DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-27814", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-27814", "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.", "published": "2021-01-26T18:15:00", "modified": "2022-10-07T02:22:00", "epss": [{"cve": "CVE-2020-27814", "epss": 0.00244, "percentile": 0.62185, "modified": "2023-12-02"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27814", "reporter": "secalert@redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1901998", "https://security.gentoo.org/glsa/202101-29", "https://github.com/uclouvain/openjpeg/issues/1283", "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html", "https://www.debian.org/security/2021/dsa-4882", "https://www.oracle.com//security-alerts/cpujul2021.html"], "cvelist": ["CVE-2020-27814"], "immutableFields": [], "lastseen": "2023-12-02T16:07:11", "viewCount": 140, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4251"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-27814"]}, {"type": "amazon", "idList": ["ALAS2-2022-1741"]}, {"type": "archlinux", "idList": ["ASA-202012-21"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:CF99469AEE85FAA4A2723DEF330B8E4B"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2550-1:E200A", "DEBIAN:DSA-4882-1:5EC6A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-27814"]}, {"type": "fedora", "idList": ["FEDORA:000423094DC3", "FEDORA:7307C30AD43B", "FEDORA:93A083094AEF", "FEDORA:E5B6E30BA77A"]}, {"type": "gentoo", "idList": ["GLSA-202101-29"]}, {"type": "mageia", "idList": ["MGASA-2020-0464"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-4251.NASL", "CENTOS8_RHSA-2021-4251.NASL", "DEBIAN_DLA-2550.NASL", "DEBIAN_DSA-4882.NASL", "EULEROS_SA-2021-1156.NASL", "EULEROS_SA-2021-1587.NASL", "EULEROS_SA-2021-2174.NASL", "EULEROS_SA-2021-2198.NASL", "EULEROS_SA-2021-2250.NASL", "EULEROS_SA-2021-2276.NASL", "FEDORA_2020-9CD524EECA.NASL", "FEDORA_2020-D32853A28D.NASL", "GENTOO_GLSA-202101-29.NASL", "ORACLELINUX_ELSA-2021-4251.NASL", "ORACLE_RDBMS_CPU_JUL_2021.NASL", "REDHAT-RHSA-2021-4251.NASL", "ROCKY_LINUX_RLSA-2021-4251.NASL", "SUSE_SU-2022-3802-1.NASL", "UBUNTU_USN-4685-1.NASL", "UBUNTU_USN-4686-1.NASL", "UBUNTU_USN-4880-1.NASL", "UBUNTU_USN-5952-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2023", "ORACLE:CPUJUL2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4251"]}, {"type": "osv", "idList": ["OSV:CVE-2020-27814", "OSV:DLA-2550-1", "OSV:DSA-4882-1"]}, {"type": "prion", "idList": ["PRION:CVE-2020-27814"]}, {"type": "redhat", "idList": ["RHSA-2021:4251", "RHSA-2022:0202"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-27814"]}, {"type": "rocky", "idList": ["RLSA-2021:4251"]}, {"type": "suse", "idList": ["SUSE-SU-2022:3802-1"]}, {"type": "ubuntu", "idList": ["USN-4685-1", "USN-4686-1", "USN-4880-1", "USN-5952-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-27814"]}, {"type": "veracode", "idList": ["VERACODE:28807"]}]}, "score": {"value": 8.4, "uncertanity": 0.2, "vector": "NONE"}, "twitter": {"counter": 6, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1359122149785632769", "text": " NEW: CVE-2020-27814 A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code ... (click for more) Severity: HIGH https://t.co/DYlzy9j9mz?amp=1"}, {"link": "https://twitter.com/GrupoICA_Ciber/status/1365224161052942337", "text": "DEBIAN\nM\u00faltiples vulnerabilidades de severidad alta en productos DEBIAN: \n\nCVE-2020-27844,CVE-2020-27814,CVE-2020-25681,CVE-2021-26720,CVE-2021-23840,CVE-2021-23841\n\nM\u00e1s info en: https://t.co/MSlGna3az9?amp=1\n/hashtag/ciberseguridad?src=hashtag_click /hashtag/grupoica?src=hashtag_click /hashtag/debian?src=hashtag_click"}, {"link": "https://twitter.com/threatintelctr/status/1358933413017829378", "text": " NEW: CVE-2020-27814 A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code ... (click for more) Severity: HIGH https://t.co/DYlzy9j9mz?amp=1"}, {"link": "https://twitter.com/RemotelyAlerts/status/1578225922636886016", "text": "Severity: | A heap-buffer overflow was found in the ... | CVE-2020-27814 | Link for more: https://t.co/Vie0yGmzkL", "author": "RemotelyAlerts", "author_photo": "https://pbs.twimg.com/profile_images/1534892541354680322/G_Cairku_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1578214071454863361", "text": " NEW: CVE-2020-27814 A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code ... (click for more) Severity: HIGH https://t.co/DYlzy9j9mz", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4251"]}, {"type": "amazon", "idList": ["ALAS2-2022-1741"]}, {"type": "archlinux", "idList": ["ASA-202012-21"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2550-1:E200A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-27814"]}, {"type": "fedora", "idList": ["FEDORA:000423094DC3", "FEDORA:7307C30AD43B", "FEDORA:93A083094AEF", "FEDORA:E5B6E30BA77A"]}, {"type": "gentoo", "idList": ["GLSA-202101-29"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2550.NASL", "EULEROS_SA-2021-1156.NASL", "FEDORA_2020-9CD524EECA.NASL", "FEDORA_2020-D32853A28D.NASL", "GENTOO_GLSA-202101-29.NASL", "ORACLELINUX_ELSA-2021-4251.NASL", "REDHAT-RHSA-2021-4251.NASL", "UBUNTU_USN-4685-1.NASL", "UBUNTU_USN-4686-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4251"]}, {"type": "redhat", "idList": ["RHSA-2022:0202"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-27814"]}, {"type": "ubuntu", "idList": ["USN-4685-1", "USN-4686-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-27814"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "uclouvain openjpeg", "version": 1}, {"name": "uclouvain openjpeg", "version": 2}, {"name": "debian debian linux", "version": 9}, {"name": "debian debian linux", "version": 10}]}, "epss": [{"cve": "CVE-2020-27814", "epss": 0.0021, "percentile": 0.57454, "modified": "2023-05-07"}], "short_description": " A heap-buffer overflow in openjpeg2 handling certain PNG format files", "tags": ["cve-2020-27814", "heap-buffer overflow", "openjpeg2", "png format", "nvd", "security vulnerability."], "vulnersScore": 8.4}, "_state": {"dependencies": 1701536082, "score": 1701533623, "twitter": 0, "affected_software_major_version": 0, "epss": 0, "chatgpt": 0}, "_internal": {"score_hash": "ea6fd4a46f44ac3109629346063ccd81", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "redhat", "cvss": {}}, "cpe": ["cpe:/a:uclouvain:openjpeg:1.5.1", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:uclouvain:openjpeg:1.5.1:*:*:*:*:*:*:*"], "cwe": ["CWE-122"], "affectedSoftware": [{"cpeName": "uclouvain:openjpeg", "version": "1.5.1", "operator": "le", "name": "uclouvain openjpeg"}, {"cpeName": "uclouvain:openjpeg", "version": "2.4.0", "operator": "lt", "name": "uclouvain openjpeg"}, {"cpeName": "debian:debian_linux", "version": "9.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "debian:debian_linux", "version": "10.0", "operator": "eq", "name": "debian debian linux"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:1.5.1:*:*:*:*:*:*:*", "versionEndIncluding": "1.5.1", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.4.0", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901998", "refsource": "MISC", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202101-29", "name": "GLSA-202101-29", "refsource": "GENTOO", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/uclouvain/openjpeg/issues/1283", "name": "https://github.com/uclouvain/openjpeg/issues/1283", "refsource": "MISC", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html", "name": "[debian-lts-announce] 20210208 [SECURITY] [DLA 2550-1] openjpeg2 security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://www.debian.org/security/2021/dsa-4882", "name": "DSA-4882", "refsource": "DEBIAN", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "name": "N/A", "refsource": "N/A", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Uclouvain", "product": "Openjpeg"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "2020-10-27T00:00:00"}

{"prion": [{"lastseen": "2023-11-22T01:34:03", "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-26T18:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2022-10-07T02:22:00", "id": "PRION:CVE-2020-27814", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-27814", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-01T15:25:37", "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-26T18:15:00", "type": "debiancve", "title": "CVE-2020-27814", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2021-01-26T18:15:00", "id": "DEBIANCVE:CVE-2020-27814", "href": "https://security-tracker.debian.org/tracker/CVE-2020-27814", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:26:33", "description": "Backport patch for CVE-2020-27814.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-10T00:00:00", "type": "nessus", "title": "Fedora 33 : mingw-openjpeg2 / openjpeg2 (2020-9cd524eeca)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27814"], "modified": "2021-02-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-9CD524EECA.NASL", "href": "https://www.tenable.com/plugins/nessus/144039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-9cd524eeca.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144039);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/04\");\n\n script_cve_id(\"CVE-2020-27814\");\n script_xref(name:\"FEDORA\", value:\"2020-9cd524eeca\");\n\n script_name(english:\"Fedora 33 : mingw-openjpeg2 / openjpeg2 (2020-9cd524eeca)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Backport patch for CVE-2020-27814.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-9cd524eeca\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected mingw-openjpeg2 and / or openjpeg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27814\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"mingw-openjpeg2-2.3.1-9.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"openjpeg2-2.3.1-8.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2 / openjpeg2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:19", "description": "According to the version of the openjpeg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.(CVE-2020-27814)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : openjpeg2 (EulerOS-SA-2021-1587)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27814"], "modified": "2021-03-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-1587.NASL", "href": "https://www.tenable.com/plugins/nessus/147108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147108);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-27814\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : openjpeg2 (EulerOS-SA-2021-1587)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openjpeg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - A heap-buffer overflow was found in the way openjpeg2\n handled certain PNG format files. An attacker could use\n this flaw to cause an application crash or in some\n cases execute arbitrary code with the permission of the\n user running such an application.(CVE-2020-27814)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1587\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0cf84b9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.0-9.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:44", "description": "According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.(CVE-2020-27841)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.(CVE-2020-27845)\n\n - The OpenJPEG library is an open-source JPEG 2000 library developed in order topromote the use of JPEG 2000.This package contains* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1 compliance).* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple(CVE-2020-27824)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.(CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27823)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2021-1156)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27845"], "modified": "2021-06-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1156.NASL", "href": "https://www.tenable.com/plugins/nessus/145744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145744);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/04\");\n\n script_cve_id(\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27845\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2021-1156)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - There's a flaw in openjpeg in versions prior to 2.4.0\n in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg\n encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application\n availability.(CVE-2020-27841)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in\n versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's\n conversion/encoding functionality, they could cause an\n out-of-bounds read. The highest impact of this flaw is\n to application availability.(CVE-2020-27845)\n\n - The OpenJPEG library is an open-source JPEG 2000\n library developed in order topromote the use of JPEG\n 2000.This package contains* JPEG 2000 codec compliant\n with the Part 1 of the standard (Class-1 Profile-1\n compliance).* JP2 (JPEG 2000 standard Part 2 - Handling\n of JP2 boxes and extended multiple(CVE-2020-27824)\n\n - A heap-buffer overflow was found in the way openjpeg2\n handled certain PNG format files. An attacker could use\n this flaw to cause an application crash or in some\n cases execute arbitrary code with the permission of the\n user running such an application.(CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw\n allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-27823)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1156\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbc68597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27823\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.0-9.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:06:01", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4880-1 advisory.\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. (CVE-2020-27814)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : OpenJPEG vulnerabilities (USN-4880-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27845"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7-dev", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-tools", "p-cpe:/a:canonical:ubuntu_linux:libopenjp3d-tools", "p-cpe:/a:canonical:ubuntu_linux:libopenjp3d7", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-dec-server", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-server", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-viewer", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip7"], "id": "UBUNTU_USN-4880-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148002", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4880-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148002);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27845\"\n );\n script_xref(name:\"USN\", value:\"4880-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : OpenJPEG vulnerabilities (USN-4880-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4880-1 advisory.\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could\n use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of\n the user running such an application. (CVE-2020-27814)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds\n read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4880-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27823\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp3d-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp3d7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-dec-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libopenjp2-7', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjp2-7-dev', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjp2-tools', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjp3d-tools', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjp3d7', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-dec-server', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-server', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-viewer', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjpip7', 'pkgver': '2.1.2-1.1+deb9u6build0.16.