Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2020-1235)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the Huawei EulerOS 'libtiff' package(s) announced via the EulerOS-SA-2020-1235 advisory.
Insight
Insight
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.(CVE-2016-5323) The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the '-v' option to -1.(CVE-2016-3624) The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.(CVE-2016-3623) LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557) An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101) An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100) In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9.(CVE-2016-10272) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22.(CVE-2016-10270) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2.(CVE-2016-10269) tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23.(CVE-2016-10268) Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.(C ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'libtiff' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).
Common Vulnerabilities and Exposures (CVE)
- CVE-2016-10092
- CVE-2016-10266
- CVE-2016-10267
- CVE-2016-10268
- CVE-2016-10269
- CVE-2016-10270
- CVE-2016-10272
- CVE-2016-10371
- CVE-2016-3622
- CVE-2016-3623
- CVE-2016-3624
- CVE-2016-5102
- CVE-2016-5318
- CVE-2016-5321
- CVE-2016-5323
- CVE-2016-9273
- CVE-2016-9538
- CVE-2016-9539
- CVE-2017-10688
- CVE-2017-12944
- CVE-2017-13726
- CVE-2017-13727
- CVE-2017-7592
- CVE-2017-7593
- CVE-2017-7594
- CVE-2017-7595
- CVE-2017-7596
- CVE-2017-7597
- CVE-2017-7598
- CVE-2017-7599
- CVE-2017-7600
- CVE-2017-7601
- CVE-2017-7602
- CVE-2017-9117
- CVE-2017-9147
- CVE-2017-9403
- CVE-2017-9936
- CVE-2018-10779
- CVE-2018-10963
- CVE-2018-17100
- CVE-2018-17101
- CVE-2018-18557
- CVE-2018-18661
- CVE-2018-7456
- CVE-2018-8905
- CVE-2019-14973
- CVE-2019-17546