{"id": "FEDORA:E22266087495", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 23 Update: openjpeg2-2.1.2-1.fc23", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "published": "2016-10-09T09:26:07", "modified": "2016-10-09T09:26:07", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2016-7445"], "lastseen": "2020-12-21T08:17:53", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-7445"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809972", "OPENVAS:1361412562310809902", "OPENVAS:1361412562311220192177", "OPENVAS:1361412562310809907", "OPENVAS:1361412562310871948", "OPENVAS:1361412562311220192110", "OPENVAS:1361412562311220192111", "OPENVAS:1361412562310872083", "OPENVAS:1361412562310809938", "OPENVAS:1361412562311220192503"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1049.NASL", "FEDORA_2016-F8235D2EF9.NASL", "EULEROS_SA-2019-2110.NASL", "FEDORA_2016-0BF602E920.NASL", "FEDORA_2016-C23A8CE9E5.NASL", "FEDORA_2016-AD1871CF02.NASL", "FEDORA_2016-58A8F32C86.NASL", "OPENSUSE-2016-1139.NASL", "EULEROS_SA-2019-2111.NASL", "FEDORA_2016-FE55F449E0.NASL"]}, {"type": "fedora", "idList": ["FEDORA:1FC5760879A1", "FEDORA:DC070605E1F6", "FEDORA:A5CD160600CD", "FEDORA:0E2196058513", "FEDORA:4EF9D604C914"]}, {"type": "gentoo", "idList": ["GLSA-201612-26"]}, {"type": "suse", "idList": ["SUSE-SU-2016:3270-1", "OPENSUSE-SU-2017:2567-1", "OPENSUSE-SU-2017:0185-1", "OPENSUSE-SU-2017:0207-1", "OPENSUSE-SU-2017:0155-1"]}], "modified": "2020-12-21T08:17:53", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2020-12-21T08:17:53", "rev": 2}, "vulnersScore": 6.6}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "23", "arch": "any", "packageName": "openjpeg2", "packageVersion": "2.1.2", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T06:28:11", "description": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-03T16:09:00", "title": "CVE-2016-7445", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.1", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-7445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872083", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872083\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:27:05 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f8235d2ef9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6DF5TYBCH2W2BMJZJWWR35PU4CYYRJQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809907", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809907\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:31 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-58a8f32c86\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHS6XBX3YP6VZUVHISLWHGLKVVNNHCL4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809938", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809938\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:45 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-fe55f449e0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMW3UQHCKGDYD5XPHCM42TOFJ3D6TLSM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809902", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809902", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809902\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 18:00:05 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ad1871cf02\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENSR5M4KSDDNGFAUAPCEOW7SUW5AFLGA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809972", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809972\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:02 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c23a8ce9e5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAJXXJ2V5VUKBDHAQ2DNC4WQ2WO7SGJW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871948", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-0bf602e920", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-0bf602e920\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871948\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:21:35 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-0bf602e920\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-0bf602e920\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN54IKECYKPJVM7SESFLDNL64OZZNW2Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192110", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2110)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2110\");\n script_version(\"2020-01-23T12:34:51+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:34:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2110)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2110\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2110\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2110 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~22.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192177", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2177)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2177\");\n script_version(\"2020-01-23T12:37:34+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:37:34 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:37:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2177)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2177\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2177\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2177 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~17.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192111", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2019-2111)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2111\");\n script_version(\"2020-01-23T12:34:54+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:34:54 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:54 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2019-2111)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2111\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2111\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg2' package(s) announced via the EulerOS-SA-2019-2111 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg2' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.3.0~9.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2013-6887"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192503", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2503)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2503\");\n script_version(\"2020-01-23T13:01:53+0000\");\n script_cve_id(\"CVE-2013-6887\", \"CVE-2016-10505\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:01:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:01:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2503)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2503\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2503\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2503 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nOpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\n\nconvert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7445"], "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "modified": "2016-10-01T00:53:41", "published": "2016-10-01T00:53:41", "id": "FEDORA:A5CD160600CD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: openjpeg2-2.1.2-1.