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenjp2-7 / libopenjp2-7-dev / libopenjp2-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:23", "description": "Various overflow errors were identified and fixed.\n\nCVE-2020-27814\n\nA heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files.\n\nCVE-2020-27823\n\nWrong computation of x1,y1 if -d option is used, resulting in heap buffer overflow.\n\nCVE-2020-27824\n\nGlobal buffer overflow on irreversible conversion when too many decomposition levels are specified.\n\nCVE-2020-27841\n\nCrafted input to be processed by the openjpeg encoder could cause an out-of-bounds read.\n\nCVE-2020-27844\n\nCrafted input to be processed by the openjpeg encoder could cause an out-of-bounds write.\n\nCVE-2020-27845\n\nCrafted input can cause out-of-bounds-read.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.1.2-1.1+deb9u6.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nFor the detailed security status of openjpeg2 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjpeg2\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-09T00:00:00", "type": "nessus", "title": "Debian DLA-2550-1 : openjpeg2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27844", "CVE-2020-27845"], "modified": "2021-02-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libopenjp2-7", "p-cpe:/a:debian:debian_linux:libopenjp2-7-dbg", "p-cpe:/a:debian:debian_linux:libopenjp2-7-dev", "p-cpe:/a:debian:debian_linux:libopenjp2-tools", "p-cpe:/a:debian:debian_linux:libopenjp3d-tools", "p-cpe:/a:debian:debian_linux:libopenjp3d7", "p-cpe:/a:debian:debian_linux:libopenjpip-dec-server", "p-cpe:/a:debian:debian_linux:libopenjpip-server", "p-cpe:/a:debian:debian_linux:libopenjpip-viewer", "p-cpe:/a:debian:debian_linux:libopenjpip7", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2550.NASL", "href": "https://www.tenable.com/plugins/nessus/146321", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2550-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146321);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/11\");\n\n script_cve_id(\"CVE-2020-27814\", \"CVE-2020-27823\", \"CVE-2020-27824\", \"CVE-2020-27841\", \"CVE-2020-27844\", \"CVE-2020-27845\");\n\n script_name(english:\"Debian DLA-2550-1 : openjpeg2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Various overflow errors were identified and fixed.\n\nCVE-2020-27814\n\nA heap-buffer overflow was found in the way openjpeg2 handled certain\nPNG format files.\n\nCVE-2020-27823\n\nWrong computation of x1,y1 if -d option is used, resulting in heap\nbuffer overflow.\n\nCVE-2020-27824\n\nGlobal buffer overflow on irreversible conversion when too many\ndecomposition levels are specified.\n\nCVE-2020-27841\n\nCrafted input to be processed by the openjpeg encoder could cause an\nout-of-bounds read.\n\nCVE-2020-27844\n\nCrafted input to be processed by the openjpeg encoder could cause an\nout-of-bounds write.\n\nCVE-2020-27845\n\nCrafted input can cause out-of-bounds-read.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.1.2-1.1+deb9u6.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nFor the detailed security status of openjpeg2 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openjpeg2\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openjpeg2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openjpeg2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp2-7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp2-7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp3d-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp3d7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjpip-dec-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjpip-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjpip-viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjpip7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp2-7\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp2-7-dbg\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp2-7-dev\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp2-tools\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp3d-tools\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp3d7\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjpip-dec-server\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjpip-server\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjpip-viewer\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjpip7\", reference:\"2.1.2-1.1+deb9u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:02", "description": "According to the versions of the openjpeg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.(CVE-2020-27845)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.(CVE-2020-27843)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.(CVE-2020-27841)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.(CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.(CVE-2020-27824)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27823)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.(CVE-2020-15389)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : openjpeg2 (EulerOS-SA-2021-2174)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-2174.NASL", "href": "https://www.tenable.com/plugins/nessus/151568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151568);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : openjpeg2 (EulerOS-SA-2021-2174)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in\n versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's\n conversion/encoding functionality, they could cause an\n out-of-bounds read. The highest impact of this flaw is\n to application availability.(CVE-2020-27845)\n\n - A flaw was found in OpenJPEG in versions prior to\n 2.4.0. This flaw allows an attacker to provide\n specially crafted input to the conversion or encoding\n functionality, causing an out-of-bounds read. The\n highest threat from this vulnerability is system\n availability.(CVE-2020-27843)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0\n in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg\n encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application\n availability.(CVE-2020-27841)\n\n - A heap-buffer overflow was found in the way openjpeg2\n handled certain PNG format files. An attacker could use\n this flaw to cause an application crash or in some\n cases execute arbitrary code with the permission of the\n user running such an application.(CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder in the\n opj_dwt_calc_explicit_stepsizes() function. This flaw\n allows an attacker who can supply crafted input to\n decomposition levels to cause a buffer overflow. The\n highest threat from this vulnerability is to system\n availability.(CVE-2020-27824)\n\n - A flaw was found in OpenJPEG's encoder. This flaw\n allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-27823)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a\n use-after-free that can be triggered if there is a mix\n of valid and invalid files in a directory operated on\n by the decompressor. Triggering a double-free may also\n be possible. This is related to calling\n opj_image_destroy twice.(CVE-2020-15389)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2174\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4efff524\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27823\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.1-2.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:24", "description": "According to the versions of the openjpeg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.(CVE-2020-27845)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.(CVE-2020-27843)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.(CVE-2020-27841)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.(CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.(CVE-2020-27824)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27823)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.(CVE-2020-15389)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : openjpeg2 (EulerOS-SA-2021-2198)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-2198.NASL", "href": "https://www.tenable.com/plugins/nessus/151551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151551);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : openjpeg2 (EulerOS-SA-2021-2198)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in\n versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's\n conversion/encoding functionality, they could cause an\n out-of-bounds read. The highest impact of this flaw is\n to application availability.(CVE-2020-27845)\n\n - A flaw was found in OpenJPEG in versions prior to\n 2.4.0. This flaw allows an attacker to provide\n specially crafted input to the conversion or encoding\n functionality, causing an out-of-bounds read. The\n highest threat from this vulnerability is system\n availability.(CVE-2020-27843)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0\n in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg\n encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application\n availability.(CVE-2020-27841)\n\n - A heap-buffer overflow was found in the way openjpeg2\n handled certain PNG format files. An attacker could use\n this flaw to cause an application crash or in some\n cases execute arbitrary code with the permission of the\n user running such an application.(CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder in the\n opj_dwt_calc_explicit_stepsizes() function. This flaw\n allows an attacker who can supply crafted input to\n decomposition levels to cause a buffer overflow. The\n highest threat from this vulnerability is to system\n availability.(CVE-2020-27824)\n\n - A flaw was found in OpenJPEG's encoder. This flaw\n allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-27823)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a\n use-after-free that can be triggered if there is a mix\n of valid and invalid files in a directory operated on\n by the decompressor. Triggering a double-free may also\n be possible. This is related to calling\n opj_image_destroy twice.(CVE-2020-15389)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2198\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7bd2a952\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27823\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.1-2.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:28", "description": "According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.(CVE-2020-27824)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.(CVE-2020-15389)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.(CVE-2020-27843)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.(CVE-2020-27814)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.(CVE-2020-27841)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.(CVE-2020-27845)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openjpeg2 (EulerOS-SA-2021-2250)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2250.NASL", "href": "https://www.tenable.com/plugins/nessus/152289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152289);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : openjpeg2 (EulerOS-SA-2021-2250)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in OpenJPEG's encoder. This flaw\n allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the\n opj_dwt_calc_explicit_stepsizes() function. This flaw\n allows an attacker who can supply crafted input to\n decomposition levels to cause a buffer overflow. The\n highest threat from this vulnerability is to system\n availability.(CVE-2020-27824)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a\n use-after-free that can be triggered if there is a mix\n of valid and invalid files in a directory operated on\n by the decompressor. Triggering a double-free may also\n be possible. This is related to calling\n opj_image_destroy twice.(CVE-2020-15389)\n\n - A flaw was found in OpenJPEG in versions prior to\n 2.4.0. This flaw allows an attacker to provide\n specially crafted input to the conversion or encoding\n functionality, causing an out-of-bounds read. The\n highest threat from this vulnerability is system\n availability.(CVE-2020-27843)\n\n - A heap-buffer overflow was found in the way openjpeg2\n handled certain PNG format files. An attacker could use\n this flaw to cause an application crash or in some\n cases execute arbitrary code with the permission of the\n user running such an application.(CVE-2020-27814)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0\n in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg\n encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application\n availability.(CVE-2020-27841)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in\n versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's\n conversion/encoding functionality, they could cause an\n out-of-bounds read. The highest impact of this flaw is\n to application availability.(CVE-2020-27845)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2250\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e97aebeb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27823\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.1-2.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:41", "description": "This update backports patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845.\n\n----\n\nThis update backports patches for CVE-2020-27824 and CVE-2020-27823.\n\n----\n\nBackport patch for CVE-2020-27814.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-15T00:00:00", "type": "nessus", "title": "Fedora 32 : mingw-openjpeg2 / openjpeg2 (2020-d32853a28d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2022-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-D32853A28D.NASL", "href": "https://www.tenable.com/plugins/nessus/145017", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-d32853a28d.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145017);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/08\");\n\n script_cve_id(\"CVE-2020-27814\", \"CVE-2020-27823\", \"CVE-2020-27824\", \"CVE-2020-27841\", \"CVE-2020-27842\", \"CVE-2020-27843\", \"CVE-2020-27845\");\n script_xref(name:\"FEDORA\", value:\"2020-d32853a28d\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Fedora 32 : mingw-openjpeg2 / openjpeg2 (2020-d32853a28d)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update backports patches for CVE-2020-27841, CVE-2020-27842,\nCVE-2020-27843, CVE-2020-27845.\n\n----\n\nThis update backports patches for CVE-2020-27824 and CVE-2020-27823.\n\n----\n\nBackport patch for CVE-2020-27814.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-d32853a28d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected mingw-openjpeg2 and / or openjpeg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27823\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"mingw-openjpeg2-2.3.1-11.fc32\")) flag++;\nif (rpm_check(release:\"FC32\", reference:\"openjpeg2-2.3.1-10.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2 / openjpeg2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:35", "description": "According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.(CVE-2020-27824)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.(CVE-2020-15389)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.(CVE-2020-27843)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.(CVE-2020-27814)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.(CVE-2020-27841)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.(CVE-2020-27845)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openjpeg2 (EulerOS-SA-2021-2276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2276.NASL", "href": "https://www.tenable.com/plugins/nessus/152287", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152287);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : openjpeg2 (EulerOS-SA-2021-2276)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in OpenJPEG's encoder. This flaw\n allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the\n opj_dwt_calc_explicit_stepsizes() function. This flaw\n allows an attacker who can supply crafted input to\n decomposition levels to cause a buffer overflow. The\n highest threat from this vulnerability is to system\n availability.