DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIAN:DSA-2036-1:3D422", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 2036-1] New jasper packages fix denial of service", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2036-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nApril 17, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : jasper\nVulnerability : programming error\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-2721\nDebian Bug : 528543\n\nIt was discovered that the JasPer JPEG-2000 runtime library allowed an\nattacker to create a crafted input file that could lead to denial of\nservice and heap corruption.\n\nBesides addressing this vulnerability, this updates also addresses a\nregression introduced in the security fix for CVE-2008-3521, applied\nbefore Debian Lenny's release, that could cause errors when reading some\nJPEG input files.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.900.1-5.1+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.900.1-6.\n\nWe recommend that you upgrade your jasper package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1.orig.tar.gz\n Size/MD5 checksum: 1143400 4ae3dd938fd15f22f30577db5c9f27e9\n http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1-5.1+lenny1.dsc\n Size/MD5 checksum: 1396 f6ad7206fc3fd1897dcf43da8841305c\n http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1-5.1+lenny1.diff.gz\n Size/MD5 checksum: 38678 e9adb496921f3436fbe44fa5e1090b47\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_alpha.deb\n Size/MD5 checksum: 27158 e35615faa008e6a7cd9393220efc0f92\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_alpha.deb\n Size/MD5 checksum: 163614 0bc92651333b09fbc86cb8d3a515e39f\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_alpha.deb\n Size/MD5 checksum: 605364 f9083e52384368faad9eb55f43853d91\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_amd64.deb\n Size/MD5 checksum: 154896 e919bc45ce2adcebd3485634ade788e7\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_amd64.deb\n Size/MD5 checksum: 26194 20b30a3127443bb0ecbbb7d44140a6a0\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_amd64.deb\n Size/MD5 checksum: 562728 8062308efa68f1a617b3a46af852d98c\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_arm.deb\n Size/MD5 checksum: 23212 e01e8834f6c6399acce208c03abbfd0e\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_arm.deb\n Size/MD5 checksum: 136944 0bbde4de786beaa5cfbc543cdc6cc2b1\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_arm.deb\n Size/MD5 checksum: 544968 5dd39d7ee327b07efea5cc8ee06d3161\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_armel.deb\n Size/MD5 checksum: 143230 b79e933ba9fe73fd836bc7b6768ca78a\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_armel.deb\n Size/MD5 checksum: 26654 4b28d750a16b75a1934892db0a680ded\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_armel.deb\n Size/MD5 checksum: 550056 52f692481158f4dabaec759c583dfc8d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_hppa.deb\n Size/MD5 checksum: 25818 0c345b76b85c2869b3ae7dc02224ad6f\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_hppa.deb\n Size/MD5 checksum: 161786 5784a0326ea67a2abacc2215d39f15af\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_hppa.deb\n Size/MD5 checksum: 577476 4e76883edcaffc36ddafc1f265ce0611\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_i386.deb\n Size/MD5 checksum: 549194 f5a8f305d92adaff1f53da182bd837f7\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_i386.deb\n Size/MD5 checksum: 23546 99b133b7e21cff786baa6693170aef36\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_i386.deb\n Size/MD5 checksum: 145512 4db6f08cb21ed31aaaf3d7f924143c88\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_mips.deb\n Size/MD5 checksum: 145312 1e7ae275a46f96cd43ac7fb1b7bbda15\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_mips.deb\n Size/MD5 checksum: 25254 99421c2121588fef1bd370374b272609\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_mips.deb\n Size/MD5 checksum: 572136 6ad389a65ca39091b27a8c9b7db172d3\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_mipsel.deb\n Size/MD5 checksum: 145682 7ea6d574f51e8843e1cce7bb7eac424b\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_mipsel.deb\n Size/MD5 checksum: 569360 7a8518ef16daddd2138af9e2a7906f38\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_mipsel.deb\n Size/MD5 checksum: 24978 e5fa4585f33b8c4c78a53dbd23c2fd0c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_powerpc.deb\n Size/MD5 checksum: 157902 3f05446ec115ae5a349b308a1bf9ff80\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_powerpc.deb\n Size/MD5 checksum: 32728 5cb4e076d3916d1c07dc27c97d4ccc85\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_powerpc.deb\n Size/MD5 checksum: 555766 5abb684ce3fb503cb1e27b581d2ab827\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_s390.deb\n Size/MD5 checksum: 25992 9a3b49a8c1dcfee6eb39dae00fd5d055\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_s390.deb\n Size/MD5 checksum: 159298 d62053bb200a5dcfe6cdfbdbd794d489\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_s390.deb\n Size/MD5 checksum: 560930 7ee9999597cbb9641e1941bf827c1d3c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_sparc.deb\n Size/MD5 checksum: 138838 8b92275e033d43f9bc321e751cd6a366\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_sparc.deb\n Size/MD5 checksum: 547676 4d7bbb59c40c3481e36e3e3be156f927\n http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_sparc.deb\n Size/MD5 checksum: 24586 26e6c92873bd60ae042c3f3d6ae46792\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "published": "2010-04-17T21:23:29", "modified": "2010-04-17T21:23:29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/2010/msg00076.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2007-2721", "CVE-2008-3521"], "immutableFields": [], "lastseen": "2021-10-22T00:39:14", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:0012"]}, {"type": "cve", "idList": ["CVE-2007-2721", "CVE-2008-3521"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-2721"]}, {"type": "fedora", "idList": ["FEDORA:L4VI8AKY003146"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-0012.NASL", "DEBIAN_DSA-2036.NASL", "EULEROS_SA-2019-2237.NASL", "EULEROS_SA-2020-1188.NASL", "FEDORA_2007-0005.NASL", "MANDRAKE_MDKSA-2007-129.NASL", "MANDRAKE_MDKSA-2007-208.NASL", "MANDRAKE_MDKSA-2007-209.NASL", "MANDRIVA_MDVSA-2009-142.NASL", "ORACLELINUX_ELSA-2009-0012.NASL", "REDHAT-RHSA-2009-0012.NASL", "SL_20090211_NETPBM_ON_SL4_X.NASL", "SUSE9_12295.NASL", "SUSE_11_0_JASPER-081114.NASL", "SUSE_JASPER-5771.NASL", "SUSE_JASPER-5782.NASL", "SUSE_LIBNETPBM-4688.NASL", "SUSE_LIBNETPBM-4694.NASL", "UBUNTU_USN-501-1.NASL", "UBUNTU_USN-501-2.NASL", "UBUNTU_USN-742-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122518", "OPENVAS:136141256231063366", "OPENVAS:136141256231063368", "OPENVAS:136141256231064340", "OPENVAS:136141256231064497", "OPENVAS:136141256231065039", "OPENVAS:136141256231065824", "OPENVAS:136141256231066001", "OPENVAS:136141256231066379", "OPENVAS:136141256231067269", "OPENVAS:1361412562310830025", "OPENVAS:1361412562310830099", "OPENVAS:1361412562310830150", "OPENVAS:1361412562310880774", "OPENVAS:1361412562311220192237", "OPENVAS:1361412562311220201188", "OPENVAS:63366", "OPENVAS:63368", "OPENVAS:63698", "OPENVAS:64340", "OPENVAS:64497", "OPENVAS:65039", "OPENVAS:65824", "OPENVAS:66001", "OPENVAS:66379", "OPENVAS:67269", "OPENVAS:830025", "OPENVAS:830099", "OPENVAS:830150", "OPENVAS:840110", "OPENVAS:840189", "OPENVAS:861067", "OPENVAS:880774"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0012"]}, {"type": "redhat", "idList": ["RHSA-2009:0012"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17303", "SECURITYVULNS:DOC:21504", "SECURITYVULNS:VULN:7830", "SECURITYVULNS:VULN:9759"]}, {"type": "ubuntu", "idList": ["USN-501-1", "USN-501-2", "USN-742-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-2721", "UB:CVE-2008-3521"]}]}, "score": {"value": 6.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:0012"]}, {"type": "cve", "idList": ["CVE-2007-2721"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2007-129.NASL", "SL_20090211_NETPBM_ON_SL4_X.NASL", "UBUNTU_USN-501-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231067269", "OPENVAS:1361412562311220192237"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0012"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9759"]}, {"type": "ubuntu", "idList": ["USN-742-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-3521"]}]}, "exploitation": null, "vulnersScore": 6.6}, "affectedPackage": [{"OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper1_1.900.1-5.1+lenny1_amd64.deb", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "arch": "amd64", "packageName": "libjasper1"}, {"arch": "powerpc", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_powerpc.deb", "packageName": "libjasper-runtime"}, {"OSVersion": "5", "OS": "Debian", "arch": "ia64", "packageVersion": "1.900.1-5.1+lenny1", "packageFilename": "libjasper1_1.900.1-5.1+lenny1_ia64.deb", "operator": "lt", "packageName": "libjasper1"}, {"packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_ia64.deb", "OSVersion": "5", "OS": "Debian", "arch": "ia64", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper-dev"}, {"OSVersion": "5", "OS": "Debian", "arch": "alpha", "packageVersion": "1.900.1-5.1+lenny1", "packageFilename": "libjasper1_1.900.1-5.1+lenny1_alpha.deb", "operator": "lt", "packageName": "libjasper1"}, {"operator": "lt", "OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper1_1.900.1-5.1+lenny1_arm.deb", "packageVersion": "1.900.1-5.1+lenny1", "arch": "arm", "packageName": "libjasper1"}, {"arch": "sparc", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_sparc.deb", "operator": "lt", "packageName": "libjasper-runtime"}, {"packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_s390.deb", "OSVersion": "5", "OS": "Debian", "arch": "s390", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper-dev"}, {"OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_alpha.deb", "arch": "alpha", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper-runtime"}, {"OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper1_1.900.1-5.1+lenny1_i386.deb", "packageVersion": "1.900.1-5.1+lenny1", "arch": "i386", "operator": "lt", "packageName": "libjasper1"}, {"OSVersion": "5", "OS": "Debian", "arch": "alpha", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_alpha.deb", "packageName": "libjasper-dev"}, {"OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_i386.deb", "arch": "i386", "operator": "lt", "packageName": "libjasper-dev"}, {"OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_mips.deb", "packageVersion": "1.900.1-5.1+lenny1", "arch": "mips", "operator": "lt", "packageName": "libjasper-dev"}, {"operator": "lt", "OSVersion": "5", "OS": "Debian", "arch": "mipsel", "packageVersion": "1.900.1-5.1+lenny1", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_mipsel.deb", "packageName": "libjasper-runtime"}, {"OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "arch": "hppa", "packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_hppa.deb", "packageName": "libjasper-dev"}, {"arch": "all", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "packageFilename": "jasper_1.900.1-5.1+lenny1_all.deb", "operator": "lt", "packageName": "jasper"}, {"packageFilename": "libjasper1_1.900.1-5.1+lenny1_s390.deb", "OSVersion": "5", "OS": "Debian", "arch": "s390", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper1"}, {"packageFilename": "libjasper1_1.900.1-5.1+lenny1_mipsel.deb", "OSVersion": "5", "OS": "Debian", "arch": "mipsel", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper1"}, {"operator": "lt", "OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_arm.deb", "packageVersion": "1.900.1-5.1+lenny1", "arch": "arm", "packageName": "libjasper-dev"}, {"packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_mipsel.deb", "OSVersion": "5", "OS": "Debian", "arch": "mipsel", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper-dev"}, {"OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_i386.deb", "packageVersion": "1.900.1-5.1+lenny1", "arch": "i386", "operator": "lt", "packageName": "libjasper-runtime"}, {"OSVersion": "5", "OS": "Debian", "arch": "s390", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_s390.deb", "packageName": "libjasper-runtime"}, {"arch": "armel", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_armel.deb", "packageName": "libjasper-dev"}, {"OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_mips.deb", "arch": "mips", "packageName": "libjasper-runtime"}, {"OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageFilename": "libjasper1_1.900.1-5.1+lenny1_mips.deb", "arch": "mips", "packageName": "libjasper1"}, {"packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_amd64.deb", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "arch": "amd64", "packageName": "libjasper-dev"}, {"operator": "lt", "OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_arm.deb", "packageVersion": "1.900.1-5.1+lenny1", "arch": "arm", "packageName": "libjasper-runtime"}, {"packageFilename": "libjasper1_1.900.1-5.1+lenny1_sparc.deb", "arch": "sparc", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper1"}, {"arch": "armel", "OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_armel.deb", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper-runtime"}, {"OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "libjasper-runtime"}, {"packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_hppa.deb", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "arch": "hppa", "packageName": "libjasper-runtime"}, {"arch": "powerpc", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageFilename": "libjasper1_1.900.1-5.1+lenny1_powerpc.deb", "packageName": "libjasper1"}, {"packageFilename": "libjasper1_1.900.1-5.1+lenny1_armel.deb", "arch": "armel", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper1"}, {"arch": "powerpc", "OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_powerpc.deb", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper-dev"}, {"packageFilename": "libjasper1_1.900.1-5.1+lenny1_hppa.deb", "OSVersion": "5", "OS": "Debian", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "arch": "hppa", "packageName": "libjasper1"}, {"OSVersion": "5", "OS": "Debian", "arch": "ia64", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageFilename": "libjasper-runtime_1.900.1-5.1+lenny1_ia64.deb", "packageName": "libjasper-runtime"}, {"arch": "sparc", "OSVersion": "5", "OS": "Debian", "packageFilename": "libjasper-dev_1.900.1-5.1+lenny1_sparc.deb", "packageVersion": "1.900.1-5.1+lenny1", "operator": "lt", "packageName": "libjasper-dev"}], "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2022-03-27T15:12:52", "description": "It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption.\n\nBesides addressing this vulnerability, this updates also addresses a regression introduced in the security fix for CVE-2008-3521, applied before Debian Lenny's release, that could cause errors when reading some JPEG input files.", "cvss3": {"score": null, "vector": null}, "published": "2010-04-19T00:00:00", "type": "nessus", "title": "Debian DSA-2036-1 : jasper - programming error", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3521"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:jasper", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2036.NASL", "href": "https://www.tenable.com/plugins/nessus/45558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2036. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45558);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2721\");\n script_xref(name:\"DSA\", value:\"2036\");\n\n script_name(english:\"Debian DSA-2036-1 : jasper - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the JasPer JPEG-2000 runtime library allowed an\nattacker to create a crafted input file that could lead to denial of\nservice and heap corruption.\n\nBesides addressing this vulnerability, this updates also addresses a\nregression introduced in the security fix for CVE-2008-3521, applied\nbefore Debian Lenny's release, that could cause errors when reading\nsome JPEG input files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2036\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the jasper package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.900.1-5.1+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libjasper-dev\", reference:\"1.900.1-5.1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libjasper-runtime\", reference:\"1.900.1-5.1+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libjasper1\", reference:\"1.900.1-5.1+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:07:29", "description": "Multiple security vulnerabilities has been identified and fixed in jasper :\n\nThe jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert (CVE-2007-2721).\n\nMultiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520).\n\nThe jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).\n\nBuffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522).\n\nThe updated packages have been patched to prevent this.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "cvss3": {"score": null, "vector": null}, "published": "2009-06-28T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : jasper (MDVSA-2009:142-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520", "CVE-2008-3521", "CVE-2008-3522"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:jasper", "p-cpe:/a:mandriva:linux:lib64jasper1", "p-cpe:/a:mandriva:linux:lib64jasper1-devel", "p-cpe:/a:mandriva:linux:lib64jasper1-static-devel", "p-cpe:/a:mandriva:linux:libjasper1", "p-cpe:/a:mandriva:linux:libjasper1-devel", "p-cpe:/a:mandriva:linux:libjasper1-static-devel", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2009-142.NASL", "href": "https://www.tenable.com/plugins/nessus/39552", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:142. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39552);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_bugtraq_id(31470);\n script_xref(name:\"MDVSA\", value:\"2009:142-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : jasper (MDVSA-2009:142-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities has been identified and fixed in\njasper :\n\nThe jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer\nJPEG-2000 library (libjasper) before 1.900 allows remote user-assisted\nattackers to cause a denial of service (crash) and possibly corrupt\nthe heap via malformed image files, as originally demonstrated using\nimagemagick convert (CVE-2007-2721).\n\nMultiple integer overflows in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via a crafted\nimage file, related to integer multiplication for memory allocation\n(CVE-2008-3520).\n\nThe jas_stream_tmpfile function in libjasper/base/jas_stream.c in\nJasPer 1.900.1 allows local users to overwrite arbitrary files via a\nsymlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).\n\nBuffer overflow in the jas_stream_printf function in\nlibjasper/base/jas_stream.c in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via vectors\nrelated to the mif_hdr_put function and use of vsprintf\n(CVE-2008-3522).\n\nThe updated packages have been patched to prevent this.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper1-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper1-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"jasper-1.900.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64jasper1-1.900.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64jasper1-devel-1.900.