Updated abcm2ps packages fix security vulnerability

2022-03-24T09:03:10

Description

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. (CVE-2021-32434) Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435) An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)

Affected Package

OS	OS Version	Package Name	Package Version
Mageia	8	abcm2ps	8.14.13-1

{"id": "MGASA-2022-0116", "vendorId": null, "type": "mageia", "bulletinFamily": "unix", "title": "Updated abcm2ps packages fix security vulnerability\n", "description": "abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. (CVE-2021-32434) Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435) An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436) \n", "published": "2022-03-24T09:03:10", "modified": "2022-03-24T09:03:10", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://advisories.mageia.org/MGASA-2022-0116.html", "reporter": "Gentoo Foundation", "references": ["https://bugs.mageia.org/show_bug.cgi?id=30195", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6333SXWMES3K22DBAOAW34G6EU6WIJEY/"], "cvelist": ["CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "immutableFields": [], "lastseen": "2022-04-18T11:19:35", "viewCount": 3, "enchantments": {"score": {"value": 6.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2983-1:D6823"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-32434", "DEBIANCVE:CVE-2021-32435", "DEBIANCVE:CVE-2021-32436"]}, {"type": "fedora", "idList": ["FEDORA:5213830B14CC", "FEDORA:819D8309ACDA", "FEDORA:8F54C30B0FED"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2983.NASL", "OPENSUSE-2022-0100-1.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-2983-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0100-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-32434", "UB:CVE-2021-32435", "UB:CVE-2021-32436"]}, {"type": "veracode", "idList": ["VERACODE:34645", "VERACODE:34646", "VERACODE:34647"]}]}, "vulnersScore": 6.0}, "_state": {"score": 1660007483, "dependencies": 1660004461}, "_internal": {"score_hash": "9f9a7d9745931a5fed48cdf544896667"}, "affectedPackage": [{"OS": "Mageia", "OSVersion": "8", "arch": "noarch", "packageVersion": "8.14.13-1", "operator": "lt", "packageFilename": "abcm2ps-8.14.13-1.mga8", "packageName": "abcm2ps"}]}