(CVE-2020-27824)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a\n use-after-free that can be triggered if there is a mix\n of valid and invalid files in a directory operated on\n by the decompressor. Triggering a double-free may also\n be possible. This is related to calling\n opj_image_destroy twice.(CVE-2020-15389)\n\n - A flaw was found in OpenJPEG in versions prior to\n 2.4.0. This flaw allows an attacker to provide\n specially crafted input to the conversion or encoding\n functionality, causing an out-of-bounds read. The\n highest threat from this vulnerability is system\n availability.(CVE-2020-27843)\n\n - A heap-buffer overflow was found in the way openjpeg2\n handled certain PNG format files. An attacker could use\n this flaw to cause an application crash or in some\n cases execute arbitrary code with the permission of the\n user running such an application.(CVE-2020-27814)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0\n in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg\n encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application\n availability.(CVE-2020-27841)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in\n versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's\n conversion/encoding functionality, they could cause an\n out-of-bounds read. The highest impact of this flaw is\n to application availability.(CVE-2020-27845)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2276\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eab3341a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27823\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.1-2.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T10:50:10", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3802-1 advisory.\n\n - Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). (CVE-2018-20846)\n\n - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.\n (CVE-2018-21010)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-28T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : openjpeg2 (SUSE-SU-2022:3802-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20846", "CVE-2018-21010", "CVE-2020-27814", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenjp2-7", "p-cpe:/a:novell:suse_linux:openjpeg2", "p-cpe:/a:novell:suse_linux:openjpeg2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3802-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166688", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3802-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166688);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2018-20846\",\n \"CVE-2018-21010\",\n \"CVE-2020-27814\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3802-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openjpeg2 (SUSE-SU-2022:3802-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:3802-1 advisory.\n\n - Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl,\n pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a\n denial of service (application crash). (CVE-2018-20846)\n\n - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.\n (CVE-2018-21010)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could\n use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of\n the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows\n an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest\n threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide\n crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of\n this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially\n crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest\n threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds\n read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1140205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1149789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-21010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27845\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-October/012731.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8766b837\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libopenjp2-7, openjpeg2 and / or openjpeg2-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27814\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-21010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libopenjp2-7-2.3.0-150000.3.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'openjpeg2-2.3.0-150000.3.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'openjpeg2-devel-2.3.0-150000.3.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libopenjp2-7-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libopenjp2-7-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'openjpeg2-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'openjpeg2-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'openjpeg2-devel-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'openjpeg2-devel-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libopenjp2-7-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libopenjp2-7-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'openjpeg2-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'openjpeg2-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'openjpeg2-devel-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'openjpeg2-devel-2.3.0-150000.3.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenjp2-7 / openjpeg2 / openjpeg2-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:01:47", "description": "The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4685-1 advisory.\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-07T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : OpenJPEG vulnerabilities (USN-4685-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7-dev", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-tools", "p-cpe:/a:canonical:ubuntu_linux:libopenjp3d-tools", "p-cpe:/a:canonical:ubuntu_linux:libopenjp3d7", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-dec-server", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-server", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-viewer", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip7"], "id": "UBUNTU_USN-4685-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144788", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4685-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144788);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\"\n );\n script_xref(name:\"USN\", value:\"4685-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 20.04 LTS : OpenJPEG vulnerabilities (USN-4685-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4685-1 advisory.\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a\n mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free\n may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide\n crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of\n this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially\n crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest\n threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds\n read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4685-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27823\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp3d-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp3d7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-dec-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'libopenjp2-7', 'pkgver': '2.3.1-1ubuntu4.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libopenjp2-7-dev', 'pkgver': '2.3.1-1ubuntu4.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libopenjp2-tools', 'pkgver': '2.3.1-1ubuntu4.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libopenjp3d-tools', 'pkgver': '2.3.1-1ubuntu4.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libopenjp3d7', 'pkgver': '2.3.1-1ubuntu4.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libopenjpip-dec-server', 'pkgver': '2.3.1-1ubuntu4.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libopenjpip-server', 'pkgver': '2.3.1-1ubuntu4.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libopenjpip-viewer', 'pkgver': '2.3.1-1ubuntu4.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libopenjpip7', 'pkgver': '2.3.1-1ubuntu4.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenjp2-7 / libopenjp2-7-dev / libopenjp2-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:12:44", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4686-1 advisory.\n\n - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5727)\n\n - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. (CVE-2020-6851)\n\n - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-07T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Ghostscript vulnerabilities (USN-4686-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5727", "CVE-2020-27814", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2023-10-21T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:ghostscript", "p-cpe:/a:canonical:ubuntu_linux:ghostscript-x", "p-cpe:/a:canonical:ubuntu_linux:libgs-dev", "p-cpe:/a:canonical:ubuntu_linux:libgs9", "p-cpe:/a:canonical:ubuntu_linux:libgs9-common"], "id": "UBUNTU_USN-4686-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144787", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4686-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144787);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2018-5727\",\n \"CVE-2020-6851\",\n \"CVE-2020-8112\",\n \"CVE-2020-27814\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\"\n );\n script_xref(name:\"USN\", value:\"4686-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Ghostscript vulnerabilities (USN-4686-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4686-1 advisory.\n\n - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function\n (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a\n crafted bmp file. (CVE-2018-5727)\n\n - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c\n because of lack of opj_j2k_update_image_dimensions validation. (CVE-2020-6851)\n\n - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer\n overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide\n crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of\n this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially\n crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest\n threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds\n read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4686-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8112\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ghostscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ghostscript-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgs-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgs9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgs9-common\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'ghostscript', 'pkgver': '9.26~dfsg+0-0ubuntu0.16.04.14'},\n {'osver': '16.04', 'pkgname': 'ghostscript-x', 'pkgver': '9.26~dfsg+0-0ubuntu0.16.04.14'},\n {'osver': '16.04', 'pkgname': 'libgs-dev', 'pkgver': '9.26~dfsg+0-0ubuntu0.16.04.14'},\n {'osver': '16.04', 'pkgname': 'libgs9', 'pkgver': '9.26~dfsg+0-0ubuntu0.16.04.14'},\n {'osver': '16.04', 'pkgname': 'libgs9-common', 'pkgver': '9.26~dfsg+0-0ubuntu0.16.04.14'},\n {'osver': '18.04', 'pkgname': 'ghostscript', 'pkgver': '9.26~dfsg+0-0ubuntu0.18.04.14'},\n {'osver': '18.04', 'pkgname': 'ghostscript-x', 'pkgver': '9.26~dfsg+0-0ubuntu0.18.04.14'},\n {'osver': '18.04', 'pkgname': 'libgs-dev', 'pkgver': '9.26~dfsg+0-0ubuntu0.18.04.14'},\n {'osver': '18.04', 'pkgname': 'libgs9', 'pkgver': '9.26~dfsg+0-0ubuntu0.18.04.14'},\n {'osver': '18.04', 'pkgname': 'libgs9-common', 'pkgver': '9.26~dfsg+0-0ubuntu0.18.04.14'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ghostscript / ghostscript-x / libgs-dev / libgs9 / libgs9-common');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:30", "description": "The remote host is affected by the vulnerability described in GLSA-202101-29 (OpenJPEG: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2021-01-26T00:00:00", "type": "nessus", "title": "GLSA-202101-29 : OpenJPEG: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21010", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27844", "CVE-2020-27845"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openjpeg", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202101-29.NASL", "href": "https://www.tenable.com/plugins/nessus/145436", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202101-29.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145436);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-21010\", \"CVE-2019-12973\", \"CVE-2020-15389\", \"CVE-2020-27814\", \"CVE-2020-27841\", \"CVE-2020-27842\", \"CVE-2020-27843\", \"CVE-2020-27844\", \"CVE-2020-27845\");\n script_xref(name:\"GLSA\", value:\"202101-29\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"GLSA-202101-29 : OpenJPEG: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202101-29\n(OpenJPEG: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenJPEG. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202101-29\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All OpenJPEG 2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openjpeg-2.4.0:2'\n Gentoo has discontinued support OpenJPEG 1.x and any dependent packages\n should now be using OpenJPEG 2 or have dropped support for the library.\n We recommend that users unmerge OpenJPEG 1.x:\n # emerge --unmerge 'media-libs/openjpeg:1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27844\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openjpeg\", unaffected:make_list(\"ge 2.4.0\"), vulnerable:make_list(\"lt 2.4.0\", \"lt 1.5.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenJPEG\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:07:04", "description": "Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code when opening a malformed image.", "cvss3": {}, "published": "2021-04-02T00:00:00", "type": "nessus", "title": "Debian DSA-4882-1 : openjpeg2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjpeg2", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4882.NASL", "href": "https://www.tenable.com/plugins/nessus/148305", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4882. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148305);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15389\", \"CVE-2020-27814\", \"CVE-2020-27823\", \"CVE-2020-27824\", \"CVE-2020-27841\", \"CVE-2020-27842\", \"CVE-2020-27843\", \"CVE-2020-27845\", \"CVE-2020-6851\", \"CVE-2020-8112\");\n script_xref(name:\"DSA\", value:\"4882\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DSA-4882-1 : openjpeg2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities have been discovered in openjpeg2, the\nopen-source JPEG 2000 codec, which could result in denial of service\nor the execution of arbitrary code when opening a malformed image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openjpeg2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/openjpeg2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4882\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the openjpeg2 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.3.0-2+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8112\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libopenjp2-7\", reference:\"2.3.0-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenjp2-7-dev\", reference:\"2.3.0-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenjp2-tools\", reference:\"2.3.0-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenjp3d-tools\", reference:\"2.3.0-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenjp3d7\", reference:\"2.3.0-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenjpip-dec-server\", reference:\"2.3.0-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenjpip-server\", reference:\"2.3.0-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenjpip-viewer\", reference:\"2.3.0-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libopenjpip7\", reference:\"2.3.0-2+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T07:07:34", "description": "The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5952-1 advisory.