LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0194 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2022-4645:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0785 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2023-40745:
    LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of     service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers     a heap-based buffer overflow.

    CVE-2023-41175:
    A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw     allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted     tiff image, which triggers a heap-based buffer overflow.

    CVE-2023-0796:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e.

    CVE-2023-0802:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127.

    CVE-2023-0804:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127.

    CVE-2023-0801:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

    CVE-2023-0795:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e.

    CVE-2023-0798:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e.

    CVE-2023-0797:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

    CVE-2022-48281:
    processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g.,     WRITE of size 307203) via a crafted TIFF image.

    CVE-2023-0800:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127.

    CVE-2023-0803:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127.

    CVE-2023-0799:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e.

    CVE-2022-3970:
    A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function     TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is     possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to     fix this issue. The identifier VDB-213549 was assigned to this vulnerability.

    CVE-2022-2519:
    There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

    CVE-2022-4645:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125.

    CVE-2022-2521:
    It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at     tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while     processing crafted input.

    CVE-2022-3599:
    LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers     to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix     is available with commit e8131125.

    CVE-2022-3570:
    Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to     trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into     application crash, potential information disclosure or any other context-dependent impact

    CVE-2022-3598:
    LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,     allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff     from sources, the fix is available with commit cfbb883b.

    CVE-2022-3626:
    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from     processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

    CVE-2022-40090:
    An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a     denial of service via crafted TIFF file.

    CVE-2022-3627:
    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

    CVE-2022-2520:
    A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at     tiffcrop.c:8621 that can cause program crash when reading a crafted input.

    CVE-2022-2058:
    Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

    CVE-2022-34526:
    A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability     allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the tiffsplit or     tiffcrop utilities.

    CVE-2022-2953:
    LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing     attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from     sources, the fix is available with commit 48d6ece8.

    CVE-2022-2057:
    Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

    CVE-2022-2056:
    Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

    CVE-2022-3597:
    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

    CVE-2023-30086:
    Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of     service via the tiffcp function in tiffcp.c.

    CVE-2023-30774:
    A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the     TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

    CVE-2023-30775:
    A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in     extractContigSamples32bits, tiffcrop.c.

    CVE-2023-25435:
    libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at     /libtiff/tools/tiffcrop.c:3753.

    CVE-2023-2908:
    A null pointer dereference issue was found in Libtiff/'s tif_dir.c file. This issue may allow an attacker     to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes     undefined behavior. This will result in an application crash, eventually leading to a denial of service.

    CVE-2023-3618:
    A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a     buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

    CVE-2023-3316:
    A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path     or a path that requires permissions like /dev/null) while specifying zones.

    CVE-2023-25434:
    libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at     /libtiff/tools/tiffcrop.c:3215.

    CVE-2023-26966:
    libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian     TIFF file and specifies the output to be big-endian.

    CVE-2023-3576:
    A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a     TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes     this memory leak issue, resulting an application crash, eventually leading to a denial of service.

    CVE-2023-2731:
    A NULL pointer dereference flaw was found in Libtiff/'s LZWDecode() function in the libtiff/tif_lzw.c     file. This flaw allows a local attacker to craft specific input data that can cause the program to     dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial     of service.

    CVE-2023-26965:
    loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted     TIFF image.

    CVE-2023-25433:
    libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of     buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3059 advisory.

    * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645)

Tenable has extracted the preceding description block directly from the Rocky Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3059 advisory.

    - Fix CVE-2022-3599 CVE-2022-4645

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3059 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:3059 advisory.

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-230 advisory.

    LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0800)

    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
    (CVE-2023-0801)

    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0804)

    Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of     service via the tiffcp function in tiffcp.c. (CVE-2023-30086)

    A vulnerability was found in libtiff library. This security flaw causes a heap buffer overflow issue via     TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. (CVE-2023-30774)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0795)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0796)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
    (CVE-2023-0797)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0798)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0799)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0800)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
    (CVE-2023-0801)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0802)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0803)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0804)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2340 advisory.

    - Fix CVE-2022-3970
    - Resolves: CVE-2022-3970
    - Fix CVE-2022-3597 CVE-2022-3626 CVE-2022-3599 CVE-2022-3570 CVE-2022-3598       CVE-2022-3627

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2340 advisory.

  - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to     trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into     application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3597)

  - LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,     allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff     from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)

  - LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers     to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix     is available with commit e8131125. (CVE-2022-3599)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from     processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3626)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3627)

  - A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function     TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is     possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to     fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0795)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0796)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
    (CVE-2023-0797)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0798)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0799)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0800)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
    (CVE-2023-0801)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0802)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0803)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0804)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2340 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: heap Buffer overflows in tiffcrop.c (CVE-2022-3570)

    * libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix (CVE-2022-3597)

    * libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c (CVE-2022-3598)

    * libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c (CVE-2022-3599)

    * libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (CVE-2022-3626)

    * libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (CVE-2022-3627)

    * libtiff: integer overflow in function TIFFReadRGBATileExt of the file (CVE-2022-3970)

    * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645)

    * libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value     (CVE-2023-30774)

    * libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (CVE-2023-30775)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f5d075f7f2 advisory.

    Apply upstream libtiff fix for CVE-2022-4645

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-40b675d7ae advisory.

    Apply upstream libtiff fix for CVE-2022-4645

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6c1200da3d advisory.

    Apply upstream libtiff fix for CVE-2022-4645

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
276354	TencentOS Server 3: libtiff (TSSA-2024:0194)	Nessus	Tencent Local Security Checks	medium
240052	TencentOS Server 4: libtiff (TSSA-2024:0785)	Nessus	Tencent Local Security Checks	high
225093	Linux Distros Unpatched Vulnerability : CVE-2022-4645	Nessus	Misc.	medium
200611	Rocky Linux 8 : libtiff (RLSA-2024:3059)	Nessus	Rocky Linux Local Security Checks	medium
198002	Oracle Linux 8 : libtiff (ELSA-2024-3059)	Nessus	Oracle Linux Local Security Checks	medium
197798	RHEL 8 : libtiff (RHSA-2024:3059)	Nessus	Red Hat Local Security Checks	medium
197685	CentOS 8 : libtiff (CESA-2024:3059)	Nessus	CentOS Local Security Checks	medium
177687	Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2023-230)	Nessus	Amazon Linux Local Security Checks	medium
176595	EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2023-2021)	Nessus	Huawei Local Security Checks	medium
176582	EulerOS Virtualization 2.9.1 : libtiff (EulerOS-SA-2023-2000)	Nessus	Huawei Local Security Checks	medium
175697	Oracle Linux 9 : libtiff (ELSA-2023-2340)	Nessus	Oracle Linux Local Security Checks	high
175637	AlmaLinux 9 : libtiff (ALSA-2023:2340)	Nessus	Alma Linux Local Security Checks	high
175500	EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2023-1849)	Nessus	Huawei Local Security Checks	medium
175488	EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2023-1874)	Nessus	Huawei Local Security Checks	medium
175464	RHEL 9 : libtiff (RHSA-2023:2340)	Nessus	Red Hat Local Security Checks	high
172626	Fedora 37 : tkimg (2023-f5d075f7f2)	Nessus	Fedora Local Security Checks	medium
172623	Fedora 36 : tkimg (2023-40b675d7ae)	Nessus	Fedora Local Security Checks	medium
172457	Fedora 38 : tkimg (2023-6c1200da3d)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2022-4645

medium

Tenable Plugins

medium

high

medium

medium

medium

medium

medium

medium

medium

medium

high

high

medium

medium

high

medium

medium

medium