Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3513.NASL
HistoryAug 01, 2023 - 12:00 a.m.

Debian DLA-3513-1 : tiff - LTS security update

2023-08-0100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
debian 10
libtiff 4.5.0
buffer overflow
use after free
null pointer dereference
denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

46.0%

JSON

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3513 advisory.

  • libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)

  • loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. (CVE-2023-26965)

  • libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. (CVE-2023-26966)

  • A null pointer dereference issue was found in Libtiff’s tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
    (CVE-2023-2908)

  • A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)

  • A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
    (CVE-2023-3618)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3513. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(179135);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/01");

  script_cve_id(
    "CVE-2023-2908",
    "CVE-2023-3316",
    "CVE-2023-3618",
    "CVE-2023-25433",
    "CVE-2023-26965",
    "CVE-2023-26966",
    "CVE-2023-38288",
    "CVE-2023-38289"
  );

  script_name(english:"Debian DLA-3513-1 : tiff - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3513 advisory.

  - libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of
    buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)

  - loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted
    TIFF image. (CVE-2023-26965)

  - libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian
    TIFF file and specifies the output to be big-endian. (CVE-2023-26966)

  - A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker
    to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes
    undefined behavior. This will result in an application crash, eventually leading to a denial of service.
    (CVE-2023-2908)

  - A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path
    or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)

  - A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a
    buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
    (CVE-2023-3618)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/tiff");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2023/dla-3513");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-25433");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-26965");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-26966");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2908");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3316");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-3618");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38288");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38289");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/tiff");
  script_set_attribute(attribute:"solution", value:
"Upgrade the tiff packages.

For Debian 10 buster, these problems have been fixed in version 4.1.0+git191117-2~deb10u8.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3618");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff-opengl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiffxx5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'libtiff-dev', 'reference': '4.1.0+git191117-2~deb10u8'},
    {'release': '10.0', 'prefix': 'libtiff-doc', 'reference': '4.1.0+git191117-2~deb10u8'},
    {'release': '10.0', 'prefix': 'libtiff-opengl', 'reference': '4.1.0+git191117-2~deb10u8'},
    {'release': '10.0', 'prefix': 'libtiff-tools', 'reference': '4.1.0+git191117-2~deb10u8'},
    {'release': '10.0', 'prefix': 'libtiff5', 'reference': '4.1.0+git191117-2~deb10u8'},
    {'release': '10.0', 'prefix': 'libtiff5-dev', 'reference': '4.1.0+git191117-2~deb10u8'},
    {'release': '10.0', 'prefix': 'libtiffxx5', 'reference': '4.1.0+git191117-2~deb10u8'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff-dev / libtiff-doc / libtiff-opengl / libtiff-tools / libtiff5 / etc');
}
VendorProductVersionCPE
debiandebian_linuxlibtiff-devp-cpe:/a:debian:debian_linux:libtiff-dev
debiandebian_linuxlibtiff-docp-cpe:/a:debian:debian_linux:libtiff-doc
debiandebian_linuxlibtiff-openglp-cpe:/a:debian:debian_linux:libtiff-opengl
debiandebian_linuxlibtiff-toolsp-cpe:/a:debian:debian_linux:libtiff-tools
debiandebian_linuxlibtiff5p-cpe:/a:debian:debian_linux:libtiff5
debiandebian_linuxlibtiff5-devp-cpe:/a:debian:debian_linux:libtiff5-dev
debiandebian_linuxlibtiffxx5p-cpe:/a:debian:debian_linux:libtiffxx5
debiandebian_linux10.0cpe:/o:debian:debian_linux:10.0