\n\n - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. (CVE-2020-6851)\n\n - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS : OpenJPEG vulnerabilities (USN-5952-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7-dev", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-tools", "p-cpe:/a:canonical:ubuntu_linux:libopenjp3d-tools", "p-cpe:/a:canonical:ubuntu_linux:libopenjp3d7", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-dec-server", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-server", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-viewer", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip7"], "id": "UBUNTU_USN-5952-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172576", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5952-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172576);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-6851\",\n \"CVE-2020-8112\",\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27841\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"USN\", value:\"5952-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS : OpenJPEG vulnerabilities (USN-5952-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5952-1 advisory.\n\n - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c\n because of lack of opj_j2k_update_image_dimensions validation. (CVE-2020-6851)\n\n - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer\n overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a\n mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free\n may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could\n use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of\n the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows\n an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest\n threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to\n provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The\n greatest impact from this flaw is to application availability. (CVE-2020-27841)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide\n crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of\n this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially\n crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest\n threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds\n read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5952-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8112\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp3d-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp3d7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-dec-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libopenjp2-7', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '16.04', 'pkgname': 'libopenjp2-7-dev', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '16.04', 'pkgname': 'libopenjp2-tools', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '16.04', 'pkgname': 'libopenjp3d-tools', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '16.04', 'pkgname': 'libopenjp3d7', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-dec-server', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-server', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-viewer', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '16.04', 'pkgname': 'libopenjpip7', 'pkgver': '2.1.2-1.1+deb9u6ubuntu0.1~esm3'},\n {'osver': '18.04', 'pkgname': 'libopenjp2-7', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libopenjp2-7-dev', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libopenjp2-tools', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libopenjp3d-tools', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libopenjp3d7', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libopenjpip-dec-server', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libopenjpip-server', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libopenjpip-viewer', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libopenjpip7', 'pkgver': '2.3.0-2+deb10u2build0.18.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenjp2-7 / libopenjp2-7-dev / libopenjp2-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:35:36", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4251 advisory.\n\n - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). (CVE-2018-20845)\n\n - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\n - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5727)\n\n - In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5785)\n\n - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.\n Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\n - Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that contains 1048576 files. (CVE-2021-29338)\n\n - A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. (CVE-2021-3575)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-07T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : openjpeg2 (RLSA-2021:4251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2018-6616", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:openjpeg2", "p-cpe:/a:rocky:linux:openjpeg2-debuginfo", "p-cpe:/a:rocky:linux:openjpeg2-debugsource", "p-cpe:/a:rocky:linux:openjpeg2-devel", "p-cpe:/a:rocky:linux:openjpeg2-devel-docs", "p-cpe:/a:rocky:linux:openjpeg2-tools", "p-cpe:/a:rocky:linux:openjpeg2-tools-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-4251.NASL", "href": "https://www.tenable.com/plugins/nessus/185024", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:4251.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185024);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\n \"CVE-2018-5727\",\n \"CVE-2018-5785\",\n \"CVE-2018-20845\",\n \"CVE-2018-20847\",\n \"CVE-2019-12973\",\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\",\n \"CVE-2021-3575\",\n \"CVE-2021-29338\"\n );\n script_xref(name:\"RLSA\", value:\"2021:4251\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Rocky Linux 8 : openjpeg2 (RLSA-2021:4251)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:4251 advisory.\n\n - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in\n openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application\n crash). (CVE-2018-20845)\n\n - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in\n openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\n - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function\n (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a\n crafted bmp file. (CVE-2018-5727)\n\n - In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the\n opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to\n cause a denial of service via a crafted bmp file. (CVE-2018-5785)\n\n - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.\n Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a\n mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free\n may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could\n use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of\n the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows\n an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest\n threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide\n crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of\n this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially\n crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest\n threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds\n read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\n - Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of\n Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that\n contains 1048576 files. (CVE-2021-29338)\n\n - A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing\n a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the\n application compiled against openjpeg. (CVE-2021-3575)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:4251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1536552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1537758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1728505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1728509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1732270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1852869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1901998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1905723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1905762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1907513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1907516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1907523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1950101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1957616\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3575\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openjpeg2-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openjpeg2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openjpeg2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-debuginfo-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-debuginfo-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-debuginfo-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-debugsource-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-debugsource-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-debugsource-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-docs-2.4.0-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-debuginfo-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-debuginfo-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-debuginfo-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjpeg2 / openjpeg2-debuginfo / openjpeg2-debugsource / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:23:41", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4251 advisory.\n\n - In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5785)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that contains 1048576 files. (CVE-2021-29338)\n\n - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5727)\n\n - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). (CVE-2018-20845)\n\n - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\n - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.\n Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\n - openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : openjpeg2 (ELSA-2021-4251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2018-6616", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2023-11-23T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openjpeg2", "p-cpe:/a:oracle:linux:openjpeg2-devel", "p-cpe:/a:oracle:linux:openjpeg2-devel-docs", "p-cpe:/a:oracle:linux:openjpeg2-tools"], "id": "ORACLELINUX_ELSA-2021-4251.NASL", "href": "https://www.tenable.com/plugins/nessus/155437", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4251.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155437);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/23\");\n\n script_cve_id(\n \"CVE-2018-5727\",\n \"CVE-2018-5785\",\n \"CVE-2018-20845\",\n \"CVE-2018-20847\",\n \"CVE-2019-12973\",\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\",\n \"CVE-2021-3575\",\n \"CVE-2021-29338\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Linux 8 : openjpeg2 (ELSA-2021-4251)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4251 advisory.\n\n - In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the\n opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to\n cause a denial of service via a crafted bmp file. (CVE-2018-5785)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could\n use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of\n the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows\n an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest\n threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of\n Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that\n contains 1048576 files. (CVE-2021-29338)\n\n - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function\n (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a\n crafted bmp file. (CVE-2018-5727)\n\n - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in\n openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application\n crash). (CVE-2018-20845)\n\n - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in\n openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\n - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.\n Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a\n mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free\n may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide\n crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of\n this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially\n crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest\n threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds\n read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\n - openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4251.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3575\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openjpeg2-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openjpeg2-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-docs-2.4.0-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjpeg2 / openjpeg2-devel / openjpeg2-devel-docs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:27:25", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4251 advisory.\n\n - openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)\n\n - openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n - openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n - openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n - openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n - openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)\n\n - openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n - openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n - openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n - openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n - openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n - openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)\n\n - openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\n - openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : openjpeg2 (CESA-2021:4251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2023-11-24T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:openjpeg2", "p-cpe:/a:centos:centos:openjpeg2-devel", "p-cpe:/a:centos:centos:openjpeg2-devel-docs", "p-cpe:/a:centos:centos:openjpeg2-tools"], "id": "CENTOS8_RHSA-2021-4251.NASL", "href": "https://www.tenable.com/plugins/nessus/155186", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4251. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155186);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/24\");\n\n script_cve_id(\n \"CVE-2018-5727\",\n \"CVE-2018-5785\",\n \"CVE-2018-20845\",\n \"CVE-2018-20847\",\n \"CVE-2019-12973\",\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\",\n \"CVE-2021-3575\",\n \"CVE-2021-29338\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4251\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 8 : openjpeg2 (CESA-2021:4251)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4251 advisory.\n\n - openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c\n (CVE-2018-20845)\n\n - openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n - openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n - openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n - openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n - openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on\n by the decompressor (CVE-2020-15389)\n\n - openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n - openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n - openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n - openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n - openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n - openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp\n in openjp2/pi.c (CVE-2020-27845)\n\n - openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\n - openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4251\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3575\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openjpeg2-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openjpeg2-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-docs-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-docs-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjpeg2 / openjpeg2-devel / openjpeg2-devel-docs / openjpeg2-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:28:05", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4251 advisory.