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64jasper1-static-devel-1.900.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libjasper1-1.900.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libjasper1-devel-1.900.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libjasper1-static-devel-1.900.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:12:50", "description": "A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.\n\nnetpbm contains an embedded copy of libjasper and as such is vulnerable to this issue.\n\nUpdated packages have been patched to prevent this issue.", "cvss3": {"score": null, "vector": null}, "published": "2007-11-06T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : netpbm (MDKSA-2007:209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64netpbm-devel", "p-cpe:/a:mandriva:linux:lib64netpbm-static-devel", "p-cpe:/a:mandriva:linux:lib64netpbm10", "p-cpe:/a:mandriva:linux:lib64netpbm10-devel", "p-cpe:/a:mandriva:linux:lib64netpbm10-static-devel", "p-cpe:/a:mandriva:linux:libnetpbm-devel", "p-cpe:/a:mandriva:linux:libnetpbm-static-devel", "p-cpe:/a:mandriva:linux:libnetpbm10", "p-cpe:/a:mandriva:linux:libnetpbm10-devel", "p-cpe:/a:mandriva:linux:libnetpbm10-static-devel", "p-cpe:/a:mandriva:linux:netpbm", "cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRAKE_MDKSA-2007-209.NASL", "href": "https://www.tenable.com/plugins/nessus/27643", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:209. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27643);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2721\");\n script_xref(name:\"MDKSA\", value:\"2007:209\");\n\n script_name(english:\"Mandrake Linux Security Advisory : netpbm (MDKSA-2007:209)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A function in the JasPer JPEG-2000 library before 1.900 could allow a\nremote user-assisted attack to cause a crash and possibly corrupt the\nheap via malformed image files.\n\nnetpbm contains an embedded copy of libjasper and as such is\nvulnerable to this issue.\n\nUpdated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netpbm-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netpbm10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netpbm10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netpbm10-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetpbm-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetpbm10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetpbm10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetpbm10-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64netpbm10-10.34-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64netpbm10-devel-10.34-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64netpbm10-static-devel-10.34-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libnetpbm10-10.34-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libnetpbm10-devel-10.34-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libnetpbm10-static-devel-10.34-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"netpbm-10.34-2.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64netpbm10-10.34-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64netpbm10-devel-10.34-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64netpbm10-static-devel-10.34-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libnetpbm10-10.34-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libnetpbm10-devel-10.34-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libnetpbm10-static-devel-10.34-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"netpbm-10.34-4.1mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64netpbm-devel-10.34-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64netpbm-static-devel-10.34-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64netpbm10-10.34-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libnetpbm-devel-10.34-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libnetpbm-static-devel-10.34-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libnetpbm10-10.34-8.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"netpbm-10.34-8.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:08:11", "description": "A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.\n\nNewer versions of ghostscript contain an embedded copy of libjasper and as such is vulnerable to this issue.\n\nUpdated packages have been patched to prevent this issue.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : ghostscript (MDKSA-2007:208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ghostscript", "p-cpe:/a:mandriva:linux:ghostscript-X", "p-cpe:/a:mandriva:linux:ghostscript-common", "p-cpe:/a:mandriva:linux:ghostscript-doc", "p-cpe:/a:mandriva:linux:ghostscript-dvipdf", "p-cpe:/a:mandriva:linux:ghostscript-module-X", "p-cpe:/a:mandriva:linux:lib64gs8", "p-cpe:/a:mandriva:linux:lib64gs8-devel", "p-cpe:/a:mandriva:linux:lib64ijs1", "p-cpe:/a:mandriva:linux:lib64ijs1-devel", "p-cpe:/a:mandriva:linux:libgs8", "p-cpe:/a:mandriva:linux:libgs8-devel", "p-cpe:/a:mandriva:linux:libijs1", "p-cpe:/a:mandriva:linux:libijs1-devel", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRAKE_MDKSA-2007-208.NASL", "href": "https://www.tenable.com/plugins/nessus/37643", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:208. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37643);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2721\");\n script_xref(name:\"MDKSA\", value:\"2007:208\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ghostscript (MDKSA-2007:208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A function in the JasPer JPEG-2000 library before 1.900 could allow a\nremote user-assisted attack to cause a crash and possibly corrupt the\nheap via malformed image files.\n\nNewer versions of ghostscript contain an embedded copy of libjasper\nand as such is vulnerable to this issue.\n\nUpdated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ghostscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ghostscript-X\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ghostscript-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ghostscript-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ghostscript-dvipdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ghostscript-module-X\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gs8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gs8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ijs1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ijs1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgs8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgs8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libijs1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libijs1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ghostscript-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ghostscript-X-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ghostscript-common-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ghostscript-doc-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ghostscript-dvipdf-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ghostscript-module-X-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gs8-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gs8-devel-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ijs1-0.35-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ijs1-devel-0.35-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgs8-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgs8-devel-8.60-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libijs1-0.35-55.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libijs1-devel-0.35-55.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:13:46", "description": "A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.\n\nUpdated packages have been patched to prevent this issue.", "cvss3": {"score": null, "vector": null}, "published": "2007-06-21T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : jasper (MDKSA-2007:129)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:jasper", "p-cpe:/a:mandriva:linux:lib64jasper1.701_1", "p-cpe:/a:mandriva:linux:lib64jasper1.701_1-devel", "p-cpe:/a:mandriva:linux:lib64jasper1.701_1-static-devel", "p-cpe:/a:mandriva:linux:libjasper1.701_1", "p-cpe:/a:mandriva:linux:libjasper1.701_1-devel", "p-cpe:/a:mandriva:linux:libjasper1.701_1-static-devel", "cpe:/o:mandriva:linux:2007", "cpe:/o:mandriva:linux:2007.1"], "id": "MANDRAKE_MDKSA-2007-129.NASL", "href": "https://www.tenable.com/plugins/nessus/25564", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:129. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25564);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2721\");\n script_xref(name:\"MDKSA\", value:\"2007:129\");\n\n script_name(english:\"Mandrake Linux Security Advisory : jasper (MDKSA-2007:129)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A function in the JasPer JPEG-2000 library before 1.900 could allow a\nremote user-assisted attack to cause a crash and possibly corrupt the\nheap via malformed image files.\n\nUpdated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper1.701_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper1.701_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper1.701_1-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper1.701_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper1.701_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper1.701_1-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"jasper-1.701.0-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64jasper1.701_1-1.701.0-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64jasper1.701_1-devel-1.701.0-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64jasper1.701_1-static-devel-1.701.0-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libjasper1.701_1-1.701.0-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libjasper1.701_1-devel-1.701.0-5.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libjasper1.701_1-static-devel-1.701.0-5.2mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"jasper-1.701.0-6.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64jasper1.701_1-1.701.0-6.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64jasper1.701_1-devel-1.701.0-6.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64jasper1.701_1-static-devel-1.701.0-6.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libjasper1.701_1-1.701.0-6.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libjasper1.701_1-devel-1.701.0-6.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libjasper1.701_1-static-devel-1.701.0-6.2mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:12:34", "description": "This update of netpbm fixes a security vulnerability in the included libjasper. This bug can be triggered while processing image files and can lead to remote code execution. (CVE-2007-2721)", "cvss3": {"score": null, "vector": null}, "published": "2007-12-12T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : libnetpbm (libnetpbm-4694)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libnetpbm", "p-cpe:/a:novell:opensuse:libnetpbm-32bit", "p-cpe:/a:novell:opensuse:libnetpbm-devel", "p-cpe:/a:novell:opensuse:libnetpbm10", "p-cpe:/a:novell:opensuse:libnetpbm10-32bit", "p-cpe:/a:novell:opensuse:netpbm", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_LIBNETPBM-4694.NASL", "href": "https://www.tenable.com/plugins/nessus/29344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libnetpbm-4694.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29344);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2721\");\n\n script_name(english:\"openSUSE 10 Security Update : libnetpbm (libnetpbm-4694)\");\n script_summary(english:\"Check for the libnetpbm-4694 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of netpbm fixes a security vulnerability in the included\nlibjasper. This bug can be triggered while processing image files and\ncan lead to remote code execution. (CVE-2007-2721)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libnetpbm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm10-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"libnetpbm-1.0.0-657.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"netpbm-10.26.22-14.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"libnetpbm-32bit-1.0.0-657.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"libnetpbm-1.0.0-678\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"netpbm-10.26.22-35\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"libnetpbm-32bit-1.0.0-678\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libnetpbm-devel-10.26.44-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libnetpbm10-10.26.44-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"netpbm-10.26.44-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libnetpbm10-32bit-10.26.44-10.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netpbm\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:12:48", "description": "USN-501-1 fixed vulnerabilities in Jasper. This update provides the corresponding update for the Jasper internal to Ghostscript.\n\nIt was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 6.10 / 7.04 / 7.10 : ghostscript, gs-gpl vulnerability (USN-501-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ghostscript", "p-cpe:/a:canonical:ubuntu_linux:ghostscript-doc", "p-cpe:/a:canonical:ubuntu_linux:ghostscript-x", "p-cpe:/a:canonical:ubuntu_linux:gs", "p-cpe:/a:canonical:ubuntu_linux:gs-aladdin", "p-cpe:/a:canonical:ubuntu_linux:gs-common", "p-cpe:/a:canonical:ubuntu_linux:gs-esp", "p-cpe:/a:canonical:ubuntu_linux:gs-esp-x", "p-cpe:/a:canonical:ubuntu_linux:gs-gpl", "p-cpe:/a:canonical:ubuntu_linux:libgs-dev", "p-cpe:/a:canonical:ubuntu_linux:libgs-esp-dev", "p-cpe:/a:canonical:ubuntu_linux:libgs8", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10"], "id": "UBUNTU_USN-501-2.NASL", "href": "https://www.tenable.com/plugins/nessus/28105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-501-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28105);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-2721\");\n script_xref(name:\"USN\", value:\"501-2\");\n\n script_name(english:\"Ubuntu 6.10 / 7.04 / 7.10 : ghostscript, gs-gpl vulnerability (USN-501-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-501-1 fixed vulnerabilities in Jasper. This update provides the\ncorresponding update for the Jasper internal to Ghostscript.\n\nIt was discovered that Jasper did not correctly handle corrupted\nJPEG2000 images. By tricking a user into opening a specially crafted\nJPG, a remote attacker could cause the application using libjasper to\ncrash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/501-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ghostscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ghostscript-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ghostscript-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gs-aladdin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gs-esp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gs-esp-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gs-gpl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgs-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgs-esp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgs8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.10\", pkgname:\"gs\", pkgver:\"8.50-1.1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"gs-gpl\", pkgver:\"8.50-1.1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"gs\", pkgver:\"8.54.dfsg.1-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"gs-gpl\", pkgver:\"8.54.dfsg.1-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ghostscript\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ghostscript-doc\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ghostscript-x\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gs\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gs-aladdin\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gs-common\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gs-esp\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gs-esp-x\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gs-gpl\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libgs-dev\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libgs-esp-dev\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libgs8\", pkgver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ghostscript / ghostscript-doc / ghostscript-x / gs / gs-aladdin / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:12:44", "description": "It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : jasper vulnerability (USN-501-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjasper-1.701-1", "p-cpe:/a:canonical:ubuntu_linux:libjasper-1.701-dev", "p-cpe:/a:canonical:ubuntu_linux:libjasper-runtime", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04"], "id": "UBUNTU_USN-501-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-501-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28104);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-2721\");\n script_xref(name:\"USN\", value:\"501-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : jasper vulnerability (USN-501-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Jasper did not correctly handle corrupted\nJPEG2000 images. By tricking a user into opening a specially crafted\nJPG, a remote attacker could cause the application using libjasper to\ncrash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/501-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjasper-1.701-1, libjasper-1.701-dev and / or\nlibjasper-runtime packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper-1.701-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper-1.701-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libjasper-1.701-1\", pkgver:\"1.701.0-2ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libjasper-1.701-dev\", pkgver:\"1.701.0-2ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libjasper-runtime\", pkgver:\"1.701.0-2ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libjasper-1.701-1\", pkgver:\"1.701.0-2ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libjasper-1.701-dev\", pkgver:\"1.701.0-2ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libjasper-runtime\", pkgver:\"1.701.0-2ubuntu0.6.10\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libjasper-1.701-1\", pkgver:\"1.701.0-2ubuntu0.7.04\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libjasper-1.701-dev\", pkgver:\"1.701.0-2ubuntu0.7.04\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libjasper-runtime\", pkgver:\"1.701.0-2ubuntu0.7.04\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjasper-1.701-1 / libjasper-1.701-dev / libjasper-runtime\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:57:01", "description": "This update addresses an issue where the jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-09-24T00:00:00", "type": "nessus", "title": "Fedora 7 : jasper-1.900.1-2.fc7 (2007-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jasper", "p-cpe:/a:fedoraproject:fedora:jasper-debuginfo", "p-cpe:/a:fedoraproject:fedora:jasper-devel", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2007-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/62267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-0005.