| nessus
via4
|
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DLA-610.NASL | | description | Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that resulted in libtiff writing out invalid tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image.
For Debian 7 'Wheezy', these problems have been fixed in version 3.9.6-11+deb7u3.
We recommend that you upgrade your tiff3 packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-07-09 | | plugin id | 93322 | | published | 2016-09-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=93322 | | title | Debian DLA-610-2 : tiff3 regression update |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2016-0093.NASL | | description | The remote OracleVM system is missing necessary patches to address critical security updates :
- Update patch for (CVE-2014-8127)
- Related: #1335099
- Fix patches for (CVE-2016-3990, CVE-2016-5320)
- Related: #1335099
- Add patches for CVEs :
- CVE-2016-3632 CVE-2016-3945 (CVE-2016-3990)
- CVE-2016-3991 (CVE-2016-5320)
- Related: #1335099
- Update patch for (CVE-2014-8129)
- Related: #1335099
- Merge previously released fixes for CVEs :
- CVE-2013-1960 CVE-2013-1961 (CVE-2013-4231)
- CVE-2013-4232 CVE-2013-4243 (CVE-2013-4244)
- Resolves: #1335099
- Patch typos in (CVE-2014-8127)
- Related: #1299919
- Fix CVE-2014-8127 and CVE-2015-8668 patches
- Related: #1299919
- Fixed patches on preview CVEs
- Related: #1299919
- This resolves several CVEs
- CVE-2014-8127, CVE-2014-8129, (CVE-2014-8130)
- CVE-2014-9330, CVE-2014-9655, (CVE-2015-8781)
- CVE-2015-8784, CVE-2015-1547, (CVE-2015-8683)
- CVE-2015-8665, CVE-2015-7554, (CVE-2015-8668)
- Resolves: #1299919 | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 92691 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92691 | | title | OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1043.NASL | | description | According to the versions of the compat-libtiff3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014
-8130,CVE-2014-9655)
- A flaw was discovered in the bmp2tiff utility. By tricking a user into processing a specially crafted file, a remote attacker could exploit this flaw to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201 5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20 16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2 015-8683)
- tools/tiffcp.c in libtiff has an out-of-bounds write on tiled images with odd tile width versus image width.
Reported as MSVR 35103, aka 'cpStripToTile heap-buffer-overflow.'(CVE-2016-9540)
- tif_predict.h and tif_predict.c in libtiff have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling.
Reported as MSVR 35105, aka 'Predictor heap-buffer-overflow.'(CVE-2016-9535,CVE-2016-9533,CVE- 2016-9534,CVE-2016-9536,CVE-2016-9537)
- The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.(CVE-2015-1547)
- The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.(CVE-2015-8784)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-05 | | plugin id | 99888 | | published | 2017-05-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99888 | | title | EulerOS 2.0 SP2 : compat-libtiff3 (EulerOS-SA-2017-1043) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1044.NASL | | description | According to the versions of the compat-libtiff3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014
-8130,CVE-2014-9655)
- A flaw was discovered in the bmp2tiff utility. By tricking a user into processing a specially crafted file, a remote attacker could exploit this flaw to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201 5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20 16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2 015-8683)
- tools/tiffcp.c in libtiff has an out-of-bounds write on tiled images with odd tile width versus image width.
Reported as MSVR 35103, aka 'cpStripToTile heap-buffer-overflow.'(CVE-2016-9540)
- tif_predict.h and tif_predict.c in libtiff have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling.
Reported as MSVR 35105, aka 'Predictor heap-buffer-overflow.'(CVE-2016-9535,CVE-2016-9533,CVE- 2016-9534,CVE-2016-9536,CVE-2016-9537)
- The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.(CVE-2015-1547)
- The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.(CVE-2015-8784)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-05 | | plugin id | 99889 | | published | 2017-05-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99889 | | title | EulerOS 2.0 SP1 : compat-libtiff3 (EulerOS-SA-2017-1044) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2016-1546.NASL | | description | From Red Hat Security Advisory 2016:1546 :
An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 92689 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92689 | | title | Oracle Linux 7 : libtiff (ELSA-2016-1546) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2016-733.NASL | | description | Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655 , CVE-2015-1547 , CVE-2015-8784 , CVE-2015-8683 , CVE-2015-8665 , CVE-2015-8781 , CVE-2015-8782 , CVE-2015-8783 , CVE-2016-3990 , CVE-2016-5320)
Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127 , CVE-2014-8129 , CVE-2014-8130 , CVE-2014-9330 , CVE-2015-7554 , CVE-2015-8668 , CVE-2016-3632 , CVE-2016-3945 , CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-04-18 | | plugin id | 93011 | | published | 2016-08-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=93011 | | title | Amazon Linux AMI : libtiff (ALAS-2016-733) |
| NASL family | F5 Networks Local Security Checks | | NASL id | F5_BIGIP_SOL89096577.NASL | | description | CVE-2016-5314
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
Note : This was previously referenced as CVE-2016-5320. All CVE users should reference CVE-2016-5314 instead of CVE-2016-5320.
CVE-2015-8784 The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
Impact
An attacker can use specially crafted TIFF files to execute arbitrary code with the limited privileges of the image optimization process. | | last seen | 2019-02-21 | | modified | 2019-01-04 | | plugin id | 94648 | | published | 2016-11-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=94648 | | title | F5 Networks BIG-IP : LibTIFF vulnerabilities (K89096577) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201701-16.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201701-16 (libTIFF: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifier and bug reports referenced for details.
