Test ID:	1.3.6.1.4.1.25623.1.1.10.2022.0119
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2022-0119)
Summary:	The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0119 advisory.
Description:	Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2022-0119 advisory. Vulnerability Insight: Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-0865) A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact. (CVE-2022-0891) Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. (CVE-2022-0908) Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-0909) Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-0924) Affected Software/OS: 'libtiff' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0865 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json Debian Security Information: DSA-5108 (Google Search) https://www.debian.org/security/2022/dsa-5108 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/ https://security.gentoo.org/glsa/202210-10 https://gitlab.com/libtiff/libtiff/-/issues/385 https://gitlab.com/libtiff/libtiff/-/merge_requests/306 Common Vulnerability Exposure (CVE) ID: CVE-2022-0891 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c https://gitlab.com/libtiff/libtiff/-/issues/380 https://gitlab.com/libtiff/libtiff/-/issues/382 Common Vulnerability Exposure (CVE) ID: CVE-2022-0908 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85 https://gitlab.com/libtiff/libtiff/-/issues/383 Common Vulnerability Exposure (CVE) ID: CVE-2022-0909 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json https://gitlab.com/libtiff/libtiff/-/issues/393 https://gitlab.com/libtiff/libtiff/-/merge_requests/310 Common Vulnerability Exposure (CVE) ID: CVE-2022-0924 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json https://gitlab.com/libtiff/libtiff/-/issues/278 https://gitlab.com/libtiff/libtiff/-/merge_requests/311
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.