{"suse": [{"lastseen": "2022-04-18T12:39:43", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for abcm2ps fixes the following issues:\n\n Update to 8.14.13:\n\n * fix: don't start/stop slurs above/below decorations\n * fix: crash when too many notes in a grace note sequence (#102)\n * fix: crash when too big value in M: (#103)\n * fix: loop or crash when too big width of y (space) (#104)\n * fix: bad font definition with SVG output when spaces in font name\n * fix: bad check of note length again (#106)\n * fix: handle %%staffscale at the global level (#108)\n * fix: bad vertical offset of lyrics when mysic line starts with empty\n staves\n\n Update to 8.14.12:\n\n Fixes:\n\n * crash when \"%%break 1\" and no measure bar in the tune\n * crash when duplicated voice ending on %%staves with repeat variant\n * crash when voice duplication with symbols without width\n * crash or bad output when null value in %%scale\n * problem when only bars in 2 voices followed %%staves of the second voice\n only\n * crash when tuplet error in grace note sequence\n * crash when grace note with empty tuplet\n * crash when many broken rhythms after a single grace note\n * access outside the deco array when error in U:\n * crash when !xstem! with no note in the previous voice\n * crash on tuplet without any note/rest\n * crash when grace notes at end of line and voice overlay\n * crash when !trem2! at start of a grace note sequence\n * crash when wrong duration in 2 voice overlays and bad ties\n * crash when accidental without a note at start of line after K:\n (CVE-2021-32435)\n * array overflow when wrong duration in voice overlay (CVE-2021-32434,\n CVE-2021-32436)\n * loss of left margin after first page since previous commit\n * no respect of %%leftmargin with -E or -g\n * bad placement of chord symbols when in a music line with only invisible\n rests\n\n Syntax:\n\n * Accept and remove one or two '%'s at start of all %%beginxxx lines\n\n Generation:\n\n * Move the CSS from XHTML to SVG\n\n Update to 8.14.11:\n\n * fix: error \"'staffwidth' too small\" when generating sample3.abc\n\n Update to 8.14.10:\n\n * fix: bad glyph when defined by SVG containing 'v' in\n * fix: bad check of note length since commit 191fa55\n * fix: memory corruption when error in %%staves/%%score\n * fix: crash when too big note duration\n * fix: crash when staff width too small\n\n Update to 8.14.9:\n\n * fix: bad natural accidental when %%MIDI temperamentequal\n\n Update to 8.14.8:\n\n * fix: no respect the width in %%staffbreak\n * fix: don't draw a staff when only %%staffbreak inside\n * fix: bad repeat bracket when continued on next line, line starting by a\n bar\n * fix: bad tuplet bracket again when at end of a voice overlay sequence\n * fix: bad tuplet bracket when at end of a voice overlay sequence\n * handle '%%MIDI temperamentequal '\n * accept '^1' and '_1' as microtone accidentals\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-100=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-31T00:00:00", "type": "suse", "title": "Security update for abcm2ps (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-03-31T00:00:00", "id": "OPENSUSE-SU-2022:0100-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ECLDK4M5WWVFFEXTUWXNEHKC3U2NNPCQ/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2022-03-23T01:36:55", "description": "Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-22T03:19:22", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: abcm2ps-8.14.13-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-03-22T03:19:22", "id": "FEDORA:5213830B14CC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YTF4FXCW22FFB5HNQO3GK3F4FFBLTZKE/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T02:19:21", "description": "Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-26T15:49:17", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: abcm2ps-8.14.13-1.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-03-26T15:49:17", "id": "FEDORA:819D8309ACDA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EVGJH4HMXI3TWMHQJQCG3M7KSXJWJM7R/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-23T01:36:55", "description": "Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-22T03:43:51", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: abcm2ps-8.14.13-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-03-22T03:43:51", "id": "FEDORA:8F54C30B0FED", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6333SXWMES3K22DBAOAW34G6EU6WIJEY/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-01-10T19:18:15", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0100-1 advisory.\n\n - abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.\n (CVE-2021-32434)\n\n - Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435)\n\n - An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : abcm2ps (openSUSE-SU-2022:0100-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-04-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:abcm2ps", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0100-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159393", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0100-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159393);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/01\");\n\n script_cve_id(\"CVE-2021-32434\", \"CVE-2021-32435\", \"CVE-2021-32436\");\n\n script_name(english:\"openSUSE 15 Security Update : abcm2ps (openSUSE-SU-2022:0100-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0100-1 advisory.\n\n - abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.\n (CVE-2021-32434)\n\n - Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers\n to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435)\n\n - An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers\n to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197355\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ECLDK4M5WWVFFEXTUWXNEHKC3U2NNPCQ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cad257c4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32436\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected abcm2ps package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32436\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:abcm2ps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'abcm2ps-8.14.13-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'abcm2ps');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-17T15:37:06", "description": "The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2983 advisory.\n\n - Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-10753)\n\n - Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-10771)\n\n - moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. (CVE-2019-1010069)\n\n - abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.