Impact :
A remote attacker could entice a user to process a specially crafted image file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2017-01-10 | | plugin id | 96373 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96373 | | title | GLSA-201701-16 : libTIFF: Multiple vulnerabilities |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20160802_LIBTIFF_ON_SL6_X.NASL | | description | Security Fix(es) :
- Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
- Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-12-28 | | plugin id | 92698 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92698 | | title | Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-3212-1.NASL | | description | It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 97434 | | published | 2017-02-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97434 | | title | Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : tiff vulnerabilities (USN-3212-1) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_0AB660884AA511E6A7BD14DAE9D210B8.NASL | | description | Mathias Svensson reports :
potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 92339 | | published | 2016-07-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92339 | | title | FreeBSD : tiff -- buffer overflow (0ab66088-4aa5-11e6-a7bd-14dae9d210b8) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2016-1547.NASL | | description | An update for libtiff is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 92682 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92682 | | title | CentOS 6 : libtiff (CESA-2016:1547) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2016-1546.NASL | | description | An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 92681 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92681 | | title | CentOS 7 : libtiff (CESA-2016:1546) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20160802_LIBTIFF_ON_SL7_X.NASL | | description | Security Fix(es) :
- Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
- Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-12-28 | | plugin id | 92720 | | published | 2016-08-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92720 | | title | Scientific Linux Security Update : libtiff on SL7.x x86_64 |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2016-2527-1.NASL | | description | This update for tiff fixes the following issues :
- CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449)
- Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098)
- CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831)
- CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837)
- CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842)
- CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808)
- CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351)
- CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618)
- CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614)
- CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069)
- CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-29 | | plugin id | 94067 | | published | 2016-10-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=94067 | | title | SUSE SLES11 Security Update : tiff (SUSE-SU-2016:2527-1) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2016-1122.NASL | | description | This update for tiff fixes the following issues :
- CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:
Out-of-bounds writes for invalid images (bsc#964225)
- CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340).
- CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat (bsc#987351)
- CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (bsc#984837)
- CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function (bsc#984831)
- CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in libtiff.so (bsc#984842)
- CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (bsc#984808) | | last seen | 2019-02-21 | | modified | 2018-09-04 | | plugin id | 93707 | | published | 2016-09-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=93707 | | title | openSUSE Security Update : tiff (openSUSE-2016-1122) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2016-1546.NASL | | description | An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 92696 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92696 | | title | RHEL 7 : libtiff (RHSA-2016:1546) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2016-1547.NASL | | description | From Red Hat Security Advisory 2016:1547 :
An update for libtiff is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 92690 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92690 | | title | Oracle Linux 6 : libtiff (ELSA-2016-1547) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2016-1547.NASL | | description | An update for libtiff is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es) :
* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 92697 | | published | 2016-08-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92697 | | title | RHEL 6 : libtiff (RHSA-2016:1547) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2016-1034.NASL | | description | According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
- Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-05 | | plugin id | 99797 | | published | 2017-05-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99797 | | title | EulerOS 2.0 SP1 : libtiff (EulerOS-SA-2016-1034) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2016-734.NASL | | description | Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655 , CVE-2015-1547 , CVE-2015-8784 , CVE-2015-8683 , CVE-2015-8665 , CVE-2015-8781 , CVE-2015-8782 , CVE-2015-8783 , CVE-2016-3990 , CVE-2016-5320) | | last seen | 2019-02-21 | | modified | 2018-04-18 | | plugin id | 93012 | | published | 2016-08-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=93012 | | title | Amazon Linux AMI : compat-libtiff3 (ALAS-2016-734) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DLA-606.NASL | | description | Several vulnerabilities were found in the tiff library, potentially causing denial of services to applications using it.
For Debian 7 'Wheezy', these problems have been fixed in version 4.0.2-6+deb7u6.
We recommend that you upgrade your tiff packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-08-31 | | plugin id | 93236 | | published | 2016-08-31 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=93236 | | title | Debian DLA-606-1 : tiff security update |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2016-1089.NASL | | description | This update for tiff fixes the following issues :
- CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:
Out-of-bounds writes for invalid images (bsc#964225)
- CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340).
- CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat (bsc#987351)
- CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (bsc#984837)
- CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function (bsc#984831)
- CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in libtiff.so (bsc#984842)
- CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (bsc#984808)
This update was imported from the SUSE:SLE-12:Update update project. | | last seen | 2019-02-21 | | modified | 2018-09-04 | | plugin id | 93585 | | published | 2016-09-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=93585 | | title | openSUSE Security Update : tiff (openSUSE-2016-1089) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2016-911.NASL | | description | This update for tiff fixes the following issues :
Security issues fixed :
- CVE-2016-5314: Fixed an out-of-bounds write in PixarLogDecode() function (boo#984831)
- CVE-2016-5316: Fixed an out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (boo#984837)
- CVE-2016-5317: Fixed an out-of-bounds write in PixarLogDecode() function in libtiff.so (boo#984842)
- CVE-2016-5320: Fixed an out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (boo#984808)
- CVE-2016-5875: Fixed a heap-based buffer overflow when using the PixarLog compressionformat (boo#987351)
Bugs fixed :
- boo#964225: Fixed writes for invalid images (upstream bug #2522) | | last seen | 2019-02-21 | | modified | 2018-09-04 | | plugin id | 92597 | | published | 2016-07-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=92597 | | title | openSUSE Security Update : tiff (openSUSE-2016-911) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2016-2271-1.NASL | | description | This update for tiff fixes the following issues :
- CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:
Out-of-bounds writes for invalid images (bsc#964225)
- CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340).
- CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat (bsc#987351)
- CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (bsc#984837)
- CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function (bsc#984831)
- CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in libtiff.so (bsc#984842)
- CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (bsc#984808)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-29 | | plugin id | 93439 | | published | 2016-09-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=93439 | | title | SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2016:2271-1) |
|
