Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2018-1046.NASL
HistoryFeb 13, 2018 - 12:00 a.m.

EulerOS 2.0 SP2 : gdk-pixbuf2 (EulerOS-SA-2018-1046)

2018-02-1300:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.i1/4^CVE-2017-2862i1/4%0

  • An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.i1/4^CVE-2017-2870i1/4%0

  • Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code executioni1/4^CVE-2017-1000422i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(106774);
  script_version("3.75");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2017-1000422",
    "CVE-2017-2862",
    "CVE-2017-2870"
  );

  script_name(english:"EulerOS 2.0 SP2 : gdk-pixbuf2 (EulerOS-SA-2018-1046)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the gdk-pixbuf2 packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - An exploitable heap overflow vulnerability exists in
    the gdk_pixbuf__jpeg_image_load_increment functionality
    of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can
    cause a heap overflow resulting in remote code
    execution. An attacker can send a file or url to
    trigger this vulnerability.i1/4^CVE-2017-2862i1/4%0

  - An exploitable integer overflow vulnerability exists in
    the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6
    when compiled with Clang. A specially crafted tiff file
    can cause a heap-overflow resulting in remote code
    execution. An attacker can send a file or a URL to
    trigger this vulnerability.i1/4^CVE-2017-2870i1/4%0

  - Gnome gdk-pixbuf 2.36.8 and older is vulnerable to
    several integer overflow in the gif_get_lzw function
    resulting in memory corruption and potential code
    executioni1/4^CVE-2017-1000422i1/4%0

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1046
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa10870f");
  script_set_attribute(attribute:"solution", value:
"Update the affected gdk-pixbuf2 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gdk-pixbuf2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gdk-pixbuf2-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["gdk-pixbuf2-2.31.6-3.h3",
        "gdk-pixbuf2-devel-2.31.6-3.h3"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdk-pixbuf2");
}
VendorProductVersionCPE
huaweieulerosgdk-pixbuf2p-cpe:/a:huawei:euleros:gdk-pixbuf2
huaweieulerosgdk-pixbuf2-develp-cpe:/a:huawei:euleros:gdk-pixbuf2-devel
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

nessus 16
openvas 19
talosblog 1
freebsd 1
ubuntu 2
cloudfoundry 2
osv 8
ubuntucve 3
cve 3
prion 3
veracode 2
redhatcve 3
gentoo 1
suse 3
mageia 3
debian 5
debiancve 3
f5 1
seebug 2
alpinelinux 1
talos 2
redhat 1
centos 1
nessus
nessus
EulerOS 2.0 SP1 : gdk-pixbuf2 (EulerOS-SA-2018-1045)
2018-02-13 00:00:00
FreeBSD : gdk-pixbuf -- multiple vulnerabilities (5a1f1a86-8f4c-11e7-b5af-a4badb2f4699)
2017-09-05 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : GDK-PixBuf vulnerabilities (USN-3418-1)
2017-09-19 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2018-1046)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2018-1045)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-3418-1)
2018-10-26 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities
2017-08-30 12:06:00
freebsd
freebsd
gdk-pixbuf -- multiple vulnerabilities
2017-08-30 00:00:00
ubuntu
ubuntu
GDK-PixBuf vulnerabilities
2017-09-18 00:00:00
GDK-PixBuf vulnerabilities
2018-01-15 00:00:00
cloudfoundry
cloudfoundry
USN-3418-1: GDK-PixBuf vulnerabilities | Cloud Foundry
2017-09-21 00:00:00
USN-3532-1: GDK-PixBuf vulnerabilities | Cloud Foundry
2018-01-24 00:00:00
osv
osv
gdk-pixbuf - security update
2018-01-15 00:00:00
gdk-pixbuf - security update
2018-01-08 00:00:00
CVE-2017-1000422
2018-01-02 20:29:00
ubuntucve
ubuntucve
CVE-2017-1000422
2018-01-02 00:00:00
CVE-2017-2862
2017-09-05 00:00:00
CVE-2017-2870
2017-09-05 00:00:00
cve
cve
CVE-2017-1000422
2018-01-02 20:29:00
CVE-2017-2862
2017-09-05 18:29:00
CVE-2017-2870
2017-09-05 18:29:00
prion
prion
Integer overflow
2018-01-02 20:29:00
Heap overflow
2017-09-05 18:29:00
Integer overflow
2017-09-05 18:29:00
veracode
veracode
Integer Overflow
2018-05-24 06:28:11
Heap Overflow
2018-07-26 09:50:41
redhatcve
redhatcve
CVE-2017-1000422
2018-01-05 05:49:40
CVE-2017-2862
2017-09-06 09:48:54
CVE-2017-2870
2017-08-30 12:48:36
gentoo
gentoo
GDK-PixBuf: Remote code execution
2018-04-17 00:00:00
suse
suse
Security update for gdk-pixbuf (moderate)
2018-07-20 03:09:26
Security update for gdk-pixbuf (important)
2017-09-06 21:07:30
Security update for gdk-pixbuf (important)
2017-09-08 21:07:16
mageia
mageia
Updated gdk-pixbuf2.0 packages fix security vulnerability
2018-01-20 02:12:00
Updated gdk-pixbuf2.0 packages fix security vulnerability
2018-01-22 00:31:56
Updated gdk-pixbuf2.0 packages fix security vulnerability
2018-01-01 18:50:28
debian
debian
[SECURITY] [DLA 1234-1] gdk-pixbuf security update
2018-01-08 14:56:00
[SECURITY] [DSA 3978-1] gdk-pixbuf security update
2017-09-18 20:41:56
[SECURITY] [DLA 1100-1] gdk-pixbuf security update
2017-09-19 23:10:18
debiancve
debiancve
CVE-2017-1000422
2018-01-02 20:29:00
CVE-2017-2862
2017-09-05 18:29:00
CVE-2017-2870
2017-09-05 18:29:00
f5
f5
K36984830 : Gdk-pixbuf vulnerability CVE-2017-2862
2021-05-18 00:00:00
seebug
seebug
Gdk-Pixbuf JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability(CVE-2017-2862)
2017-09-12 00:00:00
Gdk-Pixbuf TIFF tiff_image_parse Code Execution Vulnerability(CVE-2017-2870)
2017-09-12 00:00:00
alpinelinux
alpinelinux
CVE-2017-2862
2017-09-05 18:29:00
talos
talos
Gdk-Pixbuf JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability
2017-08-30 00:00:00
Gdk-Pixbuf TIFF tiff_image_parse Code Execution Vulnerability
2017-08-30 00:00:00
redhat
redhat
(RHSA-2018:3140) Moderate: GNOME security, bug fix, and enhancement update
2018-10-30 04:22:45
centos
centos
PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update
2018-11-15 18:43:07
JSON
Related for EULEROS_SA-2018-1046.NASL
nessus16openvas19talosblog1freebsd1ubuntu2cloudfoundry2osv8ubuntucve3cve3prion3veracode2redhatcve3gentoo1suse3mageia3debian5debiancve3f51seebug2alpinelinux1talos2redhat1centos1