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62267);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-2721\");\n script_xref(name:\"FEDORA\", value:\"2007-0005\");\n\n script_name(english:\"Fedora 7 : jasper-1.900.1-2.fc7 (2007-0005)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses an issue where the jpc_qcx_getcompparms function\nin jpc/jpc_cs.c could allow remote user-assisted attackers to cause a\ndenial of service (crash) and possibly corrupt the heap via malformed\nimage files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=240397\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001777.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca9cc65c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected jasper, jasper-debuginfo and / or jasper-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"jasper-1.900.1-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"jasper-debuginfo-1.900.1-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"jasper-devel-1.900.1-2.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / jasper-debuginfo / jasper-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:12:09", "description": "This update of netpbm fixes a security vulnerability in the included libjasper. This bug can be triggered while processing image files and can lead to remote code execution. (CVE-2007-2721)", "cvss3": {"score": null, "vector": null}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : netpbm (ZYPP Patch Number 4688)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBNETPBM-4688.NASL", "href": "https://www.tenable.com/plugins/nessus/29506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29506);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2721\");\n\n script_name(english:\"SuSE 10 Security Update : netpbm (ZYPP Patch Number 4688)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of netpbm fixes a security vulnerability in the included\nlibjasper. This bug can be triggered while processing image files and\ncan lead to remote code execution. (CVE-2007-2721)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2721.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4688.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libnetpbm-1.0.0-657.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"netpbm-10.26.22-14.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"libnetpbm-32bit-1.0.0-657.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libnetpbm-1.0.0-657.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"netpbm-10.26.22-14.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"libnetpbm-32bit-1.0.0-657.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:54:23", "description": "From Red Hat Security Advisory 2009:0012 :\n\nUpdated netpbm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain backported patches which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : netpbm (ELSA-2009-0012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:netpbm", "p-cpe:/a:oracle:linux:netpbm-devel", "p-cpe:/a:oracle:linux:netpbm-progs", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-0012.NASL", "href": "https://www.tenable.com/plugins/nessus/67788", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0012 and \n# Oracle Linux Security Advisory ELSA-2009-0012 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67788);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_bugtraq_id(31470);\n script_xref(name:\"RHSA\", value:\"2009:0012\");\n\n script_name(english:\"Oracle Linux 4 / 5 : netpbm (ELSA-2009-0012)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0012 :\n\nUpdated netpbm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm\n(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),\n.ppm (portable pixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were\ndiscovered in the JasPer library providing support for JPEG-2000 image\nformat and used in the jpeg2ktopam and pamtojpeg2k converters. An\nattacker could create a carefully-crafted JPEG file which could cause\njpeg2ktopam to crash or, possibly, execute arbitrary code as the user\nrunning jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which\ncontain backported patches which resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-February/000887.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-February/000893.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected netpbm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netpbm-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"netpbm-10.25-2.1.el4_7.4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"netpbm-devel-10.25-2.1.el4_7.4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"netpbm-progs-10.25-2.1.el4_7.4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"netpbm-10.35-6.1.el5_3.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"netpbm-devel-10.35-6.1.el5_3.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"netpbm-progs-10.35-6.1.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netpbm / netpbm-devel / netpbm-progs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:24", "description": "An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090211_NETPBM_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60534);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n\n script_name(english:\"Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An input validation flaw and multiple integer overflows were\ndiscovered in the JasPer library providing support for JPEG-2000 image\nformat and used in the jpeg2ktopam and pamtojpeg2k converters. An\nattacker could create a carefully-crafted JPEG file which could cause\njpeg2ktopam to crash or, possibly, execute arbitrary code as the user\nrunning jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0902&L=scientific-linux-errata&T=0&P=1130\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f647b0a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected netpbm, netpbm-devel and / or netpbm-progs\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"netpbm-10.25-2.1.el4_7.4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"netpbm-devel-10.25-2.1.el4_7.4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"netpbm-progs-10.25-2.1.el4_7.4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"netpbm-10.35-6.1.el5_3.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"netpbm-devel-10.35-6.1.el5_3.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"netpbm-progs-10.35-6.1.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:09:00", "description": "Updated netpbm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain backported patches which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-02-12T00:00:00", "type": "nessus", "title": "CentOS 4 : netpbm (CESA-2009:0012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:netpbm", "p-cpe:/a:centos:centos:netpbm-devel", "p-cpe:/a:centos:centos:netpbm-progs", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2009-0012.NASL", "href": "https://www.tenable.com/plugins/nessus/35650", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0012 and \n# CentOS Errata and Security Advisory 2009:0012 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35650);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_bugtraq_id(31470);\n script_xref(name:\"RHSA\", value:\"2009:0012\");\n\n script_name(english:\"CentOS 4 : netpbm (CESA-2009:0012)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated netpbm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm\n(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),\n.ppm (portable pixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were\ndiscovered in the JasPer library providing support for JPEG-2000 image\nformat and used in the jpeg2ktopam and pamtojpeg2k converters. An\nattacker could create a carefully-crafted JPEG file which could cause\njpeg2ktopam to crash or, possibly, execute arbitrary code as the user\nrunning jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which\ncontain backported patches which resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-February/015631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?565ea68c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-February/015632.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17c8034b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-February/015637.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4821acd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected netpbm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netpbm-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"netpbm-10.25-2.1.el4.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"netpbm-10.25-2.1.c4.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"netpbm-10.25-2.1.el4.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"netpbm-devel-10.25-2.1.el4.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"netpbm-devel-10.25-2.1.c4.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"netpbm-devel-10.25-2.1.el4.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"netpbm-progs-10.25-2.1.el4.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"netpbm-progs-10.25-2.1.c4.4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"netpbm-progs-10.25-2.1.el4.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netpbm / netpbm-devel / netpbm-progs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:09:00", "description": "Updated netpbm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain backported patches which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-02-12T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : netpbm (RHSA-2009:0012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:netpbm", "p-cpe:/a:redhat:enterprise_linux:netpbm-devel", "p-cpe:/a:redhat:enterprise_linux:netpbm-progs", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0012.NASL", "href": "https://www.tenable.com/plugins/nessus/35652", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0012. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35652);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_bugtraq_id(31470);\n script_xref(name:\"RHSA\", value:\"2009:0012\");\n\n script_name(english:\"RHEL 4 / 5 : netpbm (RHSA-2009:0012)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated netpbm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm\n(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),\n.ppm (portable pixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were\ndiscovered in the JasPer library providing support for JPEG-2000 image\nformat and used in the jpeg2ktopam and pamtojpeg2k converters. An\nattacker could create a carefully-crafted JPEG file which could cause\njpeg2ktopam to crash or, possibly, execute arbitrary code as the user\nrunning jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which\ncontain backported patches which resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0012\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected netpbm, netpbm-devel and / or netpbm-progs\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netpbm-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0012\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"netpbm-10.25-2.1.el4_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"netpbm-devel-10.25-2.1.el4_7.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"netpbm-progs-10.25-2.1.el4_7.4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"netpbm-10.35-6.1.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"netpbm-devel-10.35-6.1.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"netpbm-progs-10.35-6.1.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"netpbm-progs-10.35-6.1.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"netpbm-progs-10.35-6.1.el5_3.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netpbm / netpbm-devel / netpbm-progs\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:09:11", "description": "Multiple, potentially dangerous integer overflows, buffer overflows and a problem with temporary files have been fixed. (CVE-2008-3520 / CVE-2008-3521 / CVE-2008-3522)", "cvss3": {"score": null, "vector": null}, "published": "2008-11-26T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : jasper (ZYPP Patch Number 5782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3520", "CVE-2008-3521", "CVE-2008-3522"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JASPER-5782.NASL", "href": "https://www.tenable.com/plugins/nessus/34968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34968);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n\n script_name(english:\"SuSE 10 Security Update : jasper (ZYPP Patch Number 5782)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple, potentially dangerous integer overflows, buffer overflows\nand a problem with temporary files have been fixed. (CVE-2008-3520 /\nCVE-2008-3521 / CVE-2008-3522)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3522.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libjasper-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"libjasper-32bit-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libjasper-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libjasper-32bit-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"jasper-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libjasper-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"libjasper-32bit-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"jasper-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libjasper-1.701.0-16.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libjasper-32bit-1.701.0-16.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:22", "description": "Multiple, potentially dangerous integer overflows, buffer overflows and a problem with temporary files have been fixed (CVE-2008-3520, CVE-2008-3521, CVE-2008-3522).", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : jasper (jasper-303)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3520", "CVE-2008-3521", "CVE-2008-3522"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jasper", "p-cpe:/a:novell:opensuse:libjasper", "p-cpe:/a:novell:opensuse:libjasper-32bit", "p-cpe:/a:novell:opensuse:libjasper-devel", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JASPER-081114.NASL", "href": "https://www.tenable.com/plugins/nessus/39995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update jasper-303.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39995);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n\n script_name(english:\"openSUSE Security Update : jasper (jasper-303)\");\n script_summary(english:\"Check for the jasper-303 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple, potentially dangerous integer overflows, buffer overflows\nand a problem with temporary files have been fixed (CVE-2008-3520,\nCVE-2008-3521, CVE-2008-3522).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=392410\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"jasper-1.900.1-98.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libjasper-1.900.1-98.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libjasper-devel-1.900.1-98.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libjasper-32bit-1.900.1-98.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / libjasper / libjasper-32bit / libjasper-devel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:08:14", "description": "It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. (CVE-2008-3520)\n\nIt was discovered that JasPer created temporary files in an insecure way. Local users could exploit a race condition and cause a denial of service in libjasper applications. (CVE-2008-3521)\n\nIt was discovered that JasPer did not correctly handle certain formatting operations. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. (CVE-2008-3522).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : jasper vulnerabilities (USN-742-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3520", "CVE-2008-3521", "CVE-2008-3522"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjasper-1.701-1", "p-cpe:/a:canonical:ubuntu_linux:libjasper-1.701-dev", "p-cpe:/a:canonical:ubuntu_linux:libjasper-dev", "p-cpe:/a:canonical:ubuntu_linux:libjasper-runtime", "p-cpe:/a:canonical:ubuntu_linux:libjasper1", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-742-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-742-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37359);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_bugtraq_id(31470);\n script_xref(name:\"USN\", value:\"742-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : jasper vulnerabilities (USN-742-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that JasPer did not correctly handle memory\nallocation when parsing certain malformed JPEG2000 images. If a user\nwere tricked into opening a specially crafted image with an\napplication that uses libjasper, an attacker could cause a denial of\nservice and possibly execute arbitrary code with the user's\nprivileges. (CVE-2008-3520)\n\nIt was discovered that JasPer created temporary files in an insecure\nway. Local users could exploit a race condition and cause a denial of\nservice in libjasper applications. (CVE-2008-3521)\n\nIt was discovered that JasPer did not correctly handle certain\nformatting operations. If a user were tricked into opening a specially\ncrafted image with an application that uses libjasper, an attacker\ncould cause a denial of service and possibly execute arbitrary code\nwith the user's privileges. (CVE-2008-3522).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/742-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper-1.701-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper-1.701-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libjasper-1.701-1\", pkgver:\"1.701.0-2ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libjasper-1.701-dev\", pkgver:\"1.701.0-2ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libjasper-runtime\", pkgver:\"1.701.0-2ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libjasper-dev\", pkgver:\"1.900.1-3ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libjasper-runtime\", pkgver:\"1.900.1-3ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libjasper1\", pkgver:\"1.900.1-3ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libjasper-dev\", pkgver:\"1.900.1-3ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libjasper-runtime\", pkgver:\"1.900.1-3ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libjasper1\", pkgver:\"1.900.1-3ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libjasper-dev\", pkgver:\"1.900.1-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libjasper-runtime\", pkgver:\"1.900.1-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libjasper1\", pkgver:\"1.900.1-5ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjasper-1.701-1 / libjasper-1.701-dev / libjasper-dev / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:09:16", "description": "Multiple, potentially dangerous integer overflows, buffer overflows and a problem with temporary files have been fixed (CVE-2008-3520, CVE-2008-3521, CVE-2008-3522).", "cvss3": {"score": null, "vector": null}, "published": "2008-12-01T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : jasper (jasper-5771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3520", "CVE-2008-3521", "CVE-2008-3522"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jasper", "p-cpe:/a:novell:opensuse:libjasper", "p-cpe:/a:novell:opensuse:libjasper-32bit", "p-cpe:/a:novell:opensuse:libjasper-devel", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JASPER-5771.NASL", "href": "https://www.tenable.com/plugins/nessus/34982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update jasper-5771.