DATABASE RESOURCES PRICING ABOUT US

{"id": "FEDORA_2016-58A8F32C86.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 24 : openjpeg2 (2016-58a8f32c86)", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-10-06T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/93880", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7445", "https://bodhi.fedoraproject.org/updates/FEDORA-2016-58a8f32c86", "https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md"], "cvelist": ["CVE-2016-7445"], "immutableFields": [], "lastseen": "2021-08-19T12:39:51", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-7445"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-7445"]}, {"type": "fedora", "idList": ["FEDORA:0E2196058513", "FEDORA:1FC5760879A1", "FEDORA:4EF9D604C914", "FEDORA:A5CD160600CD", "FEDORA:DC070605E1F6", "FEDORA:E22266087495"]}, {"type": "gentoo", "idList": ["GLSA-201612-26"]}, {"type": "mageia", "idList": ["MGASA-2016-0353", "MGASA-2016-0362"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-2110.NASL", "EULEROS_SA-2019-2111.NASL", "EULEROS_SA-2019-2177.NASL", "EULEROS_SA-2019-2503.NASL", "EULEROS_SA-2019-2639.NASL", "EULEROS_SA-2020-1049.NASL", "FEDORA_2016-0BF602E920.NASL", "FEDORA_2016-AD1871CF02.NASL", "FEDORA_2016-C23A8CE9E5.NASL", "FEDORA_2016-F8235D2EF9.NASL", "FEDORA_2016-FE55F449E0.NASL", "GENTOO_GLSA-201612-26.NASL", "OPENSUSE-2016-1139.NASL", "OPENSUSE-2017-101.NASL", "OPENSUSE-2017-108.NASL", "OPENSUSE-2017-120.NASL", "SUSE_SU-2016-3270-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809902", "OPENVAS:1361412562310809907", "OPENVAS:1361412562310809938", "OPENVAS:1361412562310809972", "OPENVAS:1361412562310851478", "OPENVAS:1361412562310851480", "OPENVAS:1361412562310851510", "OPENVAS:1361412562310871948", "OPENVAS:1361412562310872083", "OPENVAS:1361412562311220192110", "OPENVAS:1361412562311220192111", "OPENVAS:1361412562311220192177", "OPENVAS:1361412562311220192503", "OPENVAS:1361412562311220192639", "OPENVAS:1361412562311220201049"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0155-1", "OPENSUSE-SU-2017:0185-1", "OPENSUSE-SU-2017:0207-1", "OPENSUSE-SU-2017:2567-1", "SUSE-SU-2016:3270-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-7445"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2016-7445"]}, {"type": "gentoo", "idList": ["GLSA-201612-26"]}, {"type": "nessus", "idList": ["FEDORA_2016-AD1871CF02.NASL", "FEDORA_2016-C23A8CE9E5.NASL", "FEDORA_2016-FE55F449E0.NASL", "OPENSUSE-2016-1139.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809972"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0155-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-7445"]}]}, "exploitation": null, "vulnersScore": 0.0}, "pluginID": "93880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-58a8f32c86.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93880);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-58a8f32c86\");\n\n script_name(english:\"Fedora 24 : openjpeg2 (2016-58a8f32c86)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-58a8f32c86\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"openjpeg2-2.1.2-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:24"], "solution": "Update the affected openjpeg2 package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2016-09-30T00:00:00", "vulnerabilityPublicationDate": "2016-10-03T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1659975045, "score": 1659975605}, "_internal": {"score_hash": "2ba8cb5bae8c75c28eaf5b649dd726b0"}}

{"cve": [{"lastseen": "2022-03-23T15:17:38", "description": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-03T16:09:00", "type": "cve", "title": "CVE-2016-7445", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.1", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-7445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T14:08:37", "description": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a\ndenial of service (NULL pointer dereference and application crash) via\nvectors involving the variable s.\n\n#### Bugs\n\n * <https://github.com/uclouvain/openjpeg/issues/843>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-03T00:00:00", "type": "ubuntucve", "title": "CVE-2016-7445", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-03T00:00:00", "id": "UB:CVE-2016-7445", "href": "https://ubuntu.com/security/CVE-2016-7445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:20", "description": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-03T16:09:00", "type": "debiancve", "title": "CVE-2016-7445", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-03T16:09:00", "id": "DEBIANCVE:CVE-2016-7445", "href": "https://security-tracker.debian.org/tracker/CVE-2016-7445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-01T00:53:41", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: openjpeg2-2.1.2-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-01T00:53:41", "id": "FEDORA:A5CD160600CD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GHS6XBX3YP6VZUVHISLWHGLKVVNNHCL4/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T03:17:16", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mingw-openjpeg2-2.1.2-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T03:17:16", "id": "FEDORA:4EF9D604C914", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D6DF5TYBCH2W2BMJZJWWR35PU4CYYRJQ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T03:17:23", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T03:17:23", "id": "FEDORA:1FC5760879A1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BN54IKECYKPJVM7SESFLDNL64OZZNW2Z/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T06:26:29", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-openjpeg2-2.1.2-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T06:26:29", "id": "FEDORA:0E2196058513", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YAJXXJ2V5VUKBDHAQ2DNC4WQ2WO7SGJW/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T09:26:01", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mingw-openjpeg2-2.1.2-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T09:26:01", "id": "FEDORA:DC070605E1F6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MMW3UQHCKGDYD5XPHCM42TOFJ3D6TLSM/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T09:26:07", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openjpeg2-2.1.2-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T09:26:07", "id": "FEDORA:E22266087495", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ENSR5M4KSDDNGFAUAPCEOW7SUW5AFLGA/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The openjpeg library was vulnerable to a crash when converting images due to a NULL pointer dereference in read_pnm_header() (CVE-2016-7445). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-23T08:49:50", "type": "mageia", "title": "Updated openjpeg packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-20T22:35:16", "id": "MGASA-2016-0353", "href": "https://advisories.mageia.org/MGASA-2016-0353.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in opj_tcd_free_tile() (CVE-2016-3181). A specially crafted JPEG2000 image file can force Heap Corruption in opj_free() (CVE-2016-3182). A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in sycc422_to_rgb() (CVE-2016-3183). OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb() in color.c (CVE-2016-4796). OpenJPEG division-by-zero in function opj_tcd_init_tile() in tcd.c (CVE-2016-4797). Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data (CVE-2016-5157). Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write (CVE-2016-7163). convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s (CVE-2016-7445). A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution (CVE-2016-8332). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-11-03T09:02:50", "type": "mageia", "title": "Updated openjpeg2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3181", "CVE-2016-3182", "CVE-2016-3183", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5157", "CVE-2016-7163", "CVE-2016-7445", "CVE-2016-8332"], "modified": "2016-11-03T09:02:50", "id": "MGASA-2016-0362", "href": "https://advisories.mageia.org/MGASA-2016-0362.