It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-255 advisory.

    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0795)

    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0796)

    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by     tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a     crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
    (CVE-2023-0797)

    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0798)

    LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit afaabc3e. (CVE-2023-0799)

    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0802)

    LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause     a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is     available with commit 33aee127. (CVE-2023-0803)

    libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of     buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)

    libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at     /libtiff/tools/tiffcrop.c:3215. (CVE-2023-25434)

    libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at     /libtiff/tools/tiffcrop.c:3753. (CVE-2023-25435)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2023-255)

high Nessus Plugin ID 178609

Version 1.4