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34982);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n\n script_name(english:\"openSUSE 10 Security Update : jasper (jasper-5771)\");\n script_summary(english:\"Check for the jasper-5771 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple, potentially dangerous integer overflows, buffer overflows\nand a problem with temporary files have been fixed (CVE-2008-3520,\nCVE-2008-3521, CVE-2008-3522).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"jasper-1.701.0-41\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"libjasper-1.701.0-41\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"libjasper-32bit-1.701.0-41\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"jasper-1.900.1-44.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libjasper-1.900.1-44.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libjasper-devel-1.900.1-44.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libjasper-32bit-1.900.1-44.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / libjasper / libjasper-32bit / libjasper-devel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:51", "description": "Multiple potentially dangerous integer overflows, buffer overflows, and a problem with temporary files have been fixed. CVE-2008-3520, CVE-2008-3521, CVE-2008-3522)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : jasper (YOU Patch Number 12295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3520", "CVE-2008-3521", "CVE-2008-3522"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12295.NASL", "href": "https://www.tenable.com/plugins/nessus/41255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41255);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n\n script_name(english:\"SuSE9 Security Update : jasper (YOU Patch Number 12295)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple potentially dangerous integer overflows, buffer overflows,\nand a problem with temporary files have been fixed. CVE-2008-3520,\nCVE-2008-3521, CVE-2008-3522)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3522.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12295.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(59, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"jasper-1.701.0-1.10\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libjasper-1.701.0-1.10\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libjasper-32bit-9-200811141502\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:17:56", "description": "According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).(CVE-2016-8887)\n\n - The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.(CVE-2017-6850)\n\n - The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.(CVE-2016-10250)\n\n - Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.(CVE-2017-6852)\n\n - Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.(CVE-2008-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : jasper (EulerOS-SA-2019-2237)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3521", "CVE-2016-10250", "CVE-2016-8887", "CVE-2017-6850", "CVE-2017-6852"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:jasper-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2237.NASL", "href": "https://www.tenable.com/plugins/nessus/130699", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130699);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2008-3521\",\n \"CVE-2016-10250\",\n \"CVE-2016-8887\",\n \"CVE-2017-6850\",\n \"CVE-2017-6852\"\n );\n script_bugtraq_id(\n 31470\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : jasper (EulerOS-SA-2019-2237)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the jasper package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The jp2_colr_destroy function in\n libjasper/jp2/jp2_cod.c in JasPer before 1.900.10\n allows remote attackers to cause a denial of service\n (NULL pointer dereference).(CVE-2016-8887)\n\n - The jp2_cdef_destroy function in jp2_cod.c in JasPer\n before 2.0.13 allows remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted\n image.(CVE-2017-6850)\n\n - The jp2_colr_destroy function in jp2_cod.c in JasPer\n before 1.900.13 allows remote attackers to cause a\n denial of service (NULL pointer dereference) by\n leveraging incorrect cleanup of JP2 box data on error.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-8887.(CVE-2016-10250)\n\n - Heap-based buffer overflow in the jpc_dec_decodepkt\n function in jpc_t2dec.c in JasPer 2.0.10 allows remote\n attackers to have unspecified impact via a crafted\n image.(CVE-2017-6852)\n\n - Race condition in the jas_stream_tmpfile function in\n libjasper/base/jas_stream.c in JasPer 1.900.1 allows\n local users to cause a denial of service (program exit)\n by creating the appropriate tmp.XXXXXXXXXX temporary\n file, which causes Jasper to exit. NOTE: this was\n originally reported as a symlink issue, but this was\n incorrect. NOTE: some vendors dispute the severity of\n this issue, but it satisfies CVE's requirements for\n inclusion.(CVE-2008-3521)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2237\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9716045e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jasper packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:jasper-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"jasper-libs-1.900.1-33.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-22T21:05:57", "description": "According to the versions of the jasper package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Runtime libraries for jasper. Security Fix(es):Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.(CVE-2008-3521)Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.(CVE-2017-6852)The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.(CVE-2016-10250)The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.(CVE-2017-6850)The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).(CVE-2016-8887)The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.(CVE-2016-9398)JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.(CVE-2017-1000050)The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.(CVE-2016-9393)The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.(CVE-2016-8884)There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.(CVE-2017-13752)The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.(CVE-2016-9397)There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.(CVE-2017-13747)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-03-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : jasper (EulerOS-SA-2020-1188)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3521", "CVE-2016-10250", "CVE-2016-8690", "CVE-2016-8884", "CVE-2016-8887", "CVE-2016-9393", "CVE-2016-9397", "CVE-2016-9398", "CVE-2017-1000050", "CVE-2017-13747", "CVE-2017-13752", "CVE-2017-6850", "CVE-2017-6852"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:jasper-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1188.NASL", "href": "https://www.tenable.com/plugins/nessus/134477", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134477);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2008-3521\",\n \"CVE-2016-10250\",\n \"CVE-2016-8884\",\n \"CVE-2016-8887\",\n \"CVE-2016-9393\",\n \"CVE-2016-9397\",\n \"CVE-2016-9398\",\n \"CVE-2017-1000050\",\n \"CVE-2017-13747\",\n \"CVE-2017-13752\",\n \"CVE-2017-6850\",\n \"CVE-2017-6852\"\n );\n script_bugtraq_id(\n 31470\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : jasper (EulerOS-SA-2020-1188)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the jasper package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - Runtime libraries for jasper. Security Fix(es):Race\n condition in the jas_stream_tmpfile function in\n libjasper/base/jas_stream.c in JasPer 1.900.1 allows\n local users to cause a denial of service (program exit)\n by creating the appropriate tmp.XXXXXXXXXX temporary\n file, which causes Jasper to exit. NOTE: this was\n originally reported as a symlink issue, but this was\n incorrect. NOTE: some vendors dispute the severity of\n this issue, but it satisfies CVE's requirements for\n inclusion.(CVE-2008-3521)Heap-based buffer overflow in\n the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer\n 2.0.10 allows remote attackers to have unspecified\n impact via a crafted image.(CVE-2017-6852)The\n jp2_colr_destroy function in jp2_cod.c in JasPer before\n 1.900.13 allows remote attackers to cause a denial of\n service (NULL pointer dereference) by leveraging\n incorrect cleanup of JP2 box data on error. NOTE: this\n vulnerability exists because of an incomplete fix for\n CVE-2016-8887.(CVE-2016-10250)The jp2_cdef_destroy\n function in jp2_cod.c in JasPer before 2.0.13 allows\n remote attackers to cause a denial of service (NULL\n pointer dereference) via a crafted\n image.(CVE-2017-6850)The jp2_colr_destroy function in\n libjasper/jp2/jp2_cod.c in JasPer before 1.900.10\n allows remote attackers to cause a denial of service\n (NULL pointer dereference).(CVE-2016-8887)The\n jpc_floorlog2 function in jpc_math.c in JasPer before\n 1.900.17 allows remote attackers to cause a denial of\n service (assertion failure) via unspecified\n vectors.(CVE-2016-9398)JasPer 2.0.12 is vulnerable to a\n NULL pointer exception in the function jp2_encode which\n failed to check to see if the image contained at least\n one component resulting in a\n denial-of-service.(CVE-2017-1000050)The jpc_pi_nextrpcl\n function in jpc_t2cod.c in JasPer before 1.900.17\n allows remote attackers to cause a denial of service\n (assertion failure) via a crafted\n file.(CVE-2016-9393)The bmp_getdata function in\n libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) by calling the imginfo command with a\n crafted BMP image. NOTE: this vulnerability exists\n because of an incomplete fix for\n CVE-2016-8690.(CVE-2016-8884)There is a reachable\n assertion abort in the function jpc_dequantize() in\n jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a\n remote denial of service attack.(CVE-2017-13752)The\n jpc_dequantize function in jpc_dec.c in JasPer 1.900.13\n allows remote attackers to cause a denial of service\n (assertion failure) via unspecified\n vectors.(CVE-2016-9397)There is a reachable assertion\n abort in the function jpc_floorlog2() in jpc/jpc_math.c\n in JasPer 2.0.12 that will lead to a remote denial of\n service attack.(CVE-2017-13747)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1188\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c800e748\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jasper packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:jasper-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"jasper-libs-1.900.1-33.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-18T11:05:03", "description": "The remote host is missing an update to jasper\nannounced via advisory DSA 2036-1.", "cvss3": {}, "published": "2010-04-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2036-1 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3521"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:136141256231067269", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067269", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2036_1.nasl 8440 2018-01-17 07:58:46Z teissa $\n# Description: Auto-generated from advisory DSA 2036-1 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the JasPer JPEG-2000 runtime library allowed an\nattacker to create a crafted input file that could lead to denial of\nservice and heap corruption.\n\nBesides addressing this vulnerability, this updates also addresses a\nregression introduced in the security fix for CVE-2008-3521, applied\nbefore Debian Lenny's release, that could cause errors when reading some\nJPEG input files.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.900.1-5.1+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.900.1-6.\n\nWe recommend that you upgrade your jasper package.\";\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory DSA 2036-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202036-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67269\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-21 03:31:17 +0200 (Wed, 21 Apr 2010)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3521\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2036-1 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-5.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper1\", ver:\"1.900.1-5.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-5.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:20", "description": "The remote host is missing an update to jasper\nannounced via advisory DSA 2036-1.", "cvss3": {}, "published": "2010-04-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2036-1 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3521"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67269", "href": "http://plugins.openvas.org/nasl.php?oid=67269", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2036_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2036-1 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the JasPer JPEG-2000 runtime library allowed an\nattacker to create a crafted input file that could lead to denial of\nservice and heap corruption.\n\nBesides addressing this vulnerability, this updates also addresses a\nregression introduced in the security fix for CVE-2008-3521, applied\nbefore Debian Lenny's release, that could cause errors when reading some\nJPEG input files.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.900.1-5.1+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.900.1-6.\n\nWe recommend that you upgrade your jasper package.\";\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory DSA 2036-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202036-1\";\n\n\nif(description)\n{\n script_id(67269);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-21 03:31:17 +0200 (Wed, 21 Apr 2010)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3521\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2036-1 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-5.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper1\", ver:\"1.900.1-5.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-5.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:40", "description": "The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:164.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:164 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2007-2721", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64497", "href": "http://plugins.openvas.org/nasl.php?oid=64497", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_164.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:164 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed\nin jasper:\n\nThe jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer\nJPEG-2000 library (libjasper) before 1.900 allows remote user-assisted\nattackers to cause a denial of service (crash) and possibly corrupt\nthe heap via malformed image files, as originally demonstrated using\nimagemagick convert (CVE-2007-2721).\n\nMultiple integer overflows in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via a crafted\nimage file, related to integer multiplication for memory allocation\n(CVE-2008-3520).\n\nThe jas_stream_tmpfile function in libjasper/base/jas_stream.c in\nJasPer 1.900.1 allows local users to overwrite arbitrary files via\na symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).\n\nBuffer overflow in the jas_stream_printf function in\nlibjasper/base/jas_stream.c in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via\nvectors related to the mif_hdr_put function and use of vsprintf\n(CVE-2008-3522).\n\nThe updated packages have been patched to prevent this.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:164\";\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:164.\";\n\n \n\nif(description)\n{\n script_id(64497);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:164 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-devel\", rpm:\"libjasper1-devel~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-static-devel\", rpm:\"libjasper1-static-devel~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-devel\", rpm:\"lib64jasper1-devel~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-static-devel\", rpm:\"lib64jasper1-static-devel~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:06", "description": "The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:142.", "cvss3": {}, "published": "2009-07-06T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:142 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2007-2721", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64340", "href": "http://plugins.openvas.org/nasl.php?oid=64340", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_142.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:142 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed\nin jasper:\n\nThe jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer\nJPEG-2000 library (libjasper) before 1.900 allows remote user-assisted\nattackers to cause a denial of service (crash) and possibly corrupt\nthe heap via malformed image files, as originally demonstrated using\nimagemagick convert (CVE-2007-2721).\n\nMultiple integer overflows in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via a crafted\nimage file, related to integer multiplication for memory allocation\n(CVE-2008-3520).\n\nThe jas_stream_tmpfile function in libjasper/base/jas_stream.c in\nJasPer 1.900.1 allows local users to overwrite arbitrary files via\na symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).\n\nBuffer overflow in the jas_stream_printf function in\nlibjasper/base/jas_stream.c in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via\nvectors related to the mif_hdr_put function and use of vsprintf\n(CVE-2008-3522).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:142\";\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:142.\";\n\n \n\nif(description)\n{\n script_id(64340);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-06 20:36:15 +0200 (Mon, 06 Jul 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:142 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-devel\", rpm:\"libjasper1-devel~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-static-devel\", rpm:\"libjasper1-static-devel~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-devel\", rpm:\"lib64jasper1-devel~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-static-devel\", rpm:\"lib64jasper1-static-devel~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-devel\", rpm:\"libjasper1-devel~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-static-devel\", rpm:\"libjasper1-static-devel~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-devel\", rpm:\"lib64jasper1-devel~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-static-devel\", rpm:\"lib64jasper1-static-devel~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper-devel\", rpm:\"libjasper-devel~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper-static-devel\", rpm:\"libjasper-static-devel~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper-devel\", rpm:\"lib64jasper-devel~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper-static-devel\", rpm:\"lib64jasper-static-devel~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1.701_1\", rpm:\"libjasper1.701_1~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1.701_1-devel\", rpm:\"libjasper1.701_1-devel~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1.701_1-static-devel\", rpm:\"libjasper1.701_1-static-devel~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1.701_1\", rpm:\"lib64jasper1.701_1~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-devel\", rpm:\"lib64jasper1.701_1-devel~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-static-devel\", rpm:\"lib64jasper1.701_1-static-devel~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:40", "description": "The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:142-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:142-1 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2007-2721", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66379", "href": "http://plugins.openvas.org/nasl.php?oid=66379", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_142_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:142-1 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed\nin jasper:\n\nThe jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer\nJPEG-2000 library (libjasper) before 1.900 allows remote user-assisted\nattackers to cause a denial of service (crash) and possibly corrupt\nthe heap via malformed image files, as originally demonstrated using\nimagemagick convert (CVE-2007-2721).