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809972", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809972\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:02 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c23a8ce9e5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAJXXJ2V5VUKBDHAQ2DNC4WQ2WO7SGJW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809907\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:31 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-58a8f32c86\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHS6XBX3YP6VZUVHISLWHGLKVVNNHCL4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809902", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809902", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809902\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 18:00:05 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ad1871cf02\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENSR5M4KSDDNGFAUAPCEOW7SUW5AFLGA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809938", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809938\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:45 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-fe55f449e0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMW3UQHCKGDYD5XPHCM42TOFJ3D6TLSM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872083\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:27:05 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f8235d2ef9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6DF5TYBCH2W2BMJZJWWR35PU4CYYRJQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-0bf602e920", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871948", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-0bf602e920\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871948\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:21:35 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-0bf602e920\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-0bf602e920\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN54IKECYKPJVM7SESFLDNL64OZZNW2Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2013-6887"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192503", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2503\");\n script_version(\"2020-01-23T13:01:53+0000\");\n script_cve_id(\"CVE-2013-6887\", \"CVE-2016-10505\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:01:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:01:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2503)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2503\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2503\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2503 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nOpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\n\nconvert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-27T18:37:33", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2020-1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2018-14423"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201049", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1049\");\n script_version(\"2020-01-23T13:18:11+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-7445\", \"CVE-2018-14423\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:18:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:18:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2020-1049)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1049\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1049\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg2' package(s) announced via the EulerOS-SA-2020-1049 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nconvert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nDivision-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).(CVE-2018-14423)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg2' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.3.0~9.h4.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:42", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192177", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2177\");\n script_version(\"2020-01-23T12:37:34+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:37:34 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:37:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2177)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2177\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2177\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2177 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~17.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192110", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2110\");\n script_version(\"2020-01-23T12:34:51+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:34:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2110)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2110\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2110\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2110 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~22.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2019-2111)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192111", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2111\");\n script_version(\"2020-01-23T12:34:54+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:34:54 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:54 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2019-2111)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2111\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2111\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg2' package(s) announced via the EulerOS-SA-2019-2111 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg2' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.3.0~9.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:57", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2639)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2017-14040", "CVE-2016-7445", "CVE-2013-1447", "CVE-2013-6887", "CVE-2014-0158", "CVE-2017-14041", "CVE-2017-17479", "CVE-2013-6045"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192639", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2639\");\n script_version(\"2020-01-23T13:52:22+0000\");\n script_cve_id(\"CVE-2013-6887\", \"CVE-2014-0158\", \"CVE-2016-10505\", \"CVE-2016-7445\", \"CVE-2017-14040\", \"CVE-2017-14041\", \"CVE-2017-17479\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:52:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:10:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2639)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2639\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2639\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2013/12/04/6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2639 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-14041)\n\nAn invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.(CVE-2017-14040)\n\nconvert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nHeap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in the linked references as only 'null pointer dereferences, division by zero, and anything that would just fit as DoS.'