References

Related

debian 1
openvas 40
osv 11
mageia 1
nessus 51
ubuntu 2
cloudfoundry 1
ibm 3
redhat 2
photon 4
almalinux 2
oraclelinux 1
ubuntucve 8
debiancve 8
cbl_mariner 12
nvd 8
redhatcve 8
cve 8
prion 8
cvelist 8
veracode 5
amazon 5
alpinelinux 1
redos 1
debian
debian
[SECURITY] [DLA 3513-1] tiff security update
2023-07-31 23:56:20
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0255)
2023-09-11 00:00:00
Ubuntu: Security Advisory (USN-6290-1)
2023-08-16 00:00:00
Debian: Security Advisory (DLA-3513-1)
2023-08-01 00:00:00
osv
osv
tiff vulnerabilities
2023-08-15 21:02:25
tiff vulnerabilities
2023-07-13 17:32:04
tiff - security update
2023-07-31 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2023-09-11 16:07:54
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : tiff (SUSE-SU-2023:4370-1)
2023-11-07 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : LibTIFF vulnerabilities (USN-6290-1)
2023-08-16 00:00:00
SUSE SLES12 Security Update : tiff (SUSE-SU-2023:4371-1)
2023-11-07 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2023-08-15 00:00:00
LibTIFF vulnerabilities
2023-07-13 00:00:00
cloudfoundry
cloudfoundry
USN-6229-1: LibTIFF vulnerabilities | Cloud Foundry
2023-08-10 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities in libtiff
2023-07-27 15:49:30
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Libtiff
2024-02-28 22:30:09
Security Bulletin: Multiple Vulnerabilities in IBM Datacap
2024-06-03 19:44:41
redhat
redhat
(RHSA-2023:6575) Moderate: libtiff security update
2023-11-07 06:08:53
(RHSA-2024:2289) Moderate: libtiff security update
2024-04-30 06:15:17
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0610
2023-07-07 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0607
2023-07-04 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0044
2023-07-05 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2023-11-07 00:00:00
Moderate: libtiff security update
2024-04-30 00:00:00
oraclelinux
oraclelinux
libtiff security update
2023-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2023-38288
2023-07-31 00:00:00
CVE-2023-38289
2023-07-31 00:00:00
CVE-2023-25433
2023-06-29 00:00:00
debiancve
debiancve
CVE-2023-38288
2023-08-01 06:03:07
CVE-2023-38289
2023-08-24 09:15:00
CVE-2023-25433
2023-06-29 20:15:09
cbl_mariner
cbl_mariner
CVE-2023-38289 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2023-38288 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2023-25433 affecting package libtiff for versions less than 4.5.1-1
2023-08-03 02:51:21
nvd
nvd
CVE-2023-38289
2023-08-24 09:15:10
CVE-2023-25433
2023-06-29 20:15:09
CVE-2023-38288
2023-08-24 09:15:10
redhatcve
redhatcve
CVE-2023-38288
2023-07-24 07:16:17
CVE-2023-38289
2023-07-24 07:41:38
CVE-2023-25433
2023-07-10 15:20:56
cve
cve
CVE-2023-38288
2023-08-24 09:15:10
CVE-2023-38289
2023-08-24 09:15:10
CVE-2023-25433
2023-06-29 20:15:09
prion
prion
Security feature bypass
2023-08-24 09:15:00
Security feature bypass
2023-08-24 09:15:00
Heap overflow
2023-06-29 20:15:00
cvelist
cvelist
CVE-2023-38289
1976-01-01 00:00:00
CVE-2023-38288
1976-01-01 00:00:00
CVE-2023-25433
2023-06-29 00:00:00
veracode
veracode
Heap-based Buffer Overflow
2023-07-11 13:11:55
Use After Free
2023-06-23 07:23:15
Buffer Overflow
2023-07-10 11:18:10
amazon
amazon
Medium: libtiff
2023-07-17 17:39:00
Medium: libtiff
2023-09-27 22:15:00
Medium: compat-libtiff3
2023-07-17 17:39:00
alpinelinux
alpinelinux
CVE-2023-3316
2023-06-19 12:15:09
redos
redos
ROS-20230908-06
2023-09-08 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

46.0%

JSON
Related for DEBIAN_DLA-3513.NASL
debian1openvas40osv11mageia1nessus51ubuntu2cloudfoundry1ibm3redhat2photon4almalinux2oraclelinux1ubuntucve8debiancve8cbl_mariner12nvd8redhatcve8cve8prion8cvelist8veracode5amazon5alpinelinux1redos1