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7445"], "description": "MinGW Windows openjpeg2 library. ", "modified": "2016-10-09T03:17:16", "published": "2016-10-09T03:17:16", "id": "FEDORA:4EF9D604C914", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mingw-openjpeg2-2.1.2-1.fc25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7445"], "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "modified": "2016-10-09T03:17:23", "published": "2016-10-09T03:17:23", "id": "FEDORA:1FC5760879A1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-1.fc25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7445"], "description": "MinGW Windows openjpeg2 library. ", "modified": "2016-10-09T06:26:29", "published": "2016-10-09T06:26:29", "id": "FEDORA:0E2196058513", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-openjpeg2-2.1.2-1.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7445"], "description": "MinGW Windows openjpeg2 library. ", "modified": "2016-10-09T09:26:01", "published": "2016-10-09T09:26:01", "id": "FEDORA:DC070605E1F6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mingw-openjpeg2-2.1.2-1.fc23", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:14:15", "description": "Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-06T00:00:00", "title": "Fedora 24 : openjpeg2 (2016-58a8f32c86)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "modified": "2016-10-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:openjpeg2"], "id": "FEDORA_2016-58A8F32C86.NASL", "href": "https://www.tenable.com/plugins/nessus/93880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-58a8f32c86.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93880);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-58a8f32c86\");\n\n script_name(english:\"Fedora 24 : openjpeg2 (2016-58a8f32c86)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-58a8f32c86\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"openjpeg2-2.1.2-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:46", "description": "Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "title": "Fedora 24 : mingw-openjpeg2 (2016-c23a8ce9e5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "modified": "2016-10-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-C23A8CE9E5.NASL", "href": "https://www.tenable.com/plugins/nessus/93929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c23a8ce9e5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93929);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-c23a8ce9e5\");\n\n script_name(english:\"Fedora 24 : mingw-openjpeg2 (2016-c23a8ce9e5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c23a8ce9e5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"mingw-openjpeg2-2.1.2-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:15:05", "description": "Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "title": "Fedora 23 : mingw-openjpeg2 (2016-fe55f449e0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "modified": "2016-10-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-FE55F449E0.NASL", "href": "https://www.tenable.com/plugins/nessus/93931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-fe55f449e0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93931);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-fe55f449e0\");\n\n script_name(english:\"Fedora 23 : mingw-openjpeg2 (2016-fe55f449e0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe55f449e0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"mingw-openjpeg2-2.1.2-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:40", "description": "Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "title": "Fedora 23 : openjpeg2 (2016-ad1871cf02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "modified": "2016-10-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-AD1871CF02.NASL", "href": "https://www.tenable.com/plugins/nessus/93927", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ad1871cf02.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93927);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-ad1871cf02\");\n\n script_name(english:\"Fedora 23 : openjpeg2 (2016-ad1871cf02)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad1871cf02\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"openjpeg2-2.1.2-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:29:16", "description": "This update for openjpeg fixes the following issues :\n\n - CVE-2016-7445: Avoid a crash (NULL pointer dereference)\n when convertng images. (boo#999817, CVE-2016-7445).", "edition": 20, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-03T00:00:00", "title": "openSUSE Security Update : openjpeg (openSUSE-2016-1139)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "modified": "2016-10-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenjpeg1-32bit", "p-cpe:/a:novell:opensuse:libopenjpeg1", "p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:openjpeg-debugsource", "p-cpe:/a:novell:opensuse:openjpeg-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg", "p-cpe:/a:novell:opensuse:openjpeg-devel", "p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openjpeg-devel-32bit"], "id": "OPENSUSE-2016-1139.NASL", "href": "https://www.tenable.com/plugins/nessus/93824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1139.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93824);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\");\n\n script_name(english:\"openSUSE Security Update : openjpeg (openSUSE-2016-1139)\");\n script_summary(english:\"Check for the openSUSE-2016-1139 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg fixes the following issues :\n\n - CVE-2016-7445: Avoid a crash (NULL pointer dereference)\n when convertng images. (boo#999817, CVE-2016-7445).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjpeg1-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjpeg1-debuginfo-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-debuginfo-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-debugsource-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-devel-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjpeg1-32bit-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjpeg1-debuginfo-32bit-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"openjpeg-devel-32bit-1.5.2-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjpeg1 / libopenjpeg1-32bit / libopenjpeg1-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:13:59", "description": "Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-15T00:00:00", "title": "Fedora 25 : openjpeg2 (2016-0bf602e920)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "modified": "2016-11-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:openjpeg2"], "id": "FEDORA_2016-0BF602E920.NASL", "href": "https://www.tenable.com/plugins/nessus/94772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-0bf602e920.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94772);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-0bf602e920\");\n\n script_name(english:\"Fedora 25 : openjpeg2 (2016-0bf602e920)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-0bf602e920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"openjpeg2-2.1.2-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:15:04", "description": "Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-15T00:00:00", "title": "Fedora 25 : mingw-openjpeg2 (2016-f8235d2ef9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7445"], "modified": "2016-11-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2"], "id": "FEDORA_2016-F8235D2EF9.NASL", "href": "https://www.tenable.com/plugins/nessus/94887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f8235d2ef9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94887);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-f8235d2ef9\");\n\n script_name(english:\"Fedora 25 : mingw-openjpeg2 (2016-f8235d2ef9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8235d2ef9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mingw-openjpeg2-2.1.2-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:01:15", "description": "According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a\n denial of service via unspecified vectors that trigger\n NULL pointer dereferences, division-by-zero, and other\n errors.