(CVE-2014-0158)\n\nIn OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-17479)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nOpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-20T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0207-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851480", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851480\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-20 05:40:23 +0100 (Fri, 20 Jan 2017)\");\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\",\n \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\",\n \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\",\n \"CVE-2016-9581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0207-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\");\n\n script_tag(name:\"affected\", value:\"openjpeg2 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0207-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7\", rpm:\"libopenjp2-7~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo\", rpm:\"libopenjp2-7-debuginfo~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debuginfo\", rpm:\"openjpeg2-debuginfo~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debugsource\", rpm:\"openjpeg2-debugsource~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-devel\", rpm:\"openjpeg2-devel~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-32bit\", rpm:\"libopenjp2-7-32bit~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo-32bit\", rpm:\"libopenjp2-7-debuginfo-32bit~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:26:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0185-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851478", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851478\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-18 05:46:30 +0100 (Wed, 18 Jan 2017)\");\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\",\n \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\",\n \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\",\n \"CVE-2016-9581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0185-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\");\n\n script_tag(name:\"affected\", value:\"openjpeg2 on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0185-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7\", rpm:\"libopenjp2-7~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo\", rpm:\"libopenjp2-7-debuginfo~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debuginfo\", rpm:\"openjpeg2-debuginfo~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debugsource\", rpm:\"openjpeg2-debugsource~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-devel\", rpm:\"openjpeg2-devel~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0155-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851510", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851510\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:17:36 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0155-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"openjpeg2 on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0155-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7\", rpm:\"libopenjp2-7~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo\", rpm:\"libopenjp2-7-debuginfo~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debuginfo\", rpm:\"openjpeg2-debuginfo~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debugsource\", rpm:\"openjpeg2-debugsource~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-devel\", rpm:\"openjpeg2-devel~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-32bit\", rpm:\"libopenjp2-7-32bit~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo-32bit\", rpm:\"libopenjp2-7-debuginfo-32bit~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:39:34", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : openjpeg2 (2016-0bf602e920)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-0BF602E920.NASL", "href": "https://www.tenable.com/plugins/nessus/94772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-0bf602e920.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94772);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-0bf602e920\");\n\n script_name(english:\"Fedora 25 : openjpeg2 (2016-0bf602e920)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-0bf602e920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"openjpeg2-2.1.2-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:40", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : mingw-openjpeg2 (2016-f8235d2ef9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-F8235D2EF9.NASL", "href": "https://www.tenable.com/plugins/nessus/94887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f8235d2ef9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94887);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-f8235d2ef9\");\n\n script_name(english:\"Fedora 25 : mingw-openjpeg2 (2016-f8235d2ef9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8235d2ef9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mingw-openjpeg2-2.1.2-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T13:49:47", "description": "This update for openjpeg fixes the following issues :\n\n - CVE-2016-7445: Avoid a crash (NULL pointer dereference) when convertng images. (boo#999817, CVE-2016-7445).", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openjpeg (openSUSE-2016-1139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenjpeg1", "p-cpe:/a:novell:opensuse:libopenjpeg1-32bit", "p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo", "p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openjpeg", "p-cpe:/a:novell:opensuse:openjpeg-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg-debugsource", "p-cpe:/a:novell:opensuse:openjpeg-devel", "p-cpe:/a:novell:opensuse:openjpeg-devel-32bit", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1139.NASL", "href": "https://www.tenable.com/plugins/nessus/93824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1139.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93824);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\");\n\n script_name(english:\"openSUSE Security Update : openjpeg (openSUSE-2016-1139)\");\n script_summary(english:\"Check for the openSUSE-2016-1139 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg fixes the following issues :\n\n - CVE-2016-7445: Avoid a crash (NULL pointer dereference)\n when convertng images. (boo#999817, CVE-2016-7445).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjpeg1-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjpeg1-debuginfo-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-debuginfo-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-debugsource-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-devel-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjpeg1-32bit-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjpeg1-debuginfo-32bit-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"openjpeg-devel-32bit-1.5.2-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjpeg1 / libopenjpeg1-32bit / libopenjpeg1-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:40:02", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "type": "nessus", "title": "Fedora 24 : mingw-openjpeg2 (2016-c23a8ce9e5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-C23A8CE9E5.NASL", "href": "https://www.tenable.com/plugins/nessus/93929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c23a8ce9e5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93929);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-c23a8ce9e5\");\n\n script_name(english:\"Fedora 24 : mingw-openjpeg2 (2016-c23a8ce9e5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c23a8ce9e5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"mingw-openjpeg2-2.1.2-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:40:02", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "type": "nessus", "title": "Fedora 23 : mingw-openjpeg2 (2016-fe55f449e0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-FE55F449E0.NASL", "href": "https://www.tenable.com/plugins/nessus/93931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-fe55f449e0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93931);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-fe55f449e0\");\n\n script_name(english:\"Fedora 23 : mingw-openjpeg2 (2016-fe55f449e0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe55f449e0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"mingw-openjpeg2-2.1.2-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:56", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "type": "nessus", "title": "Fedora 23 : openjpeg2 (2016-ad1871cf02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-AD1871CF02.NASL", "href": "https://www.tenable.com/plugins/nessus/93927", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ad1871cf02.