\n\n - openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)\n\n - openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n - openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n - openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n - openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n - openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)\n\n - openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n - openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n - openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n - openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n - openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n - openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)\n\n - openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\n - openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : openjpeg2 (RHSA-2021:4251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2023-11-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:openjpeg2", "p-cpe:/a:redhat:enterprise_linux:openjpeg2-devel", "p-cpe:/a:redhat:enterprise_linux:openjpeg2-devel-docs", "p-cpe:/a:redhat:enterprise_linux:openjpeg2-tools"], "id": "REDHAT-RHSA-2021-4251.NASL", "href": "https://www.tenable.com/plugins/nessus/155190", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4251. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155190);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/24\");\n\n script_cve_id(\n \"CVE-2018-5727\",\n \"CVE-2018-5785\",\n \"CVE-2018-20845\",\n \"CVE-2018-20847\",\n \"CVE-2019-12973\",\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\",\n \"CVE-2021-3575\",\n \"CVE-2021-29338\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4251\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : openjpeg2 (RHSA-2021:4251)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4251 advisory.\n\n - openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c\n (CVE-2018-20845)\n\n - openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n - openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n - openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n - openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n - openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on\n by the decompressor (CVE-2020-15389)\n\n - openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n - openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n - openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n - openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n - openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n - openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp\n in openjp2/pi.c (CVE-2020-27845)\n\n - openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\n - openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-5727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-5785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1536552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1537758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1728505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1728509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1732270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1905723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1905762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1907513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1907516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1907523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1950101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1957616\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3575\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 120, 122, 125, 190, 369, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openjpeg2-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openjpeg2-tools\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openjpeg2-2.4.0-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-docs-2.4.0-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openjpeg2-2.4.0-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-docs-2.4.0-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjpeg2 / openjpeg2-devel / openjpeg2-devel-docs / openjpeg2-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-14T14:48:17", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4251 advisory.\n\n - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5727)\n\n - In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5785)\n\n - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). (CVE-2018-20845)\n\n - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\n - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.\n Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\n - Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that contains 1048576 files. (CVE-2021-29338)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : openjpeg2 (ALSA-2021:4251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2018-6616", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2023-11-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:openjpeg2", "p-cpe:/a:alma:linux:openjpeg2-devel", "p-cpe:/a:alma:linux:openjpeg2-devel-docs", "p-cpe:/a:alma:linux:openjpeg2-tools", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4251.NASL", "href": "https://www.tenable.com/plugins/nessus/157485", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4251.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157485);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/13\");\n\n script_cve_id(\n \"CVE-2018-5727\",\n \"CVE-2018-5785\",\n \"CVE-2018-20845\",\n \"CVE-2018-20847\",\n \"CVE-2019-12973\",\n \"CVE-2020-15389\",\n \"CVE-2020-27814\",\n \"CVE-2020-27823\",\n \"CVE-2020-27824\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27845\",\n \"CVE-2021-3575\",\n \"CVE-2021-29338\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4251\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"AlmaLinux 8 : openjpeg2 (ALSA-2021:4251)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4251 advisory.\n\n - In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function\n (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a\n crafted bmp file. (CVE-2018-5727)\n\n - In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the\n opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to\n cause a denial of service via a crafted bmp file. (CVE-2018-5785)\n\n - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in\n openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application\n crash). (CVE-2018-20845)\n\n - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in\n openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\n - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.\n Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a\n mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free\n may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\n - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could\n use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of\n the user running such an application. (CVE-2020-27814)\n\n - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset\n input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\n - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows\n an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest\n threat from this vulnerability is to system availability. (CVE-2020-27824)\n\n - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide\n crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of\n this flaw is to application availability. (CVE-2020-27842)\n\n - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially\n crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest\n threat from this vulnerability is system availability. (CVE-2020-27843)\n\n - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to\n provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds\n read. The highest impact of this flaw is to application availability. (CVE-2020-27845)\n\n - Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of\n Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that\n contains 1048576 files. (CVE-2021-29338)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4251.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3575\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-20847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openjpeg2-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openjpeg2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-devel-docs-2.4.0-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openjpeg2-tools-2.4.0-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjpeg2 / openjpeg2-devel / openjpeg2-devel-docs / openjpeg2-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:13:45", "description": "The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory.\n\n - Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. (CVE-2021-2351)\n\n - Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text.\n Successful attacks of this vulnerability can result in takeover of Oracle Text. (CVE-2021-2328)\n\n - Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB.\n (CVE-2021-2329)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "Oracle Database Server Multiple Vulnerabilities (Jul 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21010", "CVE-2019-12415", "CVE-2019-12973", "CVE-2019-17545", "CVE-2019-17566", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-11987", "CVE-2020-11988", "CVE-2020-12723", "CVE-2020-13956", "CVE-2020-15389", "CVE-2020-25649", "CVE-2020-26870", "CVE-2020-27193", "CVE-2020-27814", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27844", "CVE-2020-27845", "CVE-2020-28196", "CVE-2020-7760", "CVE-2020-8908", "CVE-2021-2326", "CVE-2021-2328", "CVE-2021-2329", "CVE-2021-2330", "CVE-2021-2333", "CVE-2021-23336", "CVE-2021-2334", "CVE-2021-2335", "CVE-2021-2336", "CVE-2021-2337", "CVE-2021-2351", "CVE-2021-2438", "CVE-2021-2460"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_JUL_2021.NASL", "href": "https://www.tenable.com/plugins/nessus/152026", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152026);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\n \"CVE-2018-21010\",\n \"CVE-2019-12415\",\n \"CVE-2019-12973\",\n \"CVE-2019-17545\",\n \"CVE-2019-17566\",\n \"CVE-2020-7760\",\n \"CVE-2020-8908\",\n \"CVE-2020-10543\",\n \"CVE-2020-10878\",\n \"CVE-2020-11987\",\n \"CVE-2020-11988\",\n \"CVE-2020-12723\",\n \"CVE-2020-13956\",\n \"CVE-2020-15389\",\n \"CVE-2020-25649\",\n \"CVE-2020-26870\",\n \"CVE-2020-27193\",\n \"CVE-2020-27814\",\n \"CVE-2020-27841\",\n \"CVE-2020-27842\",\n \"CVE-2020-27843\",\n \"CVE-2020-27844\",\n \"CVE-2020-27845\",\n \"CVE-2020-28196\",\n \"CVE-2021-2326\",\n \"CVE-2021-2328\",\n \"CVE-2021-2329\",\n \"CVE-2021-2330\",\n \"CVE-2021-2333\",\n \"CVE-2021-2334\",\n \"CVE-2021-2335\",\n \"CVE-2021-2336\",\n \"CVE-2021-2337\",\n \"CVE-2021-2351\",\n \"CVE-2021-2438\",\n \"CVE-2021-2460\",\n \"CVE-2021-23336\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0330-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0001\");\n script_xref(name:\"IAVA\", value:\"2023-A-0559\");\n\n script_name(english:\"Oracle Database Server Multiple Vulnerabilities (Jul 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running a database server which is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as\nreferenced in the July 2021 CPU advisory.\n\n - Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions\n that are affected are 12.1.0.2 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require\n human interaction from a person other than the attacker and while the vulnerability is in Advanced\n Networking Option, attacks may significantly impact additional products. Successful attacks of this\n vulnerability can result in takeover of Advanced Networking Option. (CVE-2021-2351)\n\n - Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected\n are 12.1.0.2 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any\n Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text.\n Successful attacks of this vulnerability can result in takeover of Oracle Text. (CVE-2021-2328)\n\n - Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are\n affected are 12.1.0.2 and 19c. Easily exploitable vulnerability allows high privileged attacker having\n Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise\n Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB.\n (CVE-2021-2329)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpujul2021cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2021 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27844\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17545\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_rdbms::get_app_info();\n\nvar constraints = [\n # RDBMS:\n {'min_version': '19.0', 'fixed_version': '19.10.3.0.210720', 'missing_patch':'32923627', 'os':'unix', 'component':'db'},\n {'min_version': '19.0', 'fixed_version': '19.12.0.0.210720', 'missing_patch':'32832237', 'os':'win', 'component':'db'},\n {'min_version': '19.11', 'fixed_version': '19.11.1.0.210720', 'missing_patch':'32844504', 'os':'unix', 'component':'db'},\n {'min_version': '19.12', 'fixed_version': '19.12.0.0.210720', 'missing_patch':'32904851', 'os':'unix', 'component':'db'},\n \n {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.210720', 'missing_patch':'32916808', 'os':'unix', 'component':'db'},\n {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.210720', 'missing_patch':'32775037', 'os':'win', 'component':'db'},\n\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.210720', 'missing_patch':'32768233, 32917362', 'os':'unix', 'component':'db'},\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.210720', 'missing_patch':'32774982', 'os':'win', 'component':'db'},\n \n # OJVM:\n {'min_version': '19.0', 'fixed_version': '19.12.0.0.210720', 'missing_patch':'32876380', 'os':'unix', 'component':'ojvm'},\n {'min_version': '19.0', 'fixed_version': '19.12.0.0.210720', 'missing_patch':'32876380', 'os':'win', 'component':'ojvm'},\n\n {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.210720', 'missing_patch':'32876409', 'os':'unix', 'component':'ojvm'},\n {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.210720', 'missing_patch':'32905896', 'os':'win', 'component':'ojvm'},\n\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.210720', 'missing_patch':'32876425', 'os':'unix', 'component':'ojvm'},\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.210720', 'missing_patch':'32905878', 'os':'win', 'component':'ojvm'}\n];\n\nvcf::oracle_rdbms::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-12-01T17:19:05", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-10T01:15:42", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: openjpeg2-2.3.1-8.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2020-12-10T01:15:42", "id": "FEDORA:E5B6E30BA77A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IT4DFBK3FQCB3UOEAZ4XYIDFSWQRMNDX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-01T17:19:05", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-10T01:15:42", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: mingw-openjpeg2-2.3.1-9.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2020-12-10T01:15:42", "id": "FEDORA:7307C30AD43B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6OH2BX2PRCNDCLAWPR4P3562JN5KIGAL/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-01T17:19:05", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-15T01:21:20", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: mingw-openjpeg2-2.3.1-11.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2021-01-15T01:21:20", "id": "FEDORA:93A083094AEF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BI5KBYL3GGDDYUYRBM24OIB6NN74GLNP/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-01T17:19:05", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-15T01:21:20", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: openjpeg2-2.3.1-10.