The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libtiff packages installed that are affected by multiple vulnerabilities:

  - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow     checks because they rely on compiler behavior that is undefined by the applicable C standards. This can,     for example, lead to an application crash. (CVE-2019-14973)

  - tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer     overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a     Negative-size-param condition. (CVE-2019-17546)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

NewStart CGSL CORE 5.05 / MAIN 5.05 : libtiff Multiple Vulnerabilities (NS-SA-2021-0146)

high Nessus Plugin ID 154566

No changelogs found