\n (CVE-2021-32434)\n\n - Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435)\n\n - An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-17T00:00:00", "type": "nessus", "title": "Debian DLA-2983-1 : abcm2ps - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771", "CVE-2019-1010069", "CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-04-17T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:abcm2ps", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2983.NASL", "href": "https://www.tenable.com/plugins/nessus/159770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2983. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159770);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/17\");\n\n script_cve_id(\n \"CVE-2018-10753\",\n \"CVE-2018-10771\",\n \"CVE-2019-1010069\",\n \"CVE-2021-32434\",\n \"CVE-2021-32435\",\n \"CVE-2021-32436\"\n );\n\n script_name(english:\"Debian DLA-2983-1 : abcm2ps - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the\ndla-2983 advisory.\n\n - Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows\n remote attackers to cause a denial of service (application crash) or possibly have unspecified other\n impact. (CVE-2018-10753)\n\n - Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote\n attackers to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-10771)\n\n - moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause\n a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed\n version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. (CVE-2019-1010069)\n\n - abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.\n (CVE-2021-32434)\n\n - Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers\n to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435)\n\n - An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers\n to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/abcm2ps\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-10753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-10771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-1010069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/abcm2ps\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the abcm2ps packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 7.8.9-1+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10771\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:abcm2ps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'abcm2ps', 'reference': '7.8.9-1+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'abcm2ps');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:14:21", "description": "\nMultiple vulnerabilities have been discovered in abcm2ps: program which\ntranslates ABC music description files to PostScript.\n\n\n* [CVE-2018-10753](https://security-tracker.debian.org/tracker/CVE-2018-10753)\nStack-based buffer overflow in the delayed\\_output function in music.c\n allows remote attackers to cause a denial of service (application crash) or\n possibly have unspecified other impact.\n* [CVE-2018-10771](https://security-tracker.debian.org/tracker/CVE-2018-10771)\nStack-based buffer overflow in the get\\_key function in parse.c allows remote\n attackers to cause a denial of service (application crash) or possibly have\n unspecified other impact.\n* [CVE-2019-1010069](https://security-tracker.debian.org/tracker/CVE-2019-1010069)\nIncorrect access control allows attackers to cause a denial of service via a\n crafted file.\n* [CVE-2021-32434](https://security-tracker.debian.org/tracker/CVE-2021-32434)\nArray overflow when wrong duration in voice overlay.\n* [CVE-2021-32435](https://security-tracker.debian.org/tracker/CVE-2021-32435)\nStack-based buffer overflow in the function get\\_key in parse.c allows remote\n attackers to cause a senial of service (DoS) via unspecified vectors.\n* [CVE-2021-32436](https://security-tracker.debian.org/tracker/CVE-2021-32436)\nOut-of-bounds read in the function write\\_title() in subs.c allows remote\n attackers to cause a denial of service via unspecified vectors.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n7.8.9-1+deb9u1.\n\n\nWe recommend that you upgrade your abcm2ps packages.\n\n\nFor the detailed security status of abcm2ps please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/abcm2ps>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-17T00:00:00", "type": "osv", "title": "abcm2ps - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753", "CVE-2021-32434", "CVE-2021-32435", "CVE-2018-10771", "CVE-2021-32436", "CVE-2019-1010069"], "modified": "2022-07-21T05:54:08", "id": "OSV:DLA-2983-1", "href": "https://osv.dev/vulnerability/DLA-2983-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-11-29T20:25:54", "description": "From: Anton Gladky <gladk@debian.org>\nTo: debian-lts-announce@lists.debian.org\nSubject: [SECURITY] [DLA 2983-1] abcm2ps security update\n\n- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2983-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Anton Gladky\nApril 16, 2022 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : abcm2ps\nVersion : 7.8.9-1+deb9u1\nCVE ID : CVE-2018-10753 CVE-2018-10771 CVE-2019-1010069 CVE-2021-32434\n CVE-2021-32435 CVE-2021-32436:\n\nMultiple vulnerabilities have been discovered in abcm2ps: program which\ntranslates ABC music description files to PostScript.\n\nCVE-2018-10753\n\n Stack-based buffer overflow in the delayed_output function in music.c\n allows remote attackers to cause a denial of service (application crash) or\n possibly have unspecified other impact.\n\nCVE-2018-10771\n\n Stack-based buffer overflow in the get_key function in parse.c allows remote\n attackers to cause a denial of service (application crash) or possibly have\n unspecified other impact.\n\nCVE-2019-1010069\n\n Incorrect access control allows attackers to cause a denial of service via a\n crafted file.\n\nCVE-2021-32434\n\n Array overflow when wrong duration in voice overlay.\n\nCVE-2021-32435\n\n Stack-based buffer overflow in the function get_key in parse.c allows remote\n attackers to cause a senial of service (DoS) via unspecified vectors.\n\nCVE-2021-32436\n\n Out-of-bounds read in the function write_title() in subs.c allows remote\n attackers to cause a denial of service via unspecified vectors.\n\nFor Debian 9 stretch, these problems have been fixed in version\n7.8.9-1+deb9u1.\n\nWe recommend that you upgrade your abcm2ps packages.