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2021-01-15T01:21:20", "id": "FEDORA:000423094DC3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "veracode": [{"lastseen": "2022-07-26T15:38:56", "description": "openjpeg is vulnerable to denial of service (DoS). It is possible due to a heap-buffer-overflow in lib/openjp2/mqc.c.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-23T16:51:42", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2021-04-02T14:35:38", "id": "VERACODE:28807", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28807/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-12-02T17:25:18", "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-26T18:15:00", "type": "alpinelinux", "title": "CVE-2020-27814", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2022-10-07T02:22:00", "id": "ALPINE:CVE-2020-27814", "href": "https://security.alpinelinux.org/vuln/CVE-2020-27814", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-10-07T05:50:51", "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-26T18:15:00", "type": "osv", "title": "CVE-2020-27814", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2022-10-07T02:22:00", "id": "OSV:CVE-2020-27814", "href": "https://osv.dev/vulnerability/CVE-2020-27814", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T06:29:17", "description": "\nVarious overflow errors were identified and fixed.\n\n\n* [CVE-2020-27814](https://security-tracker.debian.org/tracker/CVE-2020-27814)\nA heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files.\n* [CVE-2020-27823](https://security-tracker.debian.org/tracker/CVE-2020-27823)\nWrong computation of x1,y1 if -d option is used, resulting in heap buffer\n overflow.\n* [CVE-2020-27824](https://security-tracker.debian.org/tracker/CVE-2020-27824)\nGlobal buffer overflow on irreversible conversion when too many\n decomposition levels are specified.\n* [CVE-2020-27841](https://security-tracker.debian.org/tracker/CVE-2020-27841)\nCrafted input to be processed by the openjpeg encoder could cause an\n out-of-bounds read.\n* [CVE-2020-27844](https://security-tracker.debian.org/tracker/CVE-2020-27844)\nCrafted input to be processed by the openjpeg encoder could cause an\n out-of-bounds write.\n* [CVE-2020-27845](https://security-tracker.debian.org/tracker/CVE-2020-27845)\nCrafted input can cause out-of-bounds-read.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.1.2-1.1+deb9u6.\n\n\nWe recommend that you upgrade your openjpeg2 packages.\n\n\nFor the detailed security status of openjpeg2 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/openjpeg2>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "osv", "title": "openjpeg2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27844", "CVE-2020-27845"], "modified": "2023-06-28T06:29:08", "id": "OSV:DLA-2550-1", "href": "https://osv.dev/vulnerability/DLA-2550-1", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-07-21T08:22:25", "description": "\nMultiple vulnerabilities have been discovered in openjpeg2, the\nopen-source JPEG 2000 codec, which could result in denial of service or\nthe execution of arbitrary code when opening a malformed image.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.3.0-2+deb10u2.\n\n\nWe recommend that you upgrade your openjpeg2 packages.\n\n\nFor the detailed security status of openjpeg2 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/openjpeg2](https://security-tracker.debian.org/tracker/openjpeg2)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-01T00:00:00", "type": "osv", "title": "openjpeg2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27841", "CVE-2020-27845", "CVE-2020-27824", "CVE-2020-6851", "CVE-2020-15389", "CVE-2020-27842", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-8112", "CVE-2020-27843"], "modified": "2022-07-21T05:50:43", "id": "OSV:DSA-4882-1", "href": "https://osv.dev/vulnerability/DSA-4882-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-12-02T14:14:07", "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG\nformat files. An attacker could use this flaw to cause an application crash\nor in some cases execute arbitrary code with the permission of the user\nrunning such an application.\n\n#### Bugs\n\n * <https://github.com/uclouvain/openjpeg/issues/1283>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | check bug to see if there are more commits before fixing\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-30T00:00:00", "type": "ubuntucve", "title": "CVE-2020-27814", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2020-11-30T00:00:00", "id": "UB:CVE-2020-27814", "href": "https://ubuntu.com/security/CVE-2020-27814", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-12-01T20:50:07", "description": "A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-27T16:22:40", "type": "redhatcve", "title": "CVE-2020-27814", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814"], "modified": "2023-04-06T06:40:28", "id": "RH:CVE-2020-27814", "href": "https://access.redhat.com/security/cve/cve-2020-27814", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-02T16:53:33", "description": "A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution (CVE-2020-27814). A flaw was found in OpenJPEG\u2019s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (CVE-2020-27823). There is a flaw in openjpeg's encoder in the opj_dwt_calc_explicit_stepsizes() function. An attacker who is able to supply crafted input to decomposition levels could cause a buffer overflow, potentially causing an impact to application availability (CVE-2020-27824). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-20T14:43:28", "type": "mageia", "title": "Updated openjpeg2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824"], "modified": "2020-12-20T14:43:28", "id": "MGASA-2020-0464", "href": "https://advisories.mageia.org/MGASA-2020-0464.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-12-01T15:46:41", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * openjpeg2 \\- JPEG 2000 image compression/decompression library\n\nIt was discovered that OpenJPEG incorrectly handled certain image data. An \nattacker could use this issue to cause OpenJPEG to crash, leading to a \ndenial of service, or possibly execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-16T00:00:00", "type": "ubuntu", "title": "OpenJPEG vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27845"], "modified": "2021-03-16T00:00:00", "id": "USN-4880-1", "href": "https://ubuntu.com/security/notices/USN-4880-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-01T21:25:08", "description": "## Releases\n\n * Ubuntu 20.10 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * openjpeg2 \\- JPEG 2000 image compression/decompression library\n\nIt was discovered that OpenJPEG incorrectly handled certain image data. An \nattacker could use this issue to cause OpenJPEG to crash, leading to a \ndenial of service, or possibly execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-07T00:00:00", "type": "ubuntu", "title": "OpenJPEG vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2021-01-07T00:00:00", "id": "USN-4685-1", "href": "https://ubuntu.com/security/notices/USN-4685-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-01T21:24:59", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * ghostscript \\- PostScript and PDF interpreter\n\nIt was discovered that Ghostscript incorrectly handled certain image \nfiles. If a user or automated system were tricked into processing a \nspecially crafted file, a remote attacker could use this issue to cause \nGhostscript to crash, resulting in a denial of service, or possibly \nexecute arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-07T00:00:00", "type": "ubuntu", "title": "Ghostscript vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5727", "CVE-2020-27814", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2021-01-07T00:00:00", "id": "USN-4686-1", "href": "https://ubuntu.com/security/notices/USN-4686-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-01T20:30:57", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * openjpeg2 \\- JPEG 2000 image compression/decompression library\n\nSebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. \nIf a user or an automated system were tricked into opening a specially crafted \ninput file, a remote attacker could possibly use this issue to cause a denial \nof service or execute arbitrary code. This issue only affected Ubuntu 18.04 \nLTS. (CVE-2020-6851, CVE-2020-8112)\n\nIt was discovered that OpenJPEG incorrectly handled certain inputs. If a user \nor an automated system were tricked into opening a specially crafted input \nfile, a remote attacker could possibly use this issue to cause a denial of \nservice or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. \n(CVE-2020-15389, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, \nCVE-2020-27841, CVE-2020-27845)\n\nIt was discovered that OpenJPEG incorrectly handled certain inputs. If a user \nor an automated system were tricked into opening a specially crafted input \nfile, a remote attacker could possibly use this issue to cause a denial of \nservice. (CVE-2020-27842, CVE-2020-27843)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-03-15T00:00:00", "type": "ubuntu", "title": "OpenJPEG vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2023-03-15T00:00:00", "id": "USN-5952-1", "href": "https://ubuntu.com/security/notices/USN-5952-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2023-12-01T16:21:00", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2550-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Brian May\nFebruary 09, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : openjpeg2\nVersion : 2.1.2-1.1+deb9u6\nCVE ID : CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 \n CVE-2020-27844 CVE-2020-27845\n\nVarious overflow errors were identified and fixed.\n\nCVE-2020-27814\n\n A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files.\n\nCVE-2020-27823\n\n Wrong computation of x1,y1 if -d option is used, resulting in heap buffer\n overflow.\n\nCVE-2020-27824\n\n Global buffer overflow on irreversible conversion when too many\n decomposition levels are specified.\n\nCVE-2020-27841\n\n Crafted input to be processed by the openjpeg encoder could cause an\n out-of-bounds read.\n\nCVE-2020-27844\n\n Crafted input to be processed by the openjpeg encoder could cause an\n out-of-bounds write.\n\nCVE-2020-27845\n\n Crafted input can cause out-of-bounds-read.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.1.2-1.1+deb9u6.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nFor the detailed security status of openjpeg2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjpeg2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-08T22:03:55", "type": "debian", "title": "[SECURITY] [DLA 2550-1] openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27844", "CVE-2020-27845"], "modified": "2021-02-08T22:03:55", "id": "DEBIAN:DLA-2550-1:E200A", "href": "https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-12-02T10:16:05", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4882-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 01, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjpeg2\nCVE ID : CVE-2020-6851 CVE-2020-8112 CVE-2020-15389 CVE-2020-27814 \n CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 \n CVE-2020-27843 CVE-2020-27845\n\nMultiple vulnerabilities have been discovered in openjpeg2, the\nopen-source JPEG 2000 codec, which could result in denial of service or\nthe execution of arbitrary code when opening a malformed image.\n \nFor the stable distribution (buster), these problems have been fixed in\nversion 2.3.0-2+deb10u2.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nFor the detailed security status of openjpeg2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjpeg2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-01T19:50:00", "type": "debian", "title": "[SECURITY] [DSA 4882-1] openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2021-04-01T19:50:00", "id": "DEBIAN:DSA-4882-1:5EC6A", "href": "https://lists.debian.org/debian-security-announce/2021/msg00063.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for openjpeg2 fixes the following issues:\n\n - CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp,\n pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in\n openmj2/pi.c (bsc#1140205).\n - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile\n in bin/common/color.c (bsc#1149789).\n - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c\n (bsc#1179594),\n - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes()\n (bsc#1179821).\n - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c\n (bsc#1180042).\n - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset\n function in lib/openjp2/tgt.c (bsc#1180043).\n - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in\n openjp2/t2.c (bsc#1180044).\n - CVE-2020-27845: Fixed heap-based buffer over-read in functions\n opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in\n openjp2/pi.c (bsc#1180046).\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-3802=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-3802=1\n\n - SUSE Manager Server 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3802=1\n\n - SUSE Manager Retail Branch Server 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3802=1\n\n - SUSE Manager Proxy 4.1:\n\n zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3802=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP2:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3802=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3802=1\n\n - SUSE Linux Enterprise Server for SAP 15:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3802=1\n\n - SUSE Linux Enterprise Server 15-SP2-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3802=1\n\n - SUSE Linux Enterprise Server 15-SP2-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3802=1\n\n - SUSE Linux Enterprise Server 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3802=1\n\n - SUSE Linux Enterprise Server 15-SP1-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3802=1\n\n - SUSE Linux Enterprise Server 15-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3802=1\n\n - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3802=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP4:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3802=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3802=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3802=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3802=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3802=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3802=1\n\n - SUSE Linux Enterprise High Performance Computing 15-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3802=1\n\n - SUSE Linux Enterprise High Performance Computing 15-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3802=1\n\n - SUSE Enterprise Storage 7:\n\n zypper in -t patch SUSE-Storage-7-2022-3802=1\n\n - SUSE Enterprise Storage 6:\n\n zypper in -t patch SUSE-Storage-6-2022-3802=1\n\n - SUSE CaaS Platform 4.0:\n\n To install this update, use the SUSE CaaS Platform 'skuba' tool. It\n will inform you if it detects new updates and let you then trigger\n updating of the complete cluster in a controlled way.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-27T00:00:00", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20846", "CVE-2018-21010", "CVE-2020-27814", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845"], "modified": "2022-10-27T00:00:00", "id": "SUSE-SU-2022:3802-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7S57MSLFOXKSN4DSWOVPVQNRS72IX7UN/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2023-12-02T16:57:02", "description": "### Background\n\nOpenJPEG is an open-source JPEG 2000 library.