\n\nMultiple integer overflows in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via a crafted\nimage file, related to integer multiplication for memory allocation\n(CVE-2008-3520).\n\nThe jas_stream_tmpfile function in libjasper/base/jas_stream.c in\nJasPer 1.900.1 allows local users to overwrite arbitrary files via\na symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).\n\nBuffer overflow in the jas_stream_printf function in\nlibjasper/base/jas_stream.c in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via\nvectors related to the mif_hdr_put function and use of vsprintf\n(CVE-2008-3522).\n\nThe updated packages have been patched to prevent this.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:142-1\";\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:142-1.\";\n\n \n\nif(description)\n{\n script_id(66379);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:142-1 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-devel\", rpm:\"libjasper1-devel~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-static-devel\", rpm:\"libjasper1-static-devel~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-devel\", rpm:\"lib64jasper1-devel~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-static-devel\", rpm:\"lib64jasper1-static-devel~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:16", "description": "The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:142.", "cvss3": {}, "published": "2009-07-06T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:142 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2007-2721", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064340", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064340", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_142.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:142 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed\nin jasper:\n\nThe jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer\nJPEG-2000 library (libjasper) before 1.900 allows remote user-assisted\nattackers to cause a denial of service (crash) and possibly corrupt\nthe heap via malformed image files, as originally demonstrated using\nimagemagick convert (CVE-2007-2721).\n\nMultiple integer overflows in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via a crafted\nimage file, related to integer multiplication for memory allocation\n(CVE-2008-3520).\n\nThe jas_stream_tmpfile function in libjasper/base/jas_stream.c in\nJasPer 1.900.1 allows local users to overwrite arbitrary files via\na symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).\n\nBuffer overflow in the jas_stream_printf function in\nlibjasper/base/jas_stream.c in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via\nvectors related to the mif_hdr_put function and use of vsprintf\n(CVE-2008-3522).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:142\";\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:142.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64340\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-06 20:36:15 +0200 (Mon, 06 Jul 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:142 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-devel\", rpm:\"libjasper1-devel~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-static-devel\", rpm:\"libjasper1-static-devel~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-devel\", rpm:\"lib64jasper1-devel~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-static-devel\", rpm:\"lib64jasper1-static-devel~1.900.1~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-devel\", rpm:\"libjasper1-devel~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-static-devel\", rpm:\"libjasper1-static-devel~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-devel\", rpm:\"lib64jasper1-devel~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-static-devel\", rpm:\"lib64jasper1-static-devel~1.900.1~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper-devel\", rpm:\"libjasper-devel~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper-static-devel\", rpm:\"libjasper-static-devel~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper-devel\", rpm:\"lib64jasper-devel~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper-static-devel\", rpm:\"lib64jasper-static-devel~1.900.1~5.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1.701_1\", rpm:\"libjasper1.701_1~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1.701_1-devel\", rpm:\"libjasper1.701_1-devel~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1.701_1-static-devel\", rpm:\"libjasper1.701_1-static-devel~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1.701_1\", rpm:\"lib64jasper1.701_1~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-devel\", rpm:\"lib64jasper1.701_1-devel~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-static-devel\", rpm:\"lib64jasper1.701_1-static-devel~1.701.0~3.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:58", "description": "The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:164.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:164 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2007-2721", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064497", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064497", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_164.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:164 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed\nin jasper:\n\nThe jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer\nJPEG-2000 library (libjasper) before 1.900 allows remote user-assisted\nattackers to cause a denial of service (crash) and possibly corrupt\nthe heap via malformed image files, as originally demonstrated using\nimagemagick convert (CVE-2007-2721).\n\nMultiple integer overflows in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via a crafted\nimage file, related to integer multiplication for memory allocation\n(CVE-2008-3520).\n\nThe jas_stream_tmpfile function in libjasper/base/jas_stream.c in\nJasPer 1.900.1 allows local users to overwrite arbitrary files via\na symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).\n\nBuffer overflow in the jas_stream_printf function in\nlibjasper/base/jas_stream.c in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via\nvectors related to the mif_hdr_put function and use of vsprintf\n(CVE-2008-3522).\n\nThe updated packages have been patched to prevent this.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:164\";\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:164.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64497\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:164 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-devel\", rpm:\"libjasper1-devel~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-static-devel\", rpm:\"libjasper1-static-devel~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-devel\", rpm:\"lib64jasper1-devel~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-static-devel\", rpm:\"lib64jasper1-static-devel~1.900.1~4.2mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:57", "description": "The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:142-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:142-1 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2007-2721", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066379", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066379", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_142_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:142-1 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed\nin jasper:\n\nThe jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer\nJPEG-2000 library (libjasper) before 1.900 allows remote user-assisted\nattackers to cause a denial of service (crash) and possibly corrupt\nthe heap via malformed image files, as originally demonstrated using\nimagemagick convert (CVE-2007-2721).\n\nMultiple integer overflows in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via a crafted\nimage file, related to integer multiplication for memory allocation\n(CVE-2008-3520).\n\nThe jas_stream_tmpfile function in libjasper/base/jas_stream.c in\nJasPer 1.900.1 allows local users to overwrite arbitrary files via\na symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521).\n\nBuffer overflow in the jas_stream_printf function in\nlibjasper/base/jas_stream.c in JasPer 1.900.1 might allow\ncontext-dependent attackers to have an unknown impact via\nvectors related to the mif_hdr_put function and use of vsprintf\n(CVE-2008-3522).\n\nThe updated packages have been patched to prevent this.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:142-1\";\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory MDVSA-2009:142-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66379\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:142-1 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1\", rpm:\"libjasper1~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-devel\", rpm:\"libjasper1-devel~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper1-static-devel\", rpm:\"libjasper1-static-devel~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1\", rpm:\"lib64jasper1~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-devel\", rpm:\"lib64jasper1-devel~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64jasper1-static-devel\", rpm:\"lib64jasper1-static-devel~1.900.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:23", "description": "Check for the Version of ghostscript", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for ghostscript MDKSA-2007:208 (ghostscript)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830025", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830025", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ghostscript MDKSA-2007:208 (ghostscript)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A function in the JasPer JPEG-2000 library before 1.900 could allow\n a remote user-assisted attack to cause a crash and possibly corrupt\n the heap via malformed image files.\n\n Newer versions of ghostscript contain an embedded copy of libjasper\n and as such is vulnerable to this issue.\n \n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"ghostscript on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-11/msg00008.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830025\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:208\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Mandriva Update for ghostscript MDKSA-2007:208 (ghostscript)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ghostscript\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ghostscript\", rpm:\"ghostscript~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-X\", rpm:\"ghostscript-X~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-common\", rpm:\"ghostscript-common~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-doc\", rpm:\"ghostscript-doc~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-dvipdf\", rpm:\"ghostscript-dvipdf~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-module-X\", rpm:\"ghostscript-module-X~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgs8\", rpm:\"libgs8~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgs8-devel\", rpm:\"libgs8-devel~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libijs1\", rpm:\"libijs1~0.35~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libijs1-devel\", rpm:\"libijs1-devel~0.35~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gs8\", rpm:\"lib64gs8~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gs8-devel\", rpm:\"lib64gs8-devel~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ijs1\", rpm:\"lib64ijs1~0.35~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ijs1-devel\", rpm:\"lib64ijs1-devel~0.35~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:21", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libnetpbm\n netpbm\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for netpbm", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66001", "href": "http://plugins.openvas.org/nasl.php?oid=66001", "sourceData": "#\n#VID slesp1-libnetpbm-4688\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for netpbm\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libnetpbm\n netpbm\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66001);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-2721\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for netpbm\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnetpbm\", rpm:\"libnetpbm~1.0.0~657.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.26.22~14.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:02", "description": "Check for the Version of jasper", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for jasper FEDORA-2007-0001", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861067", "href": "http://plugins.openvas.org/nasl.php?oid=861067", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for jasper FEDORA-2007-0001\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"jasper on Fedora 7\";\ntag_insight = \"This package contains an implementation of the image compression\n standard JPEG-2000, Part 1. It consists of tools for conversion to and\n from the JP2 and JPC formats.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00077.html\");\n script_id(861067);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-0001\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Fedora Update for jasper FEDORA-2007-0001\");\n\n script_summary(\"Check for the Version of jasper\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-devel\", rpm:\"jasper-devel~1.900.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-debuginfo\", rpm:\"jasper-debuginfo~1.900.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-debuginfo\", rpm:\"jasper-debuginfo~1.900.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper-devel\", rpm:\"jasper-devel~1.900.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.900.1~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:51", "description": "Check for the Version of netpbm", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for netpbm MDKSA-2007:209 (netpbm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for netpbm MDKSA-2007:209 (netpbm)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A function in the JasPer JPEG-2000 library before 1.900 could allow\n a remote user-assisted attack to cause a crash and possibly corrupt\n the heap via malformed image files.\n\n netpbm contains an embedded copy of libjasper and as such is vulnerable\n to this issue.\n \n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"netpbm on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-11/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830099\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:209\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Mandriva Update for netpbm MDKSA-2007:209 (netpbm)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of netpbm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10\", rpm:\"libnetpbm10~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10-devel\", rpm:\"libnetpbm10-devel~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10-static-devel\", rpm:\"libnetpbm10-static-devel~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10\", rpm:\"lib64netpbm10~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10-devel\", rpm:\"lib64netpbm10-devel~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10-static-devel\", rpm:\"lib64netpbm10-static-devel~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10\", rpm:\"libnetpbm10~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10-devel\", rpm:\"libnetpbm10-devel~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10-static-devel\", rpm:\"libnetpbm10-static-devel~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10\", rpm:\"lib64netpbm10~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10-devel\", rpm:\"lib64netpbm10-devel~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10-static-devel\", rpm:\"lib64netpbm10-static-devel~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetpbm-devel\", rpm:\"libnetpbm-devel~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm-static-devel\", rpm:\"libnetpbm-static-devel~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10\", rpm:\"libnetpbm10~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm-devel\", rpm:\"lib64netpbm-devel~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm-static-devel\", rpm:\"lib64netpbm-static-devel~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10\", rpm:\"lib64netpbm10~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:59", "description": "Check for the Version of ghostscript", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for ghostscript MDKSA-2007:208 (ghostscript)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830025", "href": "http://plugins.openvas.org/nasl.php?oid=830025", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ghostscript MDKSA-2007:208 (ghostscript)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A function in the JasPer JPEG-2000 library before 1.900 could allow\n a remote user-assisted attack to cause a crash and possibly corrupt\n the heap via malformed image files.\n\n Newer versions of ghostscript contain an embedded copy of libjasper\n and as such is vulnerable to this issue.\n \n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"ghostscript on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-11/msg00008.php\");\n script_id(830025);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:208\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Mandriva Update for ghostscript MDKSA-2007:208 (ghostscript)\");\n\n script_summary(\"Check for the Version of ghostscript\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ghostscript\", rpm:\"ghostscript~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-X\", rpm:\"ghostscript-X~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-common\", rpm:\"ghostscript-common~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-doc\", rpm:\"ghostscript-doc~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-dvipdf\", rpm:\"ghostscript-dvipdf~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ghostscript-module-X\", rpm:\"ghostscript-module-X~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgs8\", rpm:\"libgs8~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgs8-devel\", rpm:\"libgs8-devel~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libijs1\", rpm:\"libijs1~0.35~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libijs1-devel\", rpm:\"libijs1-devel~0.35~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gs8\", rpm:\"lib64gs8~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gs8-devel\", rpm:\"lib64gs8-devel~8.60~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ijs1\", rpm:\"lib64ijs1~0.35~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ijs1-devel\", rpm:\"lib64ijs1-devel~0.35~55.