(CVE-2013-6887)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-12-04T00:00:00", "title": "EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2019-2503)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2013-6887"], "modified": "2019-12-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2503.NASL", "href": "https://www.tenable.com/plugins/nessus/131656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131656);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-6887\",\n \"CVE-2016-10505\",\n \"CVE-2016-7445\"\n );\n script_bugtraq_id(\n 64140\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2019-2503)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a\n denial of service via unspecified vectors that trigger\n NULL pointer dereferences, division-by-zero, and other\n errors.(CVE-2013-6887)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2503\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf01e56f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-16.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T08:59:54", "description": "According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions\n opj_pi_next_cprl, opj_pi_next_pcrl, and\n opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow\n remote attackers to cause a denial of service\n (application crash) via crafted j2k\n files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-08T00:00:00", "title": "EulerOS 2.0 SP5 : openjpeg (EulerOS-SA-2019-2177)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2019-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2177.NASL", "href": "https://www.tenable.com/plugins/nessus/130639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130639);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-10506\",\n \"CVE-2016-7445\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : openjpeg (EulerOS-SA-2019-2177)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions\n opj_pi_next_cprl, opj_pi_next_pcrl, and\n opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow\n remote attackers to cause a denial of service\n (application crash) via crafted j2k\n files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2177\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a7d9b95\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-17.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:01:55", "description": "According to the versions of the openjpeg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - Division-by-zero vulnerabilities in the functions\n pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in\n lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow\n remote attackers to cause a denial of service\n (application crash).(CVE-2018-14423)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-01-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : openjpeg2 (EulerOS-SA-2020-1049)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2018-14423"], "modified": "2020-01-13T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.5.0", "p-cpe:/a:huawei:euleros:openjpeg2"], "id": "EULEROS_SA-2020-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/132803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132803);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-7445\",\n \"CVE-2018-14423\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : openjpeg2 (EulerOS-SA-2020-1049)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - Division-by-zero vulnerabilities in the functions\n pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in\n lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow\n remote attackers to cause a denial of service\n (application crash).(CVE-2018-14423)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1049\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ddae8d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.0-9.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-12-08T16:57:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3183", "CVE-2016-1923", "CVE-2016-7445", "CVE-2015-8871", "CVE-2016-3181", "CVE-2016-1924", "CVE-2016-3182"], "edition": 1, "description": "### Background\n\nOpenJPEG is an open-source JPEG 2000 library.\n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenJPEG 2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-libs/openjpeg-2.1.1_p20160922:2\"", "modified": "2016-12-08T00:00:00", "published": "2016-12-08T00:00:00", "id": "GLSA-201612-26", "href": "https://security.gentoo.org/glsa/201612-26", "title": "OpenJPEG: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2017-01-17T18:59:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "edition": 1, "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n\n", "modified": "2017-01-17T19:47:35", "published": "2017-01-17T19:47:35", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00030.html", "id": "OPENSUSE-SU-2017:0185-1", "title": "Security update for openjpeg2 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-16T19:01:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "edition": 1, "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "modified": "2017-01-16T19:20:39", "published": "2017-01-16T19:20:39", "id": "OPENSUSE-SU-2017:0155-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00021.html", "title": "Security update for openjpeg2 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-12-27T18:05:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "edition": 1, "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n", "modified": "2016-12-27T15:07:08", "published": "2016-12-27T15:07:08", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00095.html", "id": "SUSE-SU-2016:3270-1", "title": "Security update for openjpeg2 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-19T14:59:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "edition": 1, "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n\n", "modified": "2017-01-19T15:08:59", "published": "2017-01-19T15:08:59", "id": "OPENSUSE-SU-2017:0207-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html", "title": "Security update for openjpeg2 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-26T05:37:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-7163", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2015-8871", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE 2016-7163: Integer Overflow could lead to remote code execution\n [bsc#997857]\n * CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead\n to denial of service [bsc#979907]\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2017-09-26T03:07:23", "published": "2017-09-26T03:07:23", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00082.html", "id": "OPENSUSE-SU-2017:2567-1", "title": "Security update for openjpeg2 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}