff (ALAS-2016-733) |
|