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:14", "description": "Check for the Version of netpbm", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for netpbm MDKSA-2007:209 (netpbm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830099", "href": "http://plugins.openvas.org/nasl.php?oid=830099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for netpbm MDKSA-2007:209 (netpbm)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A function in the JasPer JPEG-2000 library before 1.900 could allow\n a remote user-assisted attack to cause a crash and possibly corrupt\n the heap via malformed image files.\n\n netpbm contains an embedded copy of libjasper and as such is vulnerable\n to this issue.\n \n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"netpbm on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-11/msg00010.php\");\n script_id(830099);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:209\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Mandriva Update for netpbm MDKSA-2007:209 (netpbm)\");\n\n script_summary(\"Check for the Version of netpbm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10\", rpm:\"libnetpbm10~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10-devel\", rpm:\"libnetpbm10-devel~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10-static-devel\", rpm:\"libnetpbm10-static-devel~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10\", rpm:\"lib64netpbm10~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10-devel\", rpm:\"lib64netpbm10-devel~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10-static-devel\", rpm:\"lib64netpbm10-static-devel~10.34~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10\", rpm:\"libnetpbm10~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10-devel\", rpm:\"libnetpbm10-devel~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10-static-devel\", rpm:\"libnetpbm10-static-devel~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10\", rpm:\"lib64netpbm10~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10-devel\", rpm:\"lib64netpbm10-devel~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10-static-devel\", rpm:\"lib64netpbm10-static-devel~10.34~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetpbm-devel\", rpm:\"libnetpbm-devel~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm-static-devel\", rpm:\"libnetpbm-static-devel~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetpbm10\", rpm:\"libnetpbm10~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm-devel\", rpm:\"lib64netpbm-devel~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm-static-devel\", rpm:\"lib64netpbm-static-devel~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netpbm10\", rpm:\"lib64netpbm10~10.34~8.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:28:41", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-501-2", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for ghostscript, gs-gpl vulnerability USN-501-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840110", "href": "http://plugins.openvas.org/nasl.php?oid=840110", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_501_2.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for ghostscript, gs-gpl vulnerability USN-501-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-501-1 fixed vulnerabilities in Jasper. This update provides the\n corresponding update for the Jasper internal to Ghostscript.\n\n Original advisory details:\n \n It was discovered that Jasper did not correctly handle corrupted JPEG2000\n images. By tricking a user into opening a specially crafted JPG, a\n remote attacker could cause the application using libjasper to crash,\n resulting in a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-501-2\";\ntag_affected = \"ghostscript, gs-gpl vulnerability on Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-501-2/\");\n script_id(840110);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"501-2\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Ubuntu Update for ghostscript, gs-gpl vulnerability USN-501-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.54.dfsg.1-5ubuntu0.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.54.dfsg.1-5ubuntu0.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.50-1.1ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.50-1.1ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:53", "description": "Check for the Version of jasper", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for jasper MDKSA-2007:129 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for jasper MDKSA-2007:129 (jasper)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A function in the JasPer JPEG-2000 library before 1.900 could allow\n a remote user-assisted attack to cause a crash and possibly corrupt\n the heap via malformed image files.\n\n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"jasper on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-06/msg00029.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830150\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:129\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Mandriva Update for jasper MDKSA-2007:129 (jasper)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of jasper\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1\", rpm:\"libjasper1.701_1~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1-devel\", rpm:\"libjasper1.701_1-devel~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1-static-devel\", rpm:\"libjasper1.701_1-static-devel~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1\", rpm:\"lib64jasper1.701_1~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-devel\", rpm:\"lib64jasper1.701_1-devel~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-static-devel\", rpm:\"lib64jasper1.701_1-static-devel~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1\", rpm:\"libjasper1.701_1~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1-devel\", rpm:\"libjasper1.701_1-devel~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1-static-devel\", rpm:\"libjasper1.701_1-static-devel~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1\", rpm:\"lib64jasper1.701_1~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-devel\", rpm:\"lib64jasper1.701_1-devel~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-static-devel\", rpm:\"lib64jasper1.701_1-static-devel~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:40", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libnetpbm\n netpbm\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for netpbm", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066001", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066001", "sourceData": "#\n#VID slesp1-libnetpbm-4688\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for netpbm\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libnetpbm\n netpbm\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66001\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-2721\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for netpbm\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnetpbm\", rpm:\"libnetpbm~1.0.0~657.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.26.22~14.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:28:03", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-501-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for jasper vulnerability USN-501-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840189", "href": "http://plugins.openvas.org/nasl.php?oid=840189", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_501_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for jasper vulnerability USN-501-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Jasper did not correctly handle corrupted JPEG2000\n images. By tricking a user into opening a specially crafted JPG, a\n remote attacker could cause the application using libjasper to crash,\n resulting in a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-501-1\";\ntag_affected = \"jasper vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-501-1/\");\n script_id(840189);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"501-1\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Ubuntu Update for jasper vulnerability USN-501-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper\", ver:\"1.701-1_1.701.0-2ubuntu0.7.04\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper\", ver:\"1.701-dev_1.701.0-2ubuntu0.7.04\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.701.0-2ubuntu0.7.04\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper\", ver:\"1.701-1_1.701.0-2ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper\", ver:\"1.701-dev_1.701.0-2ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.701.0-2ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjasper\", ver:\"1.701-1_1.701.0-2ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper\", ver:\"1.701-dev_1.701.0-2ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.701.0-2ubuntu0.6.10\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:32", "description": "Check for the Version of jasper", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for jasper MDKSA-2007:129 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830150", "href": "http://plugins.openvas.org/nasl.php?oid=830150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for jasper MDKSA-2007:129 (jasper)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A function in the JasPer JPEG-2000 library before 1.900 could allow\n a remote user-assisted attack to cause a crash and possibly corrupt\n the heap via malformed image files.\n\n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"jasper on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-06/msg00029.php\");\n script_id(830150);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:129\");\n script_cve_id(\"CVE-2007-2721\");\n script_name( \"Mandriva Update for jasper MDKSA-2007:129 (jasper)\");\n\n script_summary(\"Check for the Version of jasper\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1\", rpm:\"libjasper1.701_1~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1-devel\", rpm:\"libjasper1.701_1-devel~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1-static-devel\", rpm:\"libjasper1.701_1-static-devel~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1\", rpm:\"lib64jasper1.701_1~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-devel\", rpm:\"lib64jasper1.701_1-devel~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-static-devel\", rpm:\"lib64jasper1.701_1-static-devel~1.701.0~6.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1\", rpm:\"libjasper1.701_1~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1-devel\", rpm:\"libjasper1.701_1-devel~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjasper1.701_1-static-devel\", rpm:\"libjasper1.701_1-static-devel~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1\", rpm:\"lib64jasper1.701_1~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-devel\", rpm:\"lib64jasper1.701_1-devel~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64jasper1.701_1-static-devel\", rpm:\"lib64jasper1.701_1-static-devel~1.701.0~5.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:25", "description": "The remote host is missing updates to netpbm announced in\nadvisory CESA-2009:0012.", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0012 (netpbm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063366", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063366", "sourceData": "#CESA-2009:0012 63366 4\n# $Id: ovcesa2009_0012.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0012 (netpbm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0012\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0012\nhttps://rhn.redhat.com/errata/RHSA-2009-0012.html\";\ntag_summary = \"The remote host is missing updates to netpbm announced in\nadvisory CESA-2009:0012.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63366\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0012 (netpbm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:46", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0012.\n\nThe netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm (portable\nbitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable\npixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in\nthe JasPer library providing support for JPEG-2000 image format and used in\nthe jpeg2ktopam and pamtojpeg2k converters. An attacker could create a\ncarefully-crafted JPEG file which could cause jpeg2ktopam to crash or,\npossibly, execute arbitrary code as the user running jpeg2ktopam.\n(CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain\nbackported patches which resolve these issues.", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0012", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63368", "href": "http://plugins.openvas.org/nasl.php?oid=63368", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0012.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0012 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0012.\n\nThe netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm (portable\nbitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable\npixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in\nthe JasPer library providing support for JPEG-2000 image format and used in\nthe jpeg2ktopam and pamtojpeg2k converters. An attacker could create a\ncarefully-crafted JPEG file which could cause jpeg2ktopam to crash or,\npossibly, execute arbitrary code as the user running jpeg2ktopam.\n(CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain\nbackported patches which resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63368);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0012\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0012.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.25~2.1.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-debuginfo\", rpm:\"netpbm-debuginfo~10.25~2.1.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.25~2.1.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.25~2.1.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35~6.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-debuginfo\", rpm:\"netpbm-debuginfo~10.35~6.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35~6.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35~6.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:29", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0012.\n\nThe netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm (portable\nbitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable\npixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in\nthe JasPer library providing support for JPEG-2000 image format and used in\nthe jpeg2ktopam and pamtojpeg2k converters. An attacker could create a\ncarefully-crafted JPEG file which could cause jpeg2ktopam to crash or,\npossibly, execute arbitrary code as the user running jpeg2ktopam.\n(CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain\nbackported patches which resolve these issues.", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0012", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063368", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063368", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0012.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0012 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0012.\n\nThe netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm (portable\nbitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable\npixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in\nthe JasPer library providing support for JPEG-2000 image format and used in\nthe jpeg2ktopam and pamtojpeg2k converters. An attacker could create a\ncarefully-crafted JPEG file which could cause jpeg2ktopam to crash or,\npossibly, execute arbitrary code as the user running jpeg2ktopam.\n(CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain\nbackported patches which resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63368\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0012\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0012.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.25~2.1.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-debuginfo\", rpm:\"netpbm-debuginfo~10.25~2.1.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.25~2.1.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.25~2.1.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35~6.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-debuginfo\", rpm:\"netpbm-debuginfo~10.35~6.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35~6.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35~6.1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for netpbm CESA-2009:0012 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880774", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2009:0012 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-February/015631.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880774\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0012\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_name(\"CentOS Update for netpbm CESA-2009:0012 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'netpbm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"netpbm on CentOS 4\");\n script_tag(name:\"insight\", value:\"The netpbm package contains a library of functions for editing and\n converting between various graphics file formats, including .pbm (portable\n bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable\n pixmaps), and others.\n\n An input validation flaw and multiple integer overflows were discovered in\n the JasPer library providing support for JPEG-2000 image format and used in\n the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a\n carefully-crafted JPEG file which could cause jpeg2ktopam to crash or,\n possibly, execute arbitrary code as the user running jpeg2ktopam.\n (CVE-2007-2721, CVE-2008-3520)\n\n All users are advised to upgrade to these updated packages which contain\n backported patches which resolve these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:57:09", "description": "The remote host is missing updates to netpbm announced in\nadvisory CESA-2009:0012.", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0012 (netpbm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63366", "href": "http://plugins.openvas.org/nasl.php?oid=63366", "sourceData": "#CESA-2009:0012 63366 4\n# $Id: ovcesa2009_0012.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0012 (netpbm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0012\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0012\nhttps://rhn.redhat.com/errata/RHSA-2009-0012.html\";\ntag_summary = \"The remote host is missing updates to netpbm announced in\nadvisory CESA-2009:0012.\";\n\n\n\nif(description)\n{\n script_id(63366);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0012 (netpbm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:13", "description": "Oracle Linux Local Security Checks ELSA-2009-0012", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0012", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122518", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122518", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0012.