 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2023.0255 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2023-0255) |
| Resumen: | The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2023-0255 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2023-0255 advisory. Vulnerability Insight: A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. (CVE-2023-2908) A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316) A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. (CVE-2023-3618) libtiff 4.5.0 is vulnerable to Buffer Overflow in /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433) loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. (CVE-2023-26965) libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. (CVE-2023-26966) Affected Software/OS: 'libtiff' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-25433 https://gitlab.com/libtiff/libtiff/-/issues/520 https://gitlab.com/libtiff/libtiff/-/merge_requests/467 https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html Common Vulnerability Exposure (CVE) ID: CVE-2023-26965 https://gitlab.com/libtiff/libtiff/-/merge_requests/472 Common Vulnerability Exposure (CVE) ID: CVE-2023-26966 https://gitlab.com/libtiff/libtiff/-/issues/530 https://gitlab.com/libtiff/libtiff/-/merge_requests/473 Common Vulnerability Exposure (CVE) ID: CVE-2023-2908 https://access.redhat.com/security/cve/CVE-2023-2908 https://bugzilla.redhat.com/show_bug.cgi?id=2218830 https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f https://gitlab.com/libtiff/libtiff/-/merge_requests/479 https://security.netapp.com/advisory/ntap-20230731-0004/ Common Vulnerability Exposure (CVE) ID: CVE-2023-3316 https://gitlab.com/libtiff/libtiff/-/issues/515 https://gitlab.com/libtiff/libtiff/-/merge_requests/468 https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/ Common Vulnerability Exposure (CVE) ID: CVE-2023-3618 RHBZ#2215865 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://access.redhat.com/security/cve/CVE-2023-3618 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |