LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-230 advisory.

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0800)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0804)

  - A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the     TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. (CVE-2023-30774)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0795)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0796)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
    (CVE-2023-0797)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0798)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0799)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0800)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
    (CVE-2023-0801)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0802)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0803)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0804)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2340 advisory.

  - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to     trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into     application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3597)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3627)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from     processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3626)

  - A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function     TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is     possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to     fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

  - LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,     allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff     from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)

  - LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers     to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix     is available with commit e8131125. (CVE-2022-3599)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2340 advisory.

  - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to     trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into     application crash, potential information disclosure or any other context-dependent impact (CVE-2022-3570)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3597)

  - LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,     allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff     from sources, the fix is available with commit cfbb883b. (CVE-2022-3598)

  - LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers     to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix     is available with commit e8131125. (CVE-2022-3599)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from     processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3626)

  - LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
    (CVE-2022-3627)

  - A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function     TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is     possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to     fix this issue. The identifier VDB-213549 was assigned to this vulnerability. (CVE-2022-3970)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0795)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0796)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
    (CVE-2023-0797)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0798)

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0799)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0800)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
    (CVE-2023-0801)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0802)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0803)

  - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0804)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2340 advisory.

  - libtiff: heap Buffer overflows in tiffcrop.c (CVE-2022-3570)

  - libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix (CVE-2022-3597)

  - libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c (CVE-2022-3598)

  - libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c (CVE-2022-3599)

  - libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (CVE-2022-3626)

  - libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (CVE-2022-3627)

  - libtiff: integer overflow in function TIFFReadRGBATileExt of the file (CVE-2022-3970)

  - libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645)

  - libtiff: Heap buffer overflow in tiffcp() at tiffcp.c (CVE-2023-30086)

  - libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value     (CVE-2023-30774)

  - libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (CVE-2023-30775)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f5d075f7f2 advisory.

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-40b675d7ae advisory.

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6c1200da3d advisory.

  - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125. (CVE-2022-4645)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
196585	RHEL 6 : libtiff (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
196532	RHEL 7 : libtiff (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
177687	Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2023-230)	Nessus	Amazon Linux Local Security Checks	medium
176595	EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2023-2021)	Nessus	Huawei Local Security Checks	medium
176582	EulerOS Virtualization 2.9.1 : libtiff (EulerOS-SA-2023-2000)	Nessus	Huawei Local Security Checks	medium
175697	Oracle Linux 9 : libtiff (ELSA-2023-2340)	Nessus	Oracle Linux Local Security Checks	high
175637	AlmaLinux 9 : libtiff (ALSA-2023:2340)	Nessus	Alma Linux Local Security Checks	high
175500	EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2023-1849)	Nessus	Huawei Local Security Checks	medium
175488	EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2023-1874)	Nessus	Huawei Local Security Checks	medium
175464	RHEL 9 : libtiff (RHSA-2023:2340)	Nessus	Red Hat Local Security Checks	high
172626	Fedora 37 : tkimg (2023-f5d075f7f2)	Nessus	Fedora Local Security Checks	medium
172623	Fedora 36 : tkimg (2023-40b675d7ae)	Nessus	Fedora Local Security Checks	medium
172457	Fedora 38 : tkimg (2023-6c1200da3d)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2022-4645

medium

Tenable Plugins

critical

critical

medium

medium

medium

high

high

medium

medium

high

medium

medium

medium