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122518\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:09 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0012\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0012 - netpbm security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0012\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0012.html\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35~6.1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35~6.1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35~6.1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:52", "description": "Check for the Version of netpbm", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for netpbm CESA-2009:0012 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880774", "href": "http://plugins.openvas.org/nasl.php?oid=880774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2009:0012 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The netpbm package contains a library of functions for editing and\n converting between various graphics file formats, including .pbm (portable\n bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable\n pixmaps), and others.\n\n An input validation flaw and multiple integer overflows were discovered in\n the JasPer library providing support for JPEG-2000 image format and used in\n the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a\n carefully-crafted JPEG file which could cause jpeg2ktopam to crash or,\n possibly, execute arbitrary code as the user running jpeg2ktopam.\n (CVE-2007-2721, CVE-2008-3520)\n \n All users are advised to upgrade to these updated packages which contain\n backported patches which resolve these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"netpbm on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-February/015631.html\");\n script_id(880774);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0012\");\n script_cve_id(\"CVE-2007-2721\", \"CVE-2008-3520\");\n script_name(\"CentOS Update for netpbm CESA-2009:0012 centos4 i386\");\n\n script_summary(\"Check for the Version of netpbm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.25~2.1.el4.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:54", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jasper\n libjasper\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for jasper", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065824", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065824", "sourceData": "#\n#VID slesp2-jasper-5782\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for jasper\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jasper\n libjasper\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65824\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for jasper\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~16.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper\", rpm:\"libjasper~1.701.0~16.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:15", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jasper\n libjasper\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5038720 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for jasper", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65039", "href": "http://plugins.openvas.org/nasl.php?oid=65039", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5038720.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for jasper\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jasper\n libjasper\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5038720 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65039);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for jasper\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~1.10\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:25", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jasper\n libjasper\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5038720 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for jasper", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065039", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065039", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5038720.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for jasper\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jasper\n libjasper\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5038720 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65039\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for jasper\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~1.10\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:46", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jasper\n libjasper\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for jasper", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65824", "href": "http://plugins.openvas.org/nasl.php?oid=65824", "sourceData": "#\n#VID slesp2-jasper-5782\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for jasper\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jasper\n libjasper\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65824);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for jasper\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jasper\", rpm:\"jasper~1.701.0~16.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libjasper\", rpm:\"libjasper~1.701.0~16.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-27T18:35:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2019-2237)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8887", "CVE-2017-6852", "CVE-2017-6850", "CVE-2008-3521", "CVE-2016-10250"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192237", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192237", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2237\");\n script_version(\"2020-01-23T12:42:28+0000\");\n script_cve_id(\"CVE-2008-3521\", \"CVE-2016-10250\", \"CVE-2016-8887\", \"CVE-2017-6850\", \"CVE-2017-6852\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:42:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:42:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2019-2237)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2237\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2237\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'jasper' package(s) announced via the EulerOS-SA-2019-2237 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).(CVE-2016-8887)\n\nThe jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.(CVE-2017-6850)\n\nThe jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.(CVE-2016-10250)\n\nHeap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.(CVE-2017-6852)\n\nRace condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.(CVE-2008-3521)\");\n\n script_tag(name:\"affected\", value:\"'jasper' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jasper-libs\", rpm:\"jasper-libs~1.900.1~33.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T16:50:26", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2020-1188)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9398", "CVE-2016-8887", "CVE-2017-6852", "CVE-2017-6850", "CVE-2008-3521", "CVE-2016-10250"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201188", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201188", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1188\");\n script_version(\"2020-03-13T07:12:08+0000\");\n script_cve_id(\"CVE-2008-3521\", \"CVE-2016-10250\", \"CVE-2016-8887\", \"CVE-2016-9398\", \"CVE-2017-6850\", \"CVE-2017-6852\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:12:08 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:12:08 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2020-1188)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1188\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1188\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'jasper' package(s) announced via the EulerOS-SA-2020-1188 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.(CVE-2008-3521)\n\n\nHeap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.(CVE-2017-6852)\n\n\nThe jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.(CVE-2016-10250)\n\n\nThe jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.(CVE-2017-6850)\n\n\nThe jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).(CVE-2016-8887)\n\n\nThe jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.(CVE-2016-9398)\");\n\n script_tag(name:\"affected\", value:\"'jasper' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jasper-libs\", rpm:\"jasper-libs~1.900.1~33.h7\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:29:43", "description": "The remote host is missing an update to jasper\nannounced via advisory USN-742-1.\n\nIt was discovered that JasPer did not correctly handle memory allocation\nwhen parsing certain malformed JPEG2000 images. If a user were tricked into\nopening a specially crafted image with an application that uses libjasper,\nan attacker could cause a denial of service and possibly execute arbitrary\ncode with the user's privileges. (CVE-2008-3520)\n\nIt was discovered that JasPer created temporary files in an insecure way.\nLocal users could exploit a race condition and cause a denial of service in\nlibjasper applications.\n(CVE-2008-3521)\n\nIt was discovered that JasPer did not correctly handle certain formatting\noperations. If a user were tricked into opening a specially crafted image\nwith an application that uses libjasper, an attacker could cause a denial\nof service and possibly execute arbitrary code with the user's privileges.\n(CVE-2008-3522)", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "Ubuntu USN-742-1 (jasper)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0772", "CVE-2009-0352", "CVE-2008-3522", "CVE-2009-0584", "CVE-2009-0583", "CVE-2009-0774", "CVE-2008-4552", "CVE-2008-3520", "CVE-2009-0776", "CVE-2008-3521"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63698", "href": "http://plugins.openvas.org/nasl.php?oid=63698", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_742_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_742_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-742-1 (jasper)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libjasper-1.701-1 1.701.0-2ubuntu0.6.06.1\n\nUbuntu 7.10:\n libjasper1 1.900.1-3ubuntu0.7.10.1\n\nUbuntu 8.04 LTS:\n libjasper1 1.900.1-3ubuntu0.8.04.1\n\nUbuntu 8.10:\n libjasper1 1.900.1-5ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-742-1\";\n\ntag_summary = \"The remote host is missing an update to jasper\nannounced via advisory USN-742-1.\n\nIt was discovered that JasPer did not correctly handle memory allocation\nwhen parsing certain malformed JPEG2000 images. If a user were tricked into\nopening a specially crafted image with an application that uses libjasper,\nan attacker could cause a denial of service and possibly execute arbitrary\ncode with the user's privileges. (CVE-2008-3520)\n\nIt was discovered that JasPer created temporary files in an insecure way.\nLocal users could exploit a race condition and cause a denial of service in\nlibjasper applications.\n(CVE-2008-3521)\n\nIt was discovered that JasPer did not correctly handle certain formatting\noperations. If a user were tricked into opening a specially crafted image\nwith an application that uses libjasper, an attacker could cause a denial\nof service and possibly execute arbitrary code with the user's privileges.\n(CVE-2008-3522)\";\n\n \n\n\nif(description)\n{\n script_id(63698);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2008-3520\", \"CVE-2008-3521\", \"CVE-2008-3522\", \"CVE-2009-0583\", \"CVE-2009-0584\", \"CVE-2008-4552\", \"CVE-2009-0352\", \"CVE-2009-0772\", \"CVE-2009-0774\", \"CVE-2009-0776\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-742-1 (jasper)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-742-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libjasper-1.701-1\", ver:\"1.701.0-2ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-1.701-dev\", ver:\"1.701.0-2ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.701.0-2ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-3ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper1\", ver:\"1.900.1-3ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-3ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-3ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper1\", ver:\"1.900.1-3ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-3ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-dev\", ver:\"1.900.1-5ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper1\", ver:\"1.900.1-5ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libjasper-runtime\", ver:\"1.900.1-5ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-inspector\", ver:\"1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-typeaheadfind\", ver:\"1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.21+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.21+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.21+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.21+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.21+nobinonly-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird-dev\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-thunderbird\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-dev\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird-gnome-support\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"2.0.0.21+nobinonly-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2021-11-22T22:02:24", "description": "The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000\nlibrary (libjasper) before 1.900 allows remote user-assisted attackers to\ncause a denial of service (crash) and possibly corrupt the heap via\nmalformed image files, as originally demonstrated using imagemagick\nconvert.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[kees](<https://launchpad.net/~kees>) | http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html\n", "cvss3": {}, "published": "2007-05-16T00:00:00", "type": "ubuntucve", "title": "CVE-2007-2721", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2721"], "modified": "2007-05-16T00:00:00", "id": "UB:CVE-2007-2721", "href": "https://ubuntu.com/security/CVE-2007-2721", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T22:00:35", "description": "Race condition in the jas_stream_tmpfile function in\nlibjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a\ndenial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX\ntemporary file, which causes Jasper to exit. NOTE: this was originally\nreported as a symlink issue, but this was incorrect. NOTE: some vendors\ndispute the severity of this issue, but it satisfies CVE's requirements for\ninclusion.\n\n#### Bugs\n\n * <http://bugs.gentoo.org/show_bug.cgi?id=222819>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3521>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501021>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[kees](<https://launchpad.net/~kees>) | opened with O_EXCL \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | ghostscript jasper already uses appropriate temp filename\n", "cvss3": {}, "published": "2008-10-02T00:00:00", "type": "ubuntucve", "title": "CVE-2008-3521", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3521"], "modified": "2008-10-02T00:00:00", "id": "UB:CVE-2008-3521", "href": "https://ubuntu.com/security/CVE-2008-3521", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:35:36", "description": "It was discovered that Jasper did not correctly handle corrupted JPEG2000 \nimages. By tricking a user into opening a specially crafted JPG, a \nremote attacker could cause the application using libjasper to crash, \nresulting in a denial of service.\n", "cvss3": {}, "published": "2007-08-21T00:00:00", "type": "ubuntu", "title": "jasper vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2721"], "modified": "2007-08-21T00:00:00", "id": "USN-501-1", "href": "https://ubuntu.com/security/notices/USN-501-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-04T13:34:52", "description": "USN-501-1 fixed vulnerabilities in Jasper. This update provides the \ncorresponding update for the Jasper internal to Ghostscript.\n\nOriginal advisory details:\n\nIt was discovered that Jasper did not correctly handle corrupted JPEG2000 \nimages. By tricking a user into opening a specially crafted JPG, a \nremote attacker could cause the application using libjasper to crash, \nresulting in a denial of service.\n", "cvss3": {}, "published": "2007-10-22T00:00:00", "type": "ubuntu", "title": "Ghostscript vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2721"], "modified": "2007-10-22T00:00:00", "id": "USN-501-2", "href": "https://ubuntu.com/security/notices/USN-501-2", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-04T13:28:40", "description": "It was discovered that JasPer did not correctly handle memory allocation \nwhen parsing certain malformed JPEG2000 images. If a user were tricked into \nopening a specially crafted image with an application that uses libjasper, \nan attacker could cause a denial of service and possibly execute arbitrary \ncode with the user's privileges. (CVE-2008-3520)\n\nIt was discovered that JasPer created temporary files in an insecure way. \nLocal users could exploit a race condition and cause a denial of service in \nlibjasper applications. \n(CVE-2008-3521)\n\nIt was discovered that JasPer did not correctly handle certain formatting \noperations. If a user were tricked into opening a specially crafted image \nwith an application that uses libjasper, an attacker could cause a denial \nof service and possibly execute arbitrary code with the user's privileges. \n(CVE-2008-3522)\n", "cvss3": {}, "published": "2009-03-19T00:00:00", "type": "ubuntu", "title": "JasPer vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3520", "CVE-2008-3521", "CVE-2008-3522"], "modified": "2009-03-19T00:00:00", "id": "USN-742-1", "href": "https://ubuntu.com/security/notices/USN-742-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:22", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2007:129\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : jasper\r\n Date : June 19, 2007\r\n Affected: 2007.0, 2007.1, Corporate 4.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n A function in the JasPer JPEG-2000 library before 1.900 could allow\r\n a remote user-assisted attack to cause a crash and possibly corrupt\r\n the heap via malformed image files.