The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0223 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged     Image File Format (TIFF) files.

    A heap-based buffer overflow and a use-after-free flaw were found in the     tiff2pdf tool. An attacker could use these flaws to create a specially     crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute     arbitrary code. (CVE-2013-1960, CVE-2013-4232)

    Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker     could use these flaws to create a specially crafted GIF file that could     cause gif2tiff to crash or, possibly, execute arbitrary code.
    (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)

    Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker     could use these flaws to create a specially crafted TIFF file that would     cause tiff2pdf to crash. (CVE-2013-1961)

    Red Hat would like to thank Emmanuel Bouillon of NCI Agency for reporting     CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was discovered by     Murray McAllister of the Red Hat Security Response Team, and the     CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of the Red Hat     Security Response Team.

    All libtiff users are advised to upgrade to these updated packages, which     contain backported patches to correct these issues. All running     applications linked against libtiff must be restarted for this update to     take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 5 : libtiff (RHSA-2014:0223)

critical Nessus Plugin ID 72737

Version 1.16