![]() |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
Test ID: | 1.3.6.1.4.1.25623.1.1.10.2023.0255 |
Category: | Mageia Linux Local Security Checks |
Title: | Mageia: Security Advisory (MGASA-2023-0255) |
Summary: | The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2023-0255 advisory. |
Description: | Summary: The remote host is missing an update for the 'libtiff' package(s) announced via the MGASA-2023-0255 advisory. Vulnerability Insight: A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. (CVE-2023-2908) A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316) A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. (CVE-2023-3618) libtiff 4.5.0 is vulnerable to Buffer Overflow in /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433) loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. (CVE-2023-26965) libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. (CVE-2023-26966) Affected Software/OS: 'libtiff' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-25433 https://gitlab.com/libtiff/libtiff/-/issues/520 https://gitlab.com/libtiff/libtiff/-/merge_requests/467 https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html Common Vulnerability Exposure (CVE) ID: CVE-2023-26965 https://gitlab.com/libtiff/libtiff/-/merge_requests/472 Common Vulnerability Exposure (CVE) ID: CVE-2023-26966 https://gitlab.com/libtiff/libtiff/-/issues/530 https://gitlab.com/libtiff/libtiff/-/merge_requests/473 Common Vulnerability Exposure (CVE) ID: CVE-2023-2908 https://access.redhat.com/security/cve/CVE-2023-2908 https://bugzilla.redhat.com/show_bug.cgi?id=2218830 https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f https://gitlab.com/libtiff/libtiff/-/merge_requests/479 https://security.netapp.com/advisory/ntap-20230731-0004/ Common Vulnerability Exposure (CVE) ID: CVE-2023-3316 https://gitlab.com/libtiff/libtiff/-/issues/515 https://gitlab.com/libtiff/libtiff/-/merge_requests/468 https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/ Common Vulnerability Exposure (CVE) ID: CVE-2023-3618 RHBZ#2215865 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://access.redhat.com/security/cve/CVE-2023-3618 |
Copyright | Copyright (C) 2023 Greenbone AG |
This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |