The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117)

  - LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows     remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
    (CVE-2014-8128)

  - Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7,     3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2,     4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted     image. (CVE-2016-10092)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

Detections

Analytics

RHEL 6 : libtiff (Unpatched Vulnerability)

critical Nessus Plugin ID 198513

Version 1.3

Version 1.1

Version 1.3 Oct 12, 2024, 5:44 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202410120544
Version 1.1 Jun 4, 2024, 3:18 AM New Plugin Feed: 202406040318