Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2017:0559
HistoryMar 20, 2017 - 8:25 a.m.

openjpeg security update

2017-03-2008:25:44
CentOS Project
lists.centos.org
49

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.171 Low

EPSS

Percentile

96.0%

JSON

CentOS Errata and Security Advisory CESA-2017:0559

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Security Fix(es):

  • Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)

  • A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675)

The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2017-March/084505.html

Affected packages:
openjpeg
openjpeg-devel
openjpeg-libs

Upstream details at:
https://access.redhat.com/errata/RHSA-2017:0559

Related

nessus 48
redhat 4
openvas 53
amazon 2
oraclelinux 3
centos 2
ibm 1
mageia 4
ubuntucve 8
prion 8
redhatcve 5
cve 8
veracode 7
fedora 19
debiancve 4
hackerone 1
osv 5
suse 2
freebsd 1
debian 7
securityvulns 3
kitploit 1
gentoo 1
archlinux 1
chrome 1
nessus
nessus
Amazon Linux AMI : openjpeg (ALAS-2017-807)
2017-03-23 00:00:00
RHEL 6 : openjpeg (RHSA-2017:0559)
2017-03-20 00:00:00
NewStart CGSL MAIN 4.05 : openjpeg Multiple Vulnerabilities (NS-SA-2019-0129)
2019-08-12 00:00:00
redhat
redhat
(RHSA-2017:0559) Moderate: openjpeg security update
2017-03-19 23:39:06
(RHSA-2017:0838) Moderate: openjpeg security update
2017-03-23 02:35:48
(RHSA-2013:1850) Important: openjpeg security update
2013-12-17 00:00:00
openvas
openvas
CentOS Update for openjpeg CESA-2017:0559 centos6
2017-03-21 00:00:00
RedHat Update for openjpeg RHSA-2017:0559-01
2017-03-20 00:00:00
RedHat Update for openjpeg RHSA-2017:0838-01
2017-03-23 00:00:00
amazon
amazon
Medium: openjpeg
2017-03-22 16:00:00
Important: openjpeg
2014-01-14 15:55:00
oraclelinux
oraclelinux
openjpeg security update
2017-03-19 00:00:00
openjpeg security update
2017-03-22 00:00:00
openjpeg security update
2013-12-17 00:00:00
centos
centos
openjpeg security update
2017-03-29 10:58:56
openjpeg security update
2013-12-17 19:00:24
ibm
ibm
Security Bulletin: Vulnerabilities in openjpeg affect PowerKVM
2018-06-18 01:36:15
mageia
mageia
Updated openjpeg packages fix security vulnerability
2017-05-02 09:37:59
Updated openjpeg package fixes security vulnerabilities
2014-01-06 05:10:03
Updated openjpeg2 packages fix security vulnerabilities
2016-11-03 12:02:50
ubuntucve
ubuntucve
CVE-2016-9675
2016-12-22 00:00:00
CVE-2016-7163
2016-09-21 00:00:00
CVE-2013-6045
2013-12-12 00:00:00
prion
prion
Heap overflow
2016-12-22 21:59:00
Integer overflow
2016-09-21 14:25:00
Heap overflow
2013-12-12 18:55:00
redhatcve
redhatcve
CVE-2016-9675
2016-11-29 23:47:33
CVE-2016-7163
2016-09-08 13:19:03
CVE-2016-5159
2019-10-10 04:27:09
cve
cve
CVE-2016-9675
2016-12-22 21:59:00
CVE-2016-7163
2016-09-21 14:25:00
CVE-2013-6045
2013-12-12 18:55:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 06:43:17
Arbitrary Code Execution And Denial Of Service
2019-05-02 06:43:17
Privilege Escalation
2019-01-15 09:16:31
fedora
fedora
[SECURITY] Fedora 25 Update: mingw-openjpeg2-2.1.1-3.fc25
2016-09-18 17:45:59
[SECURITY] Fedora 25 Update: openjpeg2-2.1.1-3.fc25
2016-09-15 19:09:28
[SECURITY] Fedora 24 Update: mingw-openjpeg2-2.1.1-3.fc24
2016-09-18 02:31:22
debiancve
debiancve
CVE-2016-7163
2016-09-21 14:25:00
CVE-2016-5159
2016-09-11 10:59:00
CVE-2016-5139
2016-08-07 19:59:00
hackerone
hackerone
Internet Bug Bounty: CVE-2016-7163 OpenJPEG opj_pi_create_decode Integer Overflow Vulnerability
2016-09-11 06:18:49
osv
osv
openjpeg2 - security update
2017-01-20 00:00:00
openjpeg2 - security update
2018-07-19 00:00:00
openjpeg - regression update
2013-12-03 00:00:00
suse
suse
Security update for openjpeg2 (important)
2017-08-17 00:10:07
Security update for Chromium (important)
2016-08-08 00:08:44
freebsd
freebsd
openjpeg -- multiple vulnerabilities
2016-09-08 00:00:00
debian
debian
[SECURITY] [DLA 1433-1] openjpeg2 security update
2018-07-19 20:29:10
[SECURITY] [DSA 3665-1] openjpeg2 security update
2016-09-11 18:05:19
[SECURITY] [DSA 2808-2] openjpeg regression update
2014-04-22 21:59:21
securityvulns
securityvulns
[SECURITY] [DSA 2808-1] openjpeg security update
2013-12-09 00:00:00
[ MDVSA-2014:008 ] openjpeg
2014-01-29 00:00:00
OpenJPEG library multiple security vulnerabilities
2014-01-29 00:00:00
kitploit
kitploit
CDK - Zero Dependency Container Penetration Toolkit
2021-01-21 11:30:00
gentoo
gentoo
OpenJPEG: Multiple vulnerabilities
2014-12-13 00:00:00
archlinux
archlinux
chromium: multiple issues
2016-08-17 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2016-08-03 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.171 Low

EPSS

Percentile

96.0%

JSON
Related for CESA-2017:0559
nessus48redhat4openvas53amazon2oraclelinux3centos2ibm1mageia4ubuntucve8prion8redhatcve5cve8veracode7fedora19debiancve4hackerone1osv5suse2freebsd1debian7securityvulns3kitploit1gentoo1archlinux1chrome1