\n\nFor the detailed security status of abcm2ps please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/abcm2ps\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-17T05:35:57", "type": "debian", "title": "[SECURITY] [DLA 2983-1] abcm2ps security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771", "CVE-2019-1010069", "CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-04-17T05:35:57", "id": "DEBIAN:DLA-2983-1:D6823", "href": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-17T12:53:11", "description": "abcm2ps is vulnerable to denial of service. The vulnerability exists due to a stack-based buffer overflow in the function get_key in parse.c.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-13T16:40:58", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32435"], "modified": "2022-04-18T05:15:28", "id": "VERACODE:34645", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34645/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-17T12:53:59", "description": "abcm2ps is vulnerable to out of bounds read. The vulnerability exists due to a lack of sanitization in the function `calculate_beam` at draw.c.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-13T16:40:59", "type": "veracode", "title": "Out-of-Bounds Read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434"], "modified": "2022-04-18T05:15:28", "id": "VERACODE:34647", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34647/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-17T12:53:19", "description": "abcm2ps is vulnerable to denial of service. The vulnerability exists due to an out-of-bounds read in the function write_title() in subs.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-13T16:40:58", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32436"], "modified": "2022-04-18T05:15:27", "id": "VERACODE:34646", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34646/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-12-24T06:06:33", "description": "Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T17:42:00", "type": "debiancve", "title": "CVE-2021-32435", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32435"], "modified": "2022-03-10T17:42:00", "id": "DEBIANCVE:CVE-2021-32435", "href": "https://security-tracker.debian.org/tracker/CVE-2021-32435", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-24T06:06:33", "description": "abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T17:42:00", "type": "debiancve", "title": "CVE-2021-32434", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434"], "modified": "2022-03-10T17:42:00", "id": "DEBIANCVE:CVE-2021-32434", "href": "https://security-tracker.debian.org/tracker/CVE-2021-32434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-24T06:06:33", "description": "An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T17:42:00", "type": "debiancve", "title": "CVE-2021-32436", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32436"], "modified": "2022-03-10T17:42:00", "id": "DEBIANCVE:CVE-2021-32436", "href": "https://security-tracker.debian.org/tracker/CVE-2021-32436", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-04-26T00:21:17", "description": "Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T17:42:00", "type": "cve", "title": "CVE-2021-32435", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32435"], "modified": "2022-04-25T20:39:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:abcm2ps_project:abcm2ps:8.14.11", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-32435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32435", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:a:abcm2ps_project:abcm2ps:8.14.11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-26T00:21:19", "description": "abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T17:42:00", "type": "cve", "title": "CVE-2021-32434", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434"], "modified": "2022-04-25T20:48:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:abcm2ps_project:abcm2ps:8.14.11", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-32434", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:a:abcm2ps_project:abcm2ps:8.14.11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-26T00:21:17", "description": "An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T17:42:00", "type": "cve", "title": "CVE-2021-32436", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32436"], "modified": "2022-04-25T20:41:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:abcm2ps_project:abcm2ps:8.14.11", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-32436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32436", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:a:abcm2ps_project:abcm2ps:8.14.11:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-01-27T13:22:53", "description": "Stack-based buffer overflow in the function get_key in parse.c of abcm2ps\nv8.14.11 allows remote attackers to cause a Denial of Service (DoS) via\nunspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-32435", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32435"], "modified": "2022-03-10T00:00:00", "id": "UB:CVE-2021-32435", "href": "https://ubuntu.com/security/CVE-2021-32435", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T13:22:52", "description": "abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the\nfunction calculate_beam at draw.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-32434", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32434"], "modified": "2022-03-10T00:00:00", "id": "UB:CVE-2021-32434", "href": "https://ubuntu.com/security/CVE-2021-32434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T13:22:51", "description": "An out-of-bounds read in the function write_title() in subs.c of abcm2ps\nv8.14.11 allows remote attackers to cause a Denial of Service (DoS) via\nunspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-32436", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32436"], "modified": "2022-03-10T00:00:00", "id": "UB:CVE-2021-32436", "href": "https://ubuntu.com/security/CVE-2021-32436", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cnvd": [{"lastseen": "2022-10-08T06:16:58", "description": "abcm2ps is a command-line program that converts music tunes from ABC music notation to PostScript or SVG. It can convert music tunes from ABC music notation to PostScript or SVG. abcm2ps v8.14.11 contains a security vulnerability that can be exploited by remote attackers to cause a denial of service (DoS) via unspecified vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-14T00:00:00", "type": "cnvd", "title": "Unspecified vulnerability exists in abcm2ps (CNVD-2022-22268)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32436"], "modified": "2022-03-24T00:00:00", "id": "CNVD-2022-22268", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-22268", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}

Updated abcm2ps packages fix security vulnerability

Description

Affected Package

Related