EulerOS Virtualization 2.11.0 : libtiff (EulerOS-SA-2023-3072)

medium Nessus Plugin ID 188907

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

- libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)

- loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. (CVE-2023-26965)

- libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. (CVE-2023-26966)

- A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
(CVE-2023-2908)

- A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. (CVE-2023-3316)

- A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
(CVE-2023-3576)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected libtiff packages.

See Also

http://www.nessus.org/u?b9f1ce79

Plugin Details

Severity: Medium

ID: 188907

File Name: EulerOS_SA-2023-3072.nasl

Version: 1.0

Type: local

Published: 1/16/2024

Updated: 1/16/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-3316

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:libtiff, cpe:/o:huawei:euleros:uvp:2.11.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/31/2023

Vulnerability Publication Date: 6/14/2023

Reference Information

CVE: CVE-2023-25433, CVE-2023-26965, CVE-2023-26966, CVE-2023-2908, CVE-2023-3316, CVE-2023-3576