CVE-2019-14973

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00102.html

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00023.html

http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html

https://gitlab.com/libtiff/libtiff/merge_requests/90

https://lists.debian.org/debian-lts-announce/2019/08/msg00031.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/63BVT6N5KQPHWOWM4B3I7Z3ODBXUVNPS/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ADNPG7JJTRRK22GUVTAFH3GJ6WGKUZJB/

https://seclists.org/bugtraq/2019/Nov/5

https://seclists.org/bugtraq/2020/Jan/32

https://www.debian.org/security/2020/dsa-4608

https://www.debian.org/security/2020/dsa-4670

Details

Source: MITRE

Published: 2019-08-14

Updated: 2020-11-06

Type: CWE-190

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* versions up to 4.0.10 (inclusive)

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
147372NewStart CGSL CORE 5.04 / MAIN 5.04 : libtiff Multiple Vulnerabilities (NS-SA-2021-0014)NessusNewStart CGSL Local Security Checks
high
145936CentOS 8 : libtiff (CESA-2020:1688)NessusCentOS Local Security Checks
medium
143823SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2020:2744-1)NessusSuSE Local Security Checks
medium
142980Amazon Linux AMI : libtiff (ALAS-2020-1447)NessusAmazon Linux Local Security Checks
high
142575openSUSE Security Update : tiff (openSUSE-2020-1840)NessusSuSE Local Security Checks
medium
141975Amazon Linux 2 : libtiff (ALAS-2020-1532)NessusAmazon Linux Local Security Checks
high
141729Scientific Linux Security Update : libtiff on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141608CentOS 7 : libtiff (CESA-2020:3902)NessusCentOS Local Security Checks
high
141236Oracle Linux 7 : libtiff (ELSA-2020-3902)NessusOracle Linux Local Security Checks
high
141079openSUSE Security Update : tiff (openSUSE-2020-1561)NessusSuSE Local Security Checks
medium
141047RHEL 7 : libtiff (RHSA-2020:3902)NessusRed Hat Local Security Checks
high
136127Debian DSA-4670-1 : tiff - security updateNessusDebian Local Security Checks
high
136039RHEL 8 : libtiff (RHSA-2020:1688)NessusRed Hat Local Security Checks
medium
135782Photon OS 3.0: Libtiff PHSA-2020-3.0-0078NessusPhotonOS Local Security Checks
medium
135609EulerOS Virtualization 3.0.2.2 : libtiff (EulerOS-SA-2020-1447)NessusHuawei Local Security Checks
critical
134524EulerOS Virtualization for ARM 64 3.0.2.0 : libtiff (EulerOS-SA-2020-1235)NessusHuawei Local Security Checks
critical
133151Debian DSA-4608-1 : tiff - security updateNessusDebian Local Security Checks
high
132825EulerOS Virtualization for ARM 64 3.0.5.0 : libtiff (EulerOS-SA-2020-1071)NessusHuawei Local Security Checks
high
132156EulerOS 2.0 SP3 : libtiff (EulerOS-SA-2019-2621)NessusHuawei Local Security Checks
high
131969Fedora 30 : libtiff (2019-e45019c690)NessusFedora Local Security Checks
medium
131619EulerOS 2.0 SP2 : libtiff (EulerOS-SA-2019-2466)NessusHuawei Local Security Checks
critical
131449Fedora 31 : libtiff (2019-6eeff0f801)NessusFedora Local Security Checks
medium
131308SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2019:3058-1)NessusSuSE Local Security Checks
high
130817EulerOS 2.0 SP8 : libtiff (EulerOS-SA-2019-2108)NessusHuawei Local Security Checks
medium
130671EulerOS 2.0 SP5 : libtiff (EulerOS-SA-2019-2209)NessusHuawei Local Security Checks
critical
130507Slackware 14.2 / current : libtiff (SSA:2019-308-01)NessusSlackware Local Security Checks
high
130052Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : tiff vulnerabilities (USN-4158-1)NessusUbuntu Local Security Checks
high
128124Debian DLA-1897-1 : tiff security updateNessusDebian Local Security Checks
medium