Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2019-2466)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the Huawei EulerOS 'libtiff' package(s) announced via the EulerOS-SA-2019-2466 advisory.
Insight
Insight
There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.(CVE-2017-13727) The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7592) An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100) tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.(CVE-2017-7593) The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.(CVE-2017-7594) The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7595) LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7596) tif_dirread.c in LibTIFF 4.0.7 has an 'outside the range of representable values of type float' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7597) LibTIFF 4.0.7 has an 'outside the range of representable values of type short' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7599) LibTIFF 4.0.7 has an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-7600) tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.(CVE-2017-7598) LibTIFF 4.0.7 has a 'shift exponent too large for 6 ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'libtiff' package(s) on Huawei EulerOS V2.0SP2.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).
Common Vulnerabilities and Exposures (CVE)
- CVE-2016-10092
- CVE-2016-10266
- CVE-2016-10267
- CVE-2016-10268
- CVE-2016-10269
- CVE-2016-10270
- CVE-2016-10272
- CVE-2016-10371
- CVE-2016-3186
- CVE-2016-3622
- CVE-2016-3623
- CVE-2016-3624
- CVE-2016-5102
- CVE-2016-5318
- CVE-2016-5321
- CVE-2016-5323
- CVE-2016-6223
- CVE-2016-9273
- CVE-2016-9532
- CVE-2016-9538
- CVE-2016-9539
- CVE-2017-10688
- CVE-2017-12944
- CVE-2017-13726
- CVE-2017-13727
- CVE-2017-16232
- CVE-2017-5563
- CVE-2017-7592
- CVE-2017-7593
- CVE-2017-7594
- CVE-2017-7595
- CVE-2017-7596
- CVE-2017-7597
- CVE-2017-7598
- CVE-2017-7599
- CVE-2017-7600
- CVE-2017-7601
- CVE-2017-7602
- CVE-2017-9117
- CVE-2017-9147
- CVE-2017-9403
- CVE-2017-9936
- CVE-2018-10963
- CVE-2018-12900
- CVE-2018-17100
- CVE-2018-17101
- CVE-2018-18557
- CVE-2018-18661
- CVE-2018-19210
- CVE-2018-8905
- CVE-2019-14973
- CVE-2019-17546
- CVE-2019-6128
- CVE-2019-7663