Lucene search

K
amazon
AmazonALAS2-2023-1999
HistoryMar 17, 2023 - 4:35 p.m.

Medium: openjpeg

2023-03-1716:35:00
alas.aws.amazon.com
10

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.1%

Issue Overview:

A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG. (CVE-2021-3575)

Affected Packages:

openjpeg

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update openjpeg to update your system.

New Packages:

aarch64:  
    openjpeg-1.5.1-19.amzn2.aarch64  
    openjpeg-libs-1.5.1-19.amzn2.aarch64  
    openjpeg-devel-1.5.1-19.amzn2.aarch64  
    openjpeg-debuginfo-1.5.1-19.amzn2.aarch64  
  
i686:  
    openjpeg-1.5.1-19.amzn2.i686  
    openjpeg-libs-1.5.1-19.amzn2.i686  
    openjpeg-devel-1.5.1-19.amzn2.i686  
    openjpeg-debuginfo-1.5.1-19.amzn2.i686  
  
src:  
    openjpeg-1.5.1-19.amzn2.src  
  
x86_64:  
    openjpeg-1.5.1-19.amzn2.x86_64  
    openjpeg-libs-1.5.1-19.amzn2.x86_64  
    openjpeg-devel-1.5.1-19.amzn2.x86_64  
    openjpeg-debuginfo-1.5.1-19.amzn2.x86_64  

Additional References

Red Hat: CVE-2021-3575

Mitre: CVE-2021-3575

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.1%

Related for ALAS2-2023-1999