The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0785 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2023-40745:
    LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of     service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers     a heap-based buffer overflow.

    CVE-2023-41175:
    A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw     allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted     tiff image, which triggers a heap-based buffer overflow.

    CVE-2023-0796:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e.

    CVE-2023-0802:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127.

    CVE-2023-0804:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127.

    CVE-2023-0801:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

    CVE-2023-0795:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e.

    CVE-2023-0798:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e.

    CVE-2023-0797:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

    CVE-2022-48281:
    processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g.,     WRITE of size 307203) via a crafted TIFF image.

    CVE-2023-0800:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127.

    CVE-2023-0803:
    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127.

    CVE-2023-0799:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e.

    CVE-2022-3970:
    A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function     TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is     possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to     fix this issue. The identifier VDB-213549 was assigned to this vulnerability.

    CVE-2022-2519:
    There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

    CVE-2022-4645:
    LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a     denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit e8131125.

    CVE-2022-2521:
    It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at     tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while     processing crafted input.

    CVE-2022-3599:
    LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers     to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix     is available with commit e8131125.

    CVE-2022-3570:
    Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to     trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into     application crash, potential information disclosure or any other context-dependent impact

    CVE-2022-3598:
    LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604,     allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff     from sources, the fix is available with commit cfbb883b.

    CVE-2022-3626:
    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from     processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

    CVE-2022-40090:
    An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a     denial of service via crafted TIFF file.

    CVE-2022-3627:
    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

    CVE-2022-2520:
    A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at     tiffcrop.c:8621 that can cause program crash when reading a crafted input.

    CVE-2022-2058:
    Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

    CVE-2022-34526:
    A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability     allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the tiffsplit or     tiffcrop utilities.

    CVE-2022-2953:
    LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing     attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from     sources, the fix is available with commit 48d6ece8.

    CVE-2022-2057:
    Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

    CVE-2022-2056:
    Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

    CVE-2022-3597:
    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from     extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted     tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

    CVE-2023-30086:
    Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of     service via the tiffcp function in tiffcp.c.

    CVE-2023-30774:
    A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the     TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

    CVE-2023-30775:
    A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in     extractContigSamples32bits, tiffcrop.c.

    CVE-2023-25435:
    libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at     /libtiff/tools/tiffcrop.c:3753.

    CVE-2023-2908:
    A null pointer dereference issue was found in Libtiff/'s tif_dir.c file. This issue may allow an attacker     to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes     undefined behavior. This will result in an application crash, eventually leading to a denial of service.

    CVE-2023-3618:
    A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a     buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

    CVE-2023-3316:
    A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path     or a path that requires permissions like /dev/null) while specifying zones.

    CVE-2023-25434:
    libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at     /libtiff/tools/tiffcrop.c:3215.

    CVE-2023-26966:
    libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian     TIFF file and specifies the output to be big-endian.

    CVE-2023-3576:
    A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a     TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes     this memory leak issue, resulting an application crash, eventually leading to a denial of service.

    CVE-2023-2731:
    A NULL pointer dereference flaw was found in Libtiff/'s LZWDecode() function in the libtiff/tif_lzw.c     file. This flaw allows a local attacker to craft specific input data that can cause the program to     dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial     of service.

    CVE-2023-26965:
    loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted     TIFF image.

    CVE-2023-25433:
    libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of     buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

TencentOS Server 4: libtiff (TSSA-2024:0785)

high Nessus Plugin ID 240052

Version 1.2

Version 1.1

Version 1.2 Nov 21, 2025, 2:12 PM CVE (set "CVE" coverage to "CVE-2022-2056,CVE-2022-2057,CVE-2022-2058,CVE-2022-2519,CVE-2022-2520,CVE-2022-2521,CVE-2022-2953,CVE-2022-34526,CVE-2022-3570,CVE-2022-3597,CVE-2022-3598,CVE-2022-3599,CVE-2022-3626,CVE-2022-3627,CVE-2022-3970,CVE-2022-40090,CVE-2022-4645,CVE-2022-48281,CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799,CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804,CVE-2023-25433,CVE-2023-25434,CVE-2023-25435,CVE-2023-26965,CVE-2023-26966,CVE-2023-2731,CVE-2023-2908,CVE-2023-30086,CVE-2023-30774,CVE-2023-30775,CVE-2023-3316,CVE-2023-3576,CVE-2023-3618,CVE-2023-40745,CVE-2023-41175") CVSS metrics ("CVSSv2 score" set to 4.3) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P") CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (set to "CVE-2022-2058") CVSSv2 severity (based on CVE-2022-2058, severity decreased from "High" to "Medium") CVSSv3 score source (set to "CVE-2023-25434") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin metadata Plugin Feed: 202511211412
Version 1.1 Jun 17, 2025, 2:02 AM New Plugin Feed: 202506170202