\n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenJPEG 2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/openjpeg-2.4.0:2\"\n \n\nGentoo has discontinued support OpenJPEG 1.x and any dependent packages should now be using OpenJPEG 2 or have dropped support for the library. We recommend that users unmerge OpenJPEG 1.x: \n \n \n # emerge --unmerge \"media-libs/openjpeg:1\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-26T00:00:00", "type": "gentoo", "title": "OpenJPEG: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21010", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27844", "CVE-2020-27845"], "modified": "2021-01-26T00:00:00", "id": "GLSA-202101-29", "href": "https://security.gentoo.org/glsa/202101-29", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "cloudfoundry": [{"lastseen": "2023-12-02T16:48:29", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nSebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-6851, CVE-2020-8112) It was discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-15389, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, CVE-2020-27841, CVE-2020-27845) It was discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-27842, CVE-2020-27843) Update Instructions: Run `sudo pro fix USN-5952-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-tools \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjpip-server \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjpip-viewer \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjp3d-tools \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjpip7 \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjp2-7 \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjp2-7-dev \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjp3d7 \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 libopenjpip-dec-server \u2013 2.1.2-1.1+deb9u6ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro\n\nCVEs contained in this USN include: CVE-2020-27842, CVE-2020-27845, CVE-2020-27814, CVE-2020-27841, CVE-2020-6851, CVE-2020-27824, CVE-2020-27843, CVE-2020-8112, CVE-2020-27823, CVE-2020-15389.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.357.0\n * CF Deployment \n * All versions prior to 27.4.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade all versions to 0.357.0 or greater\n * CF Deployment \n * Upgrade all versions to 27.4.0 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5952-1>)\n * [CVE-2020-27842](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27842>)\n * [CVE-2020-27845](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27845>)\n * [CVE-2020-27814](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27814>)\n * [CVE-2020-27841](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27841>)\n * [CVE-2020-6851](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6851>)\n * [CVE-2020-27824](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27824>)\n * [CVE-2020-27843](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27843>)\n * [CVE-2020-8112](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8112>)\n * [CVE-2020-27823](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27823>)\n * [CVE-2020-15389](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15389>)\n\n## History\n\n2023-04-29: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-04-29T00:00:00", "type": "cloudfoundry", "title": "USN-5952-1: OpenJPEG vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2023-04-29T00:00:00", "id": "CFOUNDRY:CF99469AEE85FAA4A2723DEF330B8E4B", "href": "https://www.cloudfoundry.org/blog/usn-5952-1-openjpeg-vulnerabilities/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "archlinux": [{"lastseen": "2023-12-02T16:46:10", "description": "Arch Linux Security Advisory ASA-202012-21\n==========================================\n\nSeverity: Medium\nDate : 2020-12-09\nCVE-ID : CVE-2019-12973 CVE-2020-6851 CVE-2020-8112 CVE-2020-15389\nCVE-2020-27814 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842\nCVE-2020-27843 CVE-2020-27845\nPackage : openjpeg2\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-1339\n\nSummary\n=======\n\nThe package openjpeg2 before version 2.4.0-1 is vulnerable to multiple\nissues including arbitrary code execution and denial of service.\n\nResolution\n==========\n\nUpgrade to 2.4.0-1.\n\n# pacman -Syu \"openjpeg2>=2.4.0-1\"\n\nThe problems have been fixed upstream in version 2.4.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2019-12973 (denial of service)\n\nIn OpenJPEG before version 2.4.0, there is excessive iteration in the\nopj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could\nleverage this vulnerability to cause a denial of service via a crafted\nbmp file. This issue is similar to CVE-2018-6616.\n\n- CVE-2020-6851 (arbitrary code execution)\n\nOpenJPEG before version 2.4.0 has a heap-based buffer overflow in\nopj_t1_clbl_decode_processor in openjp2/t1.c because of lack of\nopj_j2k_update_image_dimensions validation.\n\n- CVE-2020-8112 (arbitrary code execution)\n\nopj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG before version\n2.4.0 has a heap-based buffer overflow in the qmfbid==1 case, a\ndifferent issue than CVE-2020-6851.\n\n- CVE-2020-15389 (denial of service)\n\njp2/opj_decompress.c in OpenJPEG before version 2.4.0 has a use-after-\nfree that can be triggered if there is a mix of valid and invalid files\nin a directory operated on by the decompressor. Triggering a double-\nfree may also be possible. This is related to calling opj_image_destroy\ntwice.\n\n- CVE-2020-27814 (arbitrary code execution)\n\nA heap-buffer overwrite error was discovered in lib/openjp2/mqc.c in\nOpenJPEG before version 2.4.0. The vulnerability causes an out-of-\nbounds write, which may lead to remote denial of service or possibly\nremote code execution.\n\n- CVE-2020-27824 (denial of service)\n\nIn OpenJPEG before version 2.4.0, if too many decomposition levels are\nsupplied to the encoder, it could cause a global buffer overflow to\nout-of-bounds read in the opj_dwt_calc_explicit_stepsizes() function.\n\n- CVE-2020-27841 (denial of service)\n\nAn out-of-bounds read was discovered in lib/openjp2/pi.c:623 in\nOpenJPEG before version 2.4.0.\n\n- CVE-2020-27842 (denial of service)\n\nA null pointer dereference issue was found in lib/openjp2/tgt.c when a\nsmall precincts size, the option \"-TP C\" and non (0,0) grid offset are\ngiven in OpenJPEG before version 2.4.0.\n\n- CVE-2020-27843 (denial of service)\n\nAn out-of-bounds read was found in opj_t2_encode_packet when small\nprecincts and an origin shift are given in OpenJPEG before version\n2.4.0.\n\n- CVE-2020-27845 (denial of service)\n\nAn out-of-bounds read was discovered in lib/openjp2/pi.c:312 in\nOpenJPEG before version 2.4.0.\n\nImpact\n======\n\nA local attacker might be able to execute arbitrary code or crash the\napplication via crafted JPEG content.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/68906\nhttps://github.com/uclouvain/openjpeg/issues/1222\nhttps://github.com/uclouvain/openjpeg/pull/1185\nhttps://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3\nhttps://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66\nhttps://github.com/uclouvain/openjpeg/issues/1228\nhttps://github.com/uclouvain/openjpeg/pull/1229\nhttps://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04\nhttps://github.com/uclouvain/openjpeg/issues/1231\nhttps://github.com/uclouvain/openjpeg/pull/1232\nhttps://github.com/uclouvain/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074\nhttps://github.com/uclouvain/openjpeg/issues/1261\nhttps://github.com/uclouvain/openjpeg/pull/1262\nhttps://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0\nhttps://github.com/uclouvain/openjpeg/issues/1283\nhttps://github.com/uclouvain/openjpeg/pull/1303\nhttps://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9\nhttps://github.com/uclouvain/openjpeg/issues/1286\nhttps://github.com/uclouvain/openjpeg/pull/1292\nhttps://github.com/uclouvain/openjpeg/commit/6daf5f3e1ec6eff03b7982889874a3de6617db8d\nhttps://github.com/uclouvain/openjpeg/issues/1293\nhttps://github.com/uclouvain/openjpeg/pull/1295\nhttps://github.com/uclouvain/openjpeg/pull/1300\nhttps://github.com/uclouvain/openjpeg/commit/c9380ed0f8cc4794fc71d556ea23ae61e32247af\nhttps://github.com/uclouvain/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce\nhttps://github.com/uclouvain/openjpeg/issues/1294\nhttps://github.com/uclouvain/openjpeg/pull/1296\nhttps://github.com/uclouvain/openjpeg/commit/fbd30b064f8f9607d500437b6fedc41431fd6cdc\nhttps://github.com/uclouvain/openjpeg/issues/1297\nhttps://github.com/uclouvain/openjpeg/pull/1298\nhttps://github.com/uclouvain/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121\nhttps://github.com/uclouvain/openjpeg/issues/1302\nhttps://github.com/uclouvain/openjpeg/pull/1304\nhttps://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63\nhttps://security.archlinux.org/CVE-2019-12973\nhttps://security.archlinux.org/CVE-2020-6851\nhttps://security.archlinux.org/CVE-2020-8112\nhttps://security.archlinux.org/CVE-2020-15389\nhttps://security.archlinux.org/CVE-2020-27814\nhttps://security.archlinux.org/CVE-2020-27824\nhttps://security.archlinux.org/CVE-2020-27841\nhttps://security.archlinux.org/CVE-2020-27842\nhttps://security.archlinux.org/CVE-2020-27843\nhttps://security.archlinux.org/CVE-2020-27845", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "archlinux", "title": "[ASA-202012-21] openjpeg2: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6616", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27824", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2020-12-09T00:00:00", "id": "ASA-202012-21", "href": "https://security.archlinux.org/ASA-202012-21", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "almalinux": [{"lastseen": "2023-12-02T17:27:12", "description": "OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nThe following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0).\n\nSecurity Fix(es):\n\n* openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)\n\n* openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n* openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n* openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\n* openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n* openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n* openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)\n\n* openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n* openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n* openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n* openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n* openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n* openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)\n\n* openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-09T08:51:11", "type": "almalinux", "title": "Moderate: openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2021-11-09T12:59:02", "id": "ALSA-2021:4251", "href": "https://errata.almalinux.org/8/ALSA-2021-4251.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2023-12-01T16:41:10", "description": "OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nThe following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0).\n\nSecurity Fix(es):\n\n* openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)\n\n* openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n* openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n* openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\n* openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n* openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n* openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)\n\n* openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n* openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n* openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n* openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n* openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n* openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)\n\n* openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-09T08:51:11", "type": "redhat", "title": "(RHSA-2021:4251) Moderate: openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2021-11-09T14:11:36", "id": "RHSA-2021:4251", "href": "https://access.redhat.com/errata/RHSA-2021:4251", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-02T15:43:23", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T06:27:36", "type": "redhat", "title": "(RHSA-2022:0202) Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2018-20845", "CVE-2018-20847", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-13558", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-15389", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-18032", "CVE-2020-24370", "CVE-2020-24870", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27828", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36241", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20271", "CVE-2021-20321", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-26926", "CVE-2021-26927", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28650", "CVE-2021-29338", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-3272", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3575", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3733", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-3948", "CVE-2021-41617", "CVE-2021-42574", "CVE-2021-43527"], "modified": "2022-01-20T06:28:12", "id": "RHSA-2022:0202", "href": "https://access.redhat.com/errata/RHSA-2022:0202", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-11-16T22:30:44", "description": "[2.4.0-4]\n- Fix Covscan defect\n[2.4.0-3]\n- Fix CVE-2021-3575 (#1969279)\n- Fix resource leak identified by Covscan\n[2.4.0-2]\n- Fix CVE-2021-29338 (#1951332)\n[2.4.0-1]\n- Rebase to 2.4.0\n- Resolves: CVE-2018-5727 (#1538467)\n- Resolves: CVE-2018-5785 (#1538556)\n- Resolves: CVE-2018-20845 (#1730679)\n- Resolves: CVE-2018-20847 (#1734337)\n- Resolves: CVE-2019-12973 (#1739076)\n- Resolves: CVE-2020-15389 (#1855115)\n- Resolves: CVE-2020-27814 (#1908965)\n- Resolves: CVE-2020-27823 (#1906222)\n- Resolves: CVE-2020-27824 (#1906216)\n- Resolves: CVE-2020-27842 (#1908165)\n- Resolves: CVE-2020-27843 (#1908164)\n- Resolves: CVE-2020-27845 (#1908168)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2021-11-16T00:00:00", "type": "oraclelinux", "title": "openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2021-11-16T00:00:00", "id": "ELSA-2021-4251", "href": "http://linux.oracle.com/errata/ELSA-2021-4251.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "rocky": [{"lastseen": "2023-12-02T17:27:59", "description": "An update is available for openjpeg2.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nOpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nThe following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0).\n\nSecurity Fix(es):\n\n* openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389)\n\n* openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814)\n\n* openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823)\n\n* openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575)\n\n* openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727)\n\n* openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)\n\n* openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845)\n\n* openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847)\n\n* openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973)\n\n* openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824)\n\n* openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842)\n\n* openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843)\n\n* openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845)\n\n* openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-09T08:51:11", "type": "rocky", "title": "openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2021-11-09T08:51:11", "id": "RLSA-2021:4251", "href": "https://errata.rockylinux.org/RLSA-2021:4251", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2023-12-02T17:34:56", "description": "**Issue Overview:**\n\nDivision-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). (CVE-2018-20845)\n\nAn improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\nIn OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5727)\n\nIn OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-5785)\n\nIn OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\njp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\nA heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. (CVE-2020-27814)\n\nA flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27823)\n\nA flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. (CVE-2020-27824)\n\nA flaw was found in OpenJPEG's t2 encoder. This flaw allows an attacker who can provide crafted input to be processed by OpenJPEG to cause a NULL pointer dereference issue. The highest threat to this vulnerability is to system availability. (CVE-2020-27842)\n\nA flaw was found in OpenJPEG. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)\n\nA flaw was found in the src/lib/openjp2/pi.c function of OpenJPEG. This flaw allows an attacker who can provide untrusted input to OpenJPEG's conversion/encoding functionality to cause an out-of-bounds read. The highest impact from this vulnerability is to system availability. (CVE-2020-27845)\n\nThere is a flaw in the opj2_compress program in openjpeg2. An attacker who is able to submit a large number of image files to be processed in a directory by opj2_compress, could trigger a heap out-of-bounds write due to an integer overflow, which is caused by the large number of image files. The greatest threat posed by this flaw is to confidentiality, integrity, and availability. (CVE-2021-29338)\n\nA heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG. (CVE-2021-3575)\n\n \n**Affected Packages:** \n\n\nopenjpeg2\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update openjpeg2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 openjpeg2-2.4.0-4.amzn2.aarch64 \n \u00a0\u00a0\u00a0 openjpeg2-devel-2.4.0-4.amzn2.aarch64 \n \u00a0\u00a0\u00a0 openjpeg2-tools-2.4.0-4.amzn2.aarch64 \n \u00a0\u00a0\u00a0 openjpeg2-debuginfo-2.4.0-4.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 openjpeg2-2.4.0-4.amzn2.i686 \n \u00a0\u00a0\u00a0 openjpeg2-devel-2.4.0-4.amzn2.i686 \n \u00a0\u00a0\u00a0 openjpeg2-tools-2.4.0-4.amzn2.i686 \n \u00a0\u00a0\u00a0 openjpeg2-debuginfo-2.4.0-4.amzn2.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 openjpeg2-devel-docs-2.4.0-4.amzn2.noarch \n \n src: \n \u00a0\u00a0\u00a0 openjpeg2-2.4.0-4.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 openjpeg2-2.4.0-4.amzn2.x86_64 \n \u00a0\u00a0\u00a0 openjpeg2-devel-2.4.0-4.amzn2.x86_64 \n \u00a0\u00a0\u00a0 openjpeg2-tools-2.4.0-4.amzn2.x86_64 \n \u00a0\u00a0\u00a0 openjpeg2-debuginfo-2.4.0-4.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2018-20845](<https://access.redhat.com/security/cve/CVE-2018-20845>), [CVE-2018-20847](<https://access.redhat.com/security/cve/CVE-2018-20847>), [CVE-2018-5727](<https://access.redhat.com/security/cve/CVE-2018-5727>), [CVE-2018-5785](<https://access.redhat.com/security/cve/CVE-2018-5785>), [CVE-2019-12973](<https://access.redhat.com/security/cve/CVE-2019-12973>), [CVE-2020-15389](<https://access.redhat.com/security/cve/CVE-2020-15389>), [CVE-2020-27814](<https://access.redhat.com/security/cve/CVE-2020-27814>), [CVE-2020-27823](<https://access.redhat.com/security/cve/CVE-2020-27823>), [CVE-2020-27824](<https://access.redhat.com/security/cve/CVE-2020-27824>), [CVE-2020-27842](<https://access.redhat.com/security/cve/CVE-2020-27842>), [CVE-2020-27843](<https://access.redhat.com/security/cve/CVE-2020-27843>), [CVE-2020-27845](<https://access.redhat.com/security/cve/CVE-2020-27845>), [CVE-2021-29338](<https://access.redhat.com/security/cve/CVE-2021-29338>), [CVE-2021-3575](<https://access.redhat.com/security/cve/CVE-2021-3575>)\n\nMitre: [CVE-2018-20845](<https://vulners.com/cve/CVE-2018-20845>), [CVE-2018-20847](<https://vulners.com/cve/CVE-2018-20847>), [CVE-2018-5727](<https://vulners.com/cve/CVE-2018-5727>), [CVE-2018-5785](<https://vulners.com/cve/CVE-2018-5785>), [CVE-2019-12973](<https://vulners.com/cve/CVE-2019-12973>), [CVE-2020-15389](<https://vulners.com/cve/CVE-2020-15389>), [CVE-2020-27814](<https://vulners.com/cve/CVE-2020-27814>), [CVE-2020-27823](<https://vulners.com/cve/CVE-2020-27823>), [CVE-2020-27824](<https://vulners.com/cve/CVE-2020-27824>), [CVE-2020-27842](<https://vulners.com/cve/CVE-2020-27842>), [CVE-2020-27843](<https://vulners.com/cve/CVE-2020-27843>), [CVE-2020-27845](<https://vulners.com/cve/CVE-2020-27845>), [CVE-2021-29338](<https://vulners.com/cve/CVE-2021-29338>), [CVE-2021-3575](<https://vulners.com/cve/CVE-2021-3575>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-18T21:37:00", "type": "amazon", "title": "Medium: openjpeg2", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20845", "CVE-2018-20847", "CVE-2018-5727", "CVE-2018-5785", "CVE-2018-6616", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2021-29338", "CVE-2021-3575"], "modified": "2022-01-20T19:31:00", "id": "ALAS2-2022-1741", "href": "https://alas.aws.amazon.com/AL2/ALAS-2022-1741.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2023-12-01T20:20:37", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 327 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2023 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2917173.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-01-17T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2023", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7536", "CVE-2018-1273", "CVE-2018-21010", "CVE-2018-25032", "CVE-2018-7489", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12973", "CVE-2019-17571", "CVE-2019-7317", "CVE-2020-0466", "CVE-2020-10543", "CVE-2020-10683", "CVE-2020-10693", "CVE-2020-10735", "CVE-2020-10878", "CVE-2020-11979", "CVE-2020-11987", "CVE-2020-12723", "CVE-2020-13920", "CVE-2020-13956", "CVE-2020-14392", "CVE-2020-14393", "CVE-2020-15250", "CVE-2020-15389", "CVE-2020-16156", "CVE-2020-27814", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27844", "CVE-2020-27845", "CVE-2020-36242", "CVE-2020-36518", "CVE-2020-5408", "CVE-2021-0920", "CVE-2021-21290", "CVE-2021-21708", "CVE-2021-23358", "CVE-2021-2351", "CVE-2021-29338", "CVE-2021-29425", "CVE-2021-30641", "CVE-2021-31805", "CVE-2021-31811", "CVE-2021-31812", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-3629", "CVE-2021-36483", "CVE-2021-36770", "CVE-2021-3737", "CVE-2021-37533", "CVE-2021-37750", "CVE-2021-3918", "CVE-2021-40528", "CVE-2021-4104", "CVE-2021-41182", "CVE-2021-41183", "CVE-2021-41184", "CVE-2021-41411", "CVE-2021-4155", "CVE-2021-42717", "CVE-2021-43797", "CVE-2021-44228", "CVE-2021-44531", "CVE-2021-44532", "CVE-2021-44832", "CVE-2021-45105", "CVE-2022-0084", "CVE-2022-0492", "CVE-2022-0934", "CVE-2022-1122", "CVE-2022-1259", "CVE-2022-1304", "CVE-2022-1319", "CVE-2022-1941", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-2053", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21499", "CVE-2022-21597", "CVE-2022-21824", "CVE-2022-2191", "CVE-2022-22721", "CVE-2022-2274", "CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22970", "CVE-2022-22971", "CVE-2022-22976", "CVE-2022-22978", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23221", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307", "CVE-2022-23308", "CVE-2022-23437", "CVE-2022-23457", "CVE-2022-24329", "CVE-2022-24407", "CVE-2022-24823", "CVE-2022-24839", "CVE-2022-24891", "CVE-2022-24903", "CVE-2022-2509", "CVE-2022-25169", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-2526", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-25315", "CVE-2022-25647", "CVE-2022-25857", "CVE-2022-26336", "CVE-2022-26377", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-2764", "CVE-2022-27778", "CVE-2022-27779", "CVE-2022-27780", "CVE-2022-27781", "CVE-2022-27782", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-29824", "CVE-2022-29885", "CVE-2022-30115", "CVE-2022-30126", "CVE-2022-3028", "CVE-2022-30293", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31129", "CVE-2022-31625", "CVE-2022-31626", "CVE-2022-31627", "CVE-2022-31628", "CVE-2022-31629", "CVE-2022-31690", "CVE-2022-31692", "CVE-2022-3171", "CVE-2022-31813", "CVE-2022-32212", "CVE-2022-32213", "CVE-2022-32214", "CVE-2022-32215", "CVE-2022-32221", "CVE-2022-33980", "CVE-2022-34169", "CVE-2022-34305", "CVE-2022-34917", "CVE-2022-3509", "CVE-2022-3510", "CVE-2022-35260", "CVE-2022-35737", "CVE-2022-3602", "CVE-2022-36033", "CVE-2022-36055", "CVE-2022-37434", "CVE-2022-37454", "CVE-2022-3786", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-39271", "CVE-2022-39429", "CVE-2022-40146", "CVE-2022-40149", "CVE-2022-40150", "CVE-2022-40153", "CVE-2022-40303", "CVE-2022-40304", "CVE-2022-40664", "CVE-2022-4147", "CVE-2022-41717", "CVE-2022-41720", "CVE-2022-41853", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-4200", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42252", "CVE-2022-42889", "CVE-2022-42915", "CVE-2022-42916", "CVE-2022-42920", "CVE-2022-43403", "CVE-2022-43404", "CVE-2022-43548", "CVE-2022-43680", "CVE-2022-45047", "CVE-2023-21824", "CVE-2023-21825", "CVE-2023-21826", "CVE-2023-21827", "CVE-2023-21828", "CVE-2023-21829", "CVE-2023-21830", "CVE-2023-21831", "CVE-2023-21832", "CVE-2023-21834", "CVE-2023-21835", "CVE-2023-21836", "CVE-2023-21837", "CVE-2023-21838", "CVE-2023-21839", "CVE-2023-21840", "CVE-2023-21841", "CVE-2023-21842", "CVE-2023-21843", "CVE-2023-21844", "CVE-2023-21845", "CVE-2023-21846", "CVE-2023-21847", "CVE-2023-21848", "CVE-2023-21849", "CVE-2023-21850", "CVE-2023-21851", "CVE-2023-21852", "CVE-2023-21853", "CVE-2023-21854", "CVE-2023-21855", "CVE-2023-21856", "CVE-2023-21857", "CVE-2023-21858", "CVE-2023-21859", "CVE-2023-21860", "CVE-2023-21861", "CVE-2023-21862", "CVE-2023-21863", "CVE-2023-21864", "CVE-2023-21865", "CVE-2023-21866", "CVE-2023-21867", "CVE-2023-21868", "CVE-2023-21869", "CVE-2023-21870", "CVE-2023-21871", "CVE-2023-21872", "CVE-2023-21873", "CVE-2023-21874", "CVE-2023-21875", "CVE-2023-21876", "CVE-2023-21877", "CVE-2023-21878", "CVE-2023-21879", "CVE-2023-21880", "CVE-2023-21881", "CVE-2023-21882", "CVE-2023-21883", "CVE-2023-21884", "CVE-2023-21885", "CVE-2023-21886", "CVE-2023-21887", "CVE-2023-21888", "CVE-2023-21889", "CVE-2023-21890", "CVE-2023-21891", "CVE-2023-21892", "CVE-2023-21893", "CVE-2023-21894", "CVE-2023-21898", "CVE-2023-21899", "CVE-2023-21900"], "modified": "2023-02-27T00:00:00", "id": "ORACLE:CPUJAN2023", "href": "https://www.oracle.com/security-alerts/cpujan2023.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-01T20:21:26", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 342 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2788740.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-07-20T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0881", "CVE-2015-0254", "CVE-2016-0762", "CVE-2016-4429", "CVE-2017-14735", "CVE-2017-16931", "CVE-2017-3735", "CVE-2017-5461", "CVE-2017-5637", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-15686", "CVE-2018-21010", "CVE-2018-7160", "CVE-2018-7183", "CVE-2019-0190", "CVE-2019-0201", "CVE-2019-0205", "CVE-2019-0210", "CVE-2019-0219", "CVE-2019-0228", "CVE-2019-10086", "CVE-2019-10173", "CVE-2019-10746", "CVE-2019-11358", "CVE-2019-12260", "CVE-2019-12399", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12973", "CVE-2019-13990", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17195", "CVE-2019-17531", "CVE-2019-17543", "CVE-2019-17545", "CVE-2019-17566", "CVE-2019-20330", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2897", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5063", "CVE-2019-5064", "CVE-2020-10543", "CVE-2020-10683", "CVE-2020-10878", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11612", "CVE-2020-11868", "CVE-2020-11973", "CVE-2020-11979", "CVE-2020-11987", "CVE-2020-11988", "CVE-2020-11998", "CVE-2020-12723", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13949", "CVE-2020-13956", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-14756", "CVE-2020-15389", "CVE-2020-17521", "CVE-2020-17527", "CVE-2020-17530", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1967", "CVE-2020-1968", "CVE-2020-1971", "CVE-2020-24553", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-2555", "CVE-2020-25638", "CVE-2020-25648", "CVE-2020-25649", "CVE-2020-2604", "CVE-2020-26217", "CVE-2020-26870", "CVE-2020-27193", "CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27783", "CVE-2020-27814", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27844", "CVE-2020-27845", "CVE-2020-28052", "CVE-2020-28196", "CVE-2020-28928", "CVE-2020-29582", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35728", "CVE-2020-36179", "CVE-2020-36180", "CVE-2020-36181", "CVE-2020-36182", "CVE-2020-36183", "CVE-2020-36184", "CVE-2020-36185", "CVE-2020-36186", "CVE-2020-36187", "CVE-2020-36188", "CVE-2020-36189", "CVE-2020-5258", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5413", "CVE-2020-5421", "CVE-2020-7016", "CVE-2020-7017", "CVE-2020-7712", "CVE-2020-7733", "CVE-2020-7760", "CVE-2020-8174", "CVE-2020-8203", "CVE-2020-8277", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8554", "CVE-2020-8908", "CVE-2020-9484", "CVE-2020-9489", "CVE-2021-20190", "CVE-2021-20227", "CVE-2021-21275", "CVE-2021-21290", "CVE-2021-21341", "CVE-2021-21342", "CVE-2021-21343", "CVE-2021-21344", "CVE-2021-21345", "CVE-2021-21346", "CVE-2021-21347", "CVE-2021-21348", "CVE-2021-21349", "CVE-2021-21350", "CVE-2021-21351", "CVE-2021-21409", "CVE-2021-22112", "CVE-2021-22118", "CVE-2021-2244", "CVE-2021-22876", "CVE-2021-22883", "CVE-2021-22884", "CVE-2021-22890", "CVE-2021-22897", "CVE-2021-22898", "CVE-2021-22901", "CVE-2021-2323", "CVE-2021-2324", "CVE-2021-2326", "CVE-2021-2328", "CVE-2021-2329", "CVE-2021-2330", "CVE-2021-2333", "CVE-2021-23336", "CVE-2021-2334", "CVE-2021-2335", "CVE-2021-2336", "CVE-2021-2337", "CVE-2021-2338", "CVE-2021-2339", "CVE-2021-2340", "CVE-2021-2341", "CVE-2021-2342", "CVE-2021-2343", "CVE-2021-2344", "CVE-2021-2345", "CVE-2021-2346", "CVE-2021-2347", "CVE-2021-2348", "CVE-2021-2349", "CVE-2021-2350", "CVE-2021-2351", "CVE-2021-2352", "CVE-2021-2353", "CVE-2021-2354", "CVE-2021-2355", "CVE-2021-2356", "CVE-2021-2357", "CVE-2021-2358", "CVE-2021-2359", "CVE-2021-2360", "CVE-2021-2361", "CVE-2021-2362", "CVE-2021-2363", "CVE-2021-2364", "CVE-2021-2365", "CVE-2021-2366", "CVE-2021-2367", "CVE-2021-2368", "CVE-2021-2369", "CVE-2021-2370", "CVE-2021-2371", "CVE-2021-2372", "CVE-2021-2373", "CVE-2021-2374", "CVE-2021-2375", "CVE-2021-2376", "CVE-2021-2377", "CVE-2021-2378", "CVE-2021-2380", "CVE-2021-2381", "CVE-2021-2382", "CVE-2021-2383", "CVE-2021-23839", "CVE-2021-2384", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-2385", "CVE-2021-2386", "CVE-2021-2387", "CVE-2021-2388", "CVE-2021-2389", "CVE-2021-2390", "CVE-2021-2391", "CVE-2021-2392", "CVE-2021-2393", "CVE-2021-2394", "CVE-2021-2395", "CVE-2021-2396", "CVE-2021-2397", "CVE-2021-2398", "CVE-2021-2399", "CVE-2021-2400", "CVE-2021-2401", "CVE-2021-2402", "CVE-2021-2403", "CVE-2021-2404", "CVE-2021-2405", "CVE-2021-2406", "CVE-2021-2407", "CVE-2021-2408", "CVE-2021-2409", "CVE-2021-2410", "CVE-2021-2411", "CVE-2021-2412", "CVE-2021-24122", "CVE-2021-2415", "CVE-2021-2417", "CVE-2021-2418", "CVE-2021-2419", "CVE-2021-2420", "CVE-2021-2421", "CVE-2021-2422", "CVE-2021-2423", "CVE-2021-2424", "CVE-2021-2425", "CVE-2021-2426", "CVE-2021-2427", "CVE-2021-2428", "CVE-2021-2429", "CVE-2021-2430", "CVE-2021-2431", "CVE-2021-2432", "CVE-2021-2433", "CVE-2021-2434", "CVE-2021-2435", "CVE-2021-2436", "CVE-2021-2437", "CVE-2021-2438", "CVE-2021-2439", "CVE-2021-2440", "CVE-2021-2441", "CVE-2021-2442", "CVE-2021-2443", "CVE-2021-2444", "CVE-2021-2445", "CVE-2021-2446", "CVE-2021-2447", "CVE-2021-2448", "CVE-2021-2449", "CVE-2021-2450", "CVE-2021-2451", "CVE-2021-2452", "CVE-2021-2453", "CVE-2021-2454", "CVE-2021-2455", "CVE-2021-2456", "CVE-2021-2457", "CVE-2021-2458", "CVE-2021-2460", "CVE-2021-2462", "CVE-2021-2463", "CVE-2021-25122", "CVE-2021-25329", "CVE-2021-26117", "CVE-2021-26271", "CVE-2021-26272", "CVE-2021-27568", "CVE-2021-27807", "CVE-2021-27906", "CVE-2021-28041", "CVE-2021-29921", "CVE-2021-30369", "CVE-2021-30640", "CVE-2021-3156", "CVE-2021-3177", "CVE-2021-31811", "CVE-2021-33037", "CVE-2021-3345", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-3520", "CVE-2021-3560"], "modified": "2021-09-03T00:00:00", "id": "ORACLE:CPUJUL2021", "href": "https://www.oracle.com/security-alerts/cpujul2021.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}