\r\n \r\n Updated packages have been patched to prevent this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2007.0:\r\n fc28c38bdaf30d7a0c87a4066bf8bd9f 2007.0/i586/jasper-1.701.0-5.2mdv2007.0.i586.rpm\r\n 11d3d3624a4c0ffa7b946b1b16060b0d 2007.0/i586/libjasper1.701_1-1.701.0-5.2mdv2007.0.i586.rpm\r\n d77cd77558fa6111cf55e0cafb6e11d1 2007.0/i586/libjasper1.701_1-devel-1.701.0-5.2mdv2007.0.i586.rpm\r\n 4207ac7d0628f908d3d500298949552e 2007.0/i586/libjasper1.701_1-static-devel-1.701.0-5.2mdv2007.0.i586.rpm \r\n 9403ba210044e473e3e49b73abc3b381 2007.0/SRPMS/jasper-1.701.0-5.2mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.0/X86_64:\r\n 3eba6fe2596ffee7435c45815c0575b3 2007.0/x86_64/jasper-1.701.0-5.2mdv2007.0.x86_64.rpm\r\n 536be18741b3a12b2314c95cabd9d122 2007.0/x86_64/lib64jasper1.701_1-1.701.0-5.2mdv2007.0.x86_64.rpm\r\n da5b643b80457653cd320fcc7c044366 2007.0/x86_64/lib64jasper1.701_1-devel-1.701.0-5.2mdv2007.0.x86_64.rpm\r\n 6968049da9a8bce28b725f259078e29e 2007.0/x86_64/lib64jasper1.701_1-static-devel-1.701.0-5.2mdv2007.0.x86_64.rpm \r\n 9403ba210044e473e3e49b73abc3b381 2007.0/SRPMS/jasper-1.701.0-5.2mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.1:\r\n 757db1c621e9a62b0c6ddc09939f9b50 2007.1/i586/jasper-1.701.0-6.2mdv2007.1.i586.rpm\r\n 33534112f73f9a1c3223cac0ad70dcd0 2007.1/i586/libjasper1.701_1-1.701.0-6.2mdv2007.1.i586.rpm\r\n 9cb7006b790bf88bb947409a196d320f 2007.1/i586/libjasper1.701_1-devel-1.701.0-6.2mdv2007.1.i586.rpm\r\n 37e418b847f994c430b4e2d015cde7cf 2007.1/i586/libjasper1.701_1-static-devel-1.701.0-6.2mdv2007.1.i586.rpm \r\n 5dce393b97e5e51dd2ab73a6e1bfc30a 2007.1/SRPMS/jasper-1.701.0-6.2mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n 24e01092b065fa180cd0020c1560c481 2007.1/x86_64/jasper-1.701.0-6.2mdv2007.1.x86_64.rpm\r\n 4d7e7a3479782ab99da344e958b06c97 2007.1/x86_64/lib64jasper1.701_1-1.701.0-6.2mdv2007.1.x86_64.rpm\r\n c05f8a80a9e0be928a148c48ac864299 2007.1/x86_64/lib64jasper1.701_1-devel-1.701.0-6.2mdv2007.1.x86_64.rpm\r\n 7c30e7642ec228a728b4477ed2c3af02 2007.1/x86_64/lib64jasper1.701_1-static-devel-1.701.0-6.2mdv2007.1.x86_64.rpm \r\n 5dce393b97e5e51dd2ab73a6e1bfc30a 2007.1/SRPMS/jasper-1.701.0-6.2mdv2007.1.src.rpm\r\n\r\n Corporate 4.0:\r\n b7cfcd228def50fdedcb0cd891d0d1ef corporate/4.0/i586/jasper-1.701.0-3.2.20060mlcs4.i586.rpm\r\n 613e148bd80a649a94847afaebe5f73f corporate/4.0/i586/libjasper1.701_1-1.701.0-3.2.20060mlcs4.i586.rpm\r\n d87ce97a019a778648214f629ce25979 corporate/4.0/i586/libjasper1.701_1-devel-1.701.0-3.2.20060mlcs4.i586.rpm\r\n ba3d7127d42fb47f05956f754b167cb6 corporate/4.0/i586/libjasper1.701_1-static-devel-1.701.0-3.2.20060mlcs4.i586.rpm \r\n 83f959601bbf25c3cdce83f07009f6a7 corporate/4.0/SRPMS/jasper-1.701.0-3.2.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 263b276f283c81693140adcde9be3ea2 corporate/4.0/x86_64/jasper-1.701.0-3.2.20060mlcs4.x86_64.rpm\r\n 7fbac34d3f7631ab7b3b244d49530986 corporate/4.0/x86_64/lib64jasper1.701_1-1.701.0-3.2.20060mlcs4.x86_64.rpm\r\n ec28b58eb02493bf2d69fbd55fc5b2c2 corporate/4.0/x86_64/lib64jasper1.701_1-devel-1.701.0-3.2.20060mlcs4.x86_64.rpm\r\n f8007f65086e970b1dd6f1011bb2c508 corporate/4.0/x86_64/lib64jasper1.701_1-static-devel-1.701.0-3.2.20060mlcs4.x86_64.rpm \r\n 83f959601bbf25c3cdce83f07009f6a7 corporate/4.0/SRPMS/jasper-1.701.0-3.2.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFGeFs3mqjQ0CJFipgRAhe0AKCNKWS3g/iCsSZef2v2Tm5mNyTkKACgtVOK\r\nIDJ/wsvILZSfZm3p49vUyBg=\r\n=trW3\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2007-06-20T00:00:00", "title": "[ MDKSA-2007:129 ] - Updated jasper packages fix vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2007-06-20T00:00:00", "id": "SECURITYVULNS:DOC:17303", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17303", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:26", "description": "Heap buffer overflow on JPEG-2000 images parsing.", "edition": 1, "cvss3": {}, "published": "2007-06-20T00:00:00", "title": "jasper library buffer overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-2721"], "modified": "2007-06-20T00:00:00", "id": "SECURITYVULNS:VULN:7830", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7830", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:29", "description": "===========================================================\r\nUbuntu Security Notice USN-742-1 March 19, 2009\r\njasper vulnerabilities\r\nCVE-2008-3520, CVE-2008-3521, CVE-2008-3522\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 7.10\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libjasper-1.701-1 1.701.0-2ubuntu0.6.06.1\r\n\r\nUbuntu 7.10:\r\n libjasper1 1.900.1-3ubuntu0.7.10.1\r\n\r\nUbuntu 8.04 LTS:\r\n libjasper1 1.900.1-3ubuntu0.8.04.1\r\n\r\nUbuntu 8.10:\r\n libjasper1 1.900.1-5ubuntu0.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that JasPer did not correctly handle memory allocation\r\nwhen parsing certain malformed JPEG2000 images. If a user were tricked into\r\nopening a specially crafted image with an application that uses libjasper,\r\nan attacker could cause a denial of service and possibly execute arbitrary\r\ncode with the user&#39;s privileges. &#40;CVE-2008-3520&#41;\r\n\r\nIt was discovered that JasPer created temporary files in an insecure way.\r\nLocal users could exploit a race condition and cause a denial of service in\r\nlibjasper applications.\r\n&#40;CVE-2008-3521&#41;\r\n\r\nIt was discovered that JasPer did not correctly handle certain formatting\r\noperations. If a user were tricked into opening a specially crafted image\r\nwith an application that uses libjasper, an attacker could cause a denial\r\nof service and possibly execute arbitrary code with the user&#39;s privileges.\r\n&#40;CVE-2008-3522&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.701.0-2ubuntu0.6.06.1.diff.gz\r\n Size/MD5: 34544 cce3c647820e55fae518eb081a77545a\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.701.0-2ubuntu0.6.06.1.dsc\r\n Size/MD5: 715 3f7c5d2155ab4f259aab9bcc8aa64c0a\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.701.0.orig.tar.gz\r\n Size/MD5: 1084413 ceed8e5e4fc58ac8faca0bd4be8a7b7d\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-1.701-1_1.701.0-2ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 146814 020471e3651a9c2fafd6eefedadb3f75\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-1.701-dev_1.701.0-2ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 636044 a614b7cd20832821f75ae66bcf639675\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.701.0-2ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 24296 a799121b0c020afa47dda1454c777aa8\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-1.701-1_1.701.0-2ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 133552 7b3aebd21e1506b8cde1d0ab2602b685\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-1.701-dev_1.701.0-2ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 619430 c5739e01e9d69506da8e6d956d05af96\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.701.0-2ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 21890 6f01dc80f5a3dbd14325935e755301ee\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-1.701-1_1.701.0-2ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 142700 e1253e0a77c84326db1dac4317ca196d\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-1.701-dev_1.701.0-2ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 624160 fec9bc6cacf18fb5fbe42183e9dbdf08\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.701.0-2ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 27932 31413f853f0a0ce38ed6355200f377f5\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-1.701-1_1.701.0-2ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 133302 a9f4ba112f2bf58554120454072b57a8\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-1.701-dev_1.701.0-2ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 623384 a5863b651eaedfdff5c9deaacb26dbb9\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.701.0-2ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 22492 f711a38841e73fd99ef8146d8aca8eae\r\n\r\nUpdated packages for Ubuntu 7.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1-3ubuntu0.7.10.1.diff.gz\r\n Size/MD5: 49782 f6b41bf096b45f95964bde8822419e22\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1-3ubuntu0.7.10.1.dsc\r\n Size/MD5: 787 84f1be39211afbf546f4865aa2c93b93\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1.orig.tar.gz\r\n Size/MD5: 1143400 4ae3dd938fd15f22f30577db5c9f27e9\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.7.10.1_amd64.deb\r\n Size/MD5: 560066 121337bb5de35638aee77f2e6f5b4175\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.7.10.1_amd64.deb\r\n Size/MD5: 151764 304a3001b55dda77b03b87b58dcce17e\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.7.10.1_amd64.deb\r\n Size/MD5: 25552 6cf1e402a960a58ee076513f7224bd93\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.7.10.1_i386.deb\r\n Size/MD5: 548268 51fd5964f1593d5c5652d82f94be2f65\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.7.10.1_i386.deb\r\n Size/MD5: 144134 4051b7784cf9167f394bc0543758aadc\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.7.10.1_i386.deb\r\n Size/MD5: 23126 f1c103e3b437b004c62044e77a6fd789\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.7.10.1_lpia.deb\r\n Size/MD5: 548046 03c662544f78e41aa52b4eb0cef88f5e\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.7.10.1_lpia.deb\r\n Size/MD5: 145604 f163501caa0ec88be92150e27177be07\r\n http://ports.ubuntu.com/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.7.10.1_lpia.deb\r\n Size/MD5: 23288 b231d9da0cd70d816dc8aa0324d02f81\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.7.10.1_powerpc.deb\r\n Size/MD5: 554840 6ed5498df3429753a6b8149ff35d9713\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.7.10.1_powerpc.deb\r\n Size/MD5: 156696 6d6301d54dcfcb54351c8b7a29cd0e98\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.7.10.1_powerpc.deb\r\n Size/MD5: 31970 64002762586577cd40494a75daf072c6\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.7.10.1_sparc.deb\r\n Size/MD5: 546862 bad1d4f79ac9a0abfe4b722ca94299a9\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.7.10.1_sparc.deb\r\n Size/MD5: 138864 059db193b061fe0152be74ff6f7afe0d\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.7.10.1_sparc.deb\r\n Size/MD5: 24654 3f7c1c3623b76ef1bf87a4e269ce0959\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1-3ubuntu0.8.04.1.diff.gz\r\n Size/MD5: 49784 140289a8237818c78c094142470562be\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1-3ubuntu0.8.04.1.dsc\r\n Size/MD5: 787 d110d94a13ba861e16d5a53d2fa06a0d\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1.orig.tar.gz\r\n Size/MD5: 1143400 4ae3dd938fd15f22f30577db5c9f27e9\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 560628 5ad790436c98d5b9cf0a6d4b31676999\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 149284 3e91312e9bfec2f8f15cbb6c7137276c\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.8.04.1_amd64.deb\r\n Size/MD5: 25430 b587ab277fd41171e0f1f1576e2d9ca8\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 548014 81bfeab149dd028ab86b682910248264\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 140772 099c812e2107df16ec5f448fd4dd24ee\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.8.04.1_i386.deb\r\n Size/MD5: 23250 5c4bb207c9eab2d64e7d2012f2adebe7\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 547934 4f03a5626dde55be41d3403b07aacb27\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 142492 a07e3596c6b2d436402a1658582b3e06\r\n http://ports.ubuntu.com/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.8.04.1_lpia.deb\r\n Size/MD5: 23258 e280973f4522be895b4e3c06fcdf7a6f\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 554736 e51d72ed422e517dd93602585732713a\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 151722 c11f4cdae73aac0cb3b265ba59fbfff0\r\n http://ports.ubuntu.com/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.8.04.1_powerpc.deb\r\n Size/MD5: 32328 d168c11f56f84810e7ed072c615497a3\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper-dev_1.900.1-3ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 545368 e32366827751c4747af02d1706f23192\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper1_1.900.1-3ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 136120 f6b6f67d4d6ce88fb1edc6f4528bb678\r\n http://ports.ubuntu.com/pool/universe/j/jasper/libjasper-runtime_1.900.1-3ubuntu0.8.04.1_sparc.deb\r\n Size/MD5: 24538 f8aba59b6f69e220cf6e68a3bfb71d37\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1-5ubuntu0.1.diff.gz\r\n Size/MD5: 52688 1b4d2d4ee9a459a451913b675b263d62\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1-5ubuntu0.1.dsc\r\n Size/MD5: 1187 fb314df8a6f5247edb747987f8d76f02\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/jasper_1.900.1.orig.tar.gz\r\n Size/MD5: 1143400 4ae3dd938fd15f22f30577db5c9f27e9\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-dev_1.900.1-5ubuntu0.1_amd64.deb\r\n Size/MD5: 562142 c2f25e04c912a1b64c4dfce1eb7dd3d5\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper1_1.900.1-5ubuntu0.1_amd64.deb\r\n Size/MD5: 151868 6e8b66b557cc7a794c6c14fb6d588d81\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.900.1-5ubuntu0.1_amd64.deb\r\n Size/MD5: 25758 ca74bf783944c89242555b641b2e5f90\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper-dev_1.900.1-5ubuntu0.1_i386.deb\r\n Size/MD5: 550168 812497f62590b915fd0329e810295675\r\n http://security.ubuntu.com/ubuntu/pool/main/j/jasper/libjasper1_1.900.1-5ubuntu0.1_i386.deb\r\n Size/MD5: 143290 d9c1b2e6abca55d5fc8bd2a0408887d9\r\n http://security.ubuntu.com/ubuntu/pool/universe/j/jasper/libjasper-runtime_1.900.1-5ubuntu0.1_i386.deb\r\n Size/MD5: 23616 af8d3d8dcdf8ec7e92b470bd3e0edfc5\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper-dev_1.900.1-5ubuntu0.1_lpia.deb\r\n Size/MD5: 549832 8be0a5f2995b25b20cdb0bd8608a9b2d\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper1_1.900.1-5ubuntu0.1_lpia.deb\r\n Size/MD5: 144942 6655936af1cd1a43455b25b5fca92c7e\r\n http://ports.ubuntu.com/pool/universe/j/jasper/libjasper-runtime_1.900.1-5ubuntu0.1_lpia.deb\r\n Size/MD5: 23516 dc7791cea2c443a07c9eba67944873b8\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper-dev_1.900.1-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 557240 da2293d915a7fe54cb28af6d1c492dda\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper1_1.900.1-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 154072 885f88a8d11e3b2375fd7633b0d18f60\r\n http://ports.ubuntu.com/pool/universe/j/jasper/libjasper-runtime_1.900.1-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 31458 f17ad2b7f030b844ef1bc01db1b07cd5\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper-dev_1.900.1-5ubuntu0.1_sparc.deb\r\n Size/MD5: 545474 cb6fdbec36215740768dde9466434151\r\n http://ports.ubuntu.com/pool/main/j/jasper/libjasper1_1.900.1-5ubuntu0.1_sparc.deb\r\n Size/MD5: 136986 1940aab6c284ec22bd70b4a5ee6b432a\r\n http://ports.ubuntu.com/pool/universe/j/jasper/libjasper-runtime_1.900.1-5ubuntu0.1_sparc.deb\r\n Size/MD5: 24666 2716a795c39dea1835cd9f69f9e061c3\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2009-03-20T00:00:00", "title": "[USN-742-1] JasPer vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2009-03-20T00:00:00", "id": "SECURITYVULNS:DOC:21504", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21504", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:00:46", "description": "Integer overflow on JPEG2000 processing, format string vulnerability, symbolic links problem.", "edition": 2, "cvss3": {}, "published": "2009-03-20T00:00:00", "title": "Jasper library multiplesecurity vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-3522", "CVE-2008-3520", "CVE-2008-3521"], "modified": "2009-03-20T00:00:00", "id": "SECURITYVULNS:VULN:9759", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9759", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T12:19:09", "description": "The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.", "cvss3": {}, "published": "2007-05-16T20:30:00", "type": "cve", "title": "CVE-2007-2721", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2721"], "modified": "2017-10-11T01:32:00", "cpe": ["cpe:/a:jasper_jpeg-2000:jasper_jpeg-2000:1.701.1"], "id": "CVE-2007-2721", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2721", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:jasper_jpeg-2000:jasper_jpeg-2000:1.701.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:34:39", "description": "Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.", "cvss3": {}, "published": "2008-10-02T18:18:00", "type": "cve", "title": "CVE-2008-3521", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3521"], "modified": "2017-08-08T01:31:00", "cpe": ["cpe:/a:jasper_project:jasper:1.900.1"], "id": "CVE-2008-3521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3521", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "description": "This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats. ", "cvss3": {}, "published": "2007-05-31T18:07:53", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: jasper-1.900.1-2.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2721"], "modified": "2007-05-31T18:07:53", "id": "FEDORA:L4VI8AKY003146", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TTCG2WKBJRXBDDDYCBNXXM732UVHA46Q/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-04-23T03:32:19", "description": "The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.", "cvss3": {}, "published": "2007-05-16T20:30:00", "type": "debiancve", "title": "CVE-2007-2721", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2721"], "modified": "2007-05-16T20:30:00", "id": "DEBIANCVE:CVE-2007-2721", "href": "https://security-tracker.debian.org/tracker/CVE-2007-2721", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2022-02-27T12:03:08", "description": "**CentOS Errata and Security Advisory** CESA-2009:0012\n\n\nThe netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm (portable\nbitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable\npixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in\nthe JasPer library providing support for JPEG-2000 image format and used in\nthe jpeg2ktopam and pamtojpeg2k converters. An attacker could create a\ncarefully-crafted JPEG file which could cause jpeg2ktopam to crash or,\npossibly, execute arbitrary code as the user running jpeg2ktopam.\n(CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain\nbackported patches which resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-February/052550.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-February/052551.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-February/052556.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-February/052558.html\n\n**Affected packages:**\nnetpbm\nnetpbm-devel\nnetpbm-progs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:0012", "cvss3": {}, "published": "2009-02-11T19:31:04", "type": "centos", "title": "netpbm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2009-02-12T17:53:57", "id": "CESA-2009:0012", "href": "https://lists.centos.org/pipermail/centos-announce/2009-February/052550.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:46:16", "description": "The netpbm package contains a library of functions for editing and\nconverting between various graphics file formats, including .pbm (portable\nbitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable\npixmaps), and others.\n\nAn input validation flaw and multiple integer overflows were discovered in\nthe JasPer library providing support for JPEG-2000 image format and used in\nthe jpeg2ktopam and pamtojpeg2k converters. An attacker could create a\ncarefully-crafted JPEG file which could cause jpeg2ktopam to crash or,\npossibly, execute arbitrary code as the user running jpeg2ktopam.\n(CVE-2007-2721, CVE-2008-3520)\n\nAll users are advised to upgrade to these updated packages which contain\nbackported patches which resolve these issues.", "cvss3": {}, "published": "2009-02-11T00:00:00", "type": "redhat", "title": "(RHSA-2009:0012) Moderate: netpbm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2017-09-08T07:49:57", "id": "RHSA-2009:0012", "href": "https://access.redhat.com/errata/RHSA-2009:0012", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:46", "description": "[10.35-6.1.el5_3.1]\n- fix NVR to be greater than previous release in the main branch\nRelated: #472947\n[10.35-6.el5_3.1]\n- fix CVE-2007-2721 and CVE-2008-3520 libjasper issues (#472947)\nResolves: #472947", "cvss3": {}, "published": "2009-02-11T00:00:00", "type": "oraclelinux", "title": "netpbm security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-2721", "CVE-2008-3520"], "modified": "2009-02-11T00:00:00", "id": "ELSA-2009-0012", "href": "http://linux.oracle.com/errata/ELSA-2009-0012.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}