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93927);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-ad1871cf02\");\n\n script_name(english:\"Fedora 23 : openjpeg2 (2016-ad1871cf02)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad1871cf02\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"openjpeg2-2.1.2-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:18:29", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : openjpeg (EulerOS-SA-2019-2177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-10506", "CVE-2016-7445"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2177.NASL", "href": "https://www.tenable.com/plugins/nessus/130639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130639);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-10506\",\n \"CVE-2016-7445\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : openjpeg (EulerOS-SA-2019-2177)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions\n opj_pi_next_cprl, opj_pi_next_pcrl, and\n opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow\n remote attackers to cause a denial of service\n (application crash) via crafted j2k\n files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2177\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a7d9b95\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-17.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:18:30", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2019-2503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6887", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2503.NASL", "href": "https://www.tenable.com/plugins/nessus/131656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131656);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-6887\",\n \"CVE-2016-10505\",\n \"CVE-2016-7445\"\n );\n script_bugtraq_id(\n 64140\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2019-2503)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a\n denial of service via unspecified vectors that trigger\n NULL pointer dereferences, division-by-zero, and other\n errors.(CVE-2013-6887)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2503\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf01e56f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-16.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:17:22", "description": "According to the versions of the openjpeg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).(CVE-2018-14423)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-01-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : openjpeg2 (EulerOS-SA-2020-1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2018-14423"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:uvp:3.0.5.0"], "id": "EULEROS_SA-2020-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/132803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132803);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-7445\",\n \"CVE-2018-14423\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : openjpeg2 (EulerOS-SA-2020-1049)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - Division-by-zero vulnerabilities in the functions\n pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in\n lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow\n remote attackers to cause a denial of service\n (application crash).(CVE-2018-14423)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1049\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ddae8d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.0-9.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:17:52", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : openjpeg (EulerOS-SA-2019-2110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-10506", "CVE-2016-7445"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2110.NASL", "href": "https://www.tenable.com/plugins/nessus/130819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130819);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-10506\",\n \"CVE-2016-7445\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : openjpeg (EulerOS-SA-2019-2110)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions\n opj_pi_next_cprl, opj_pi_next_pcrl, and\n opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow\n remote attackers to cause a denial of service\n (application crash) via crafted j2k\n files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2110\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d96204ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-22.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:18:07", "description": "According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2019-2111)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-10506", "CVE-2016-7445"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2111.NASL", "href": "https://www.tenable.com/plugins/nessus/130820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130820);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-10506\",\n \"CVE-2016-7445\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2019-2111)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions\n opj_pi_next_cprl, opj_pi_next_pcrl, and\n opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow\n remote attackers to cause a denial of service\n (application crash) via crafted j2k\n files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2111\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cad852b8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.0-9.h3.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:05", "description": "The remote host is affected by the vulnerability described in GLSA-201612-26 (OpenJPEG: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "GLSA-201612-26 : OpenJPEG: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8871", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-3181", "CVE-2016-3182", "CVE-2016-3183", "CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openjpeg", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201612-26.NASL", "href": "https://www.tenable.com/plugins/nessus/95642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-26.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95642);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8871\", \"CVE-2016-1923\", \"CVE-2016-1924\", \"CVE-2016-3181\", \"CVE-2016-3182\", \"CVE-2016-3183\", \"CVE-2016-7445\");\n script_xref(name:\"GLSA\", value:\"201612-26\");\n\n script_name(english:\"GLSA-201612-26 : OpenJPEG: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-26\n(OpenJPEG: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenJPEG. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted JPEG\n file, possibly resulting in execution of arbitrary code or a Denial of\n Service condition. Furthermore, a remote attacker may be able to obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenJPEG 2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-libs/openjpeg-2.1.1_p20160922:2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openjpeg\", unaffected:make_list(\"ge 2.1.1_p20160922\", \"rge 1.5.2\"), vulnerable:make_list(\"lt 2.1.1_p20160922\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenJPEG\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-24T21:38:15", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-14041)\n\n - An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.(CVE-2017-14040)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only 'null pointer dereferences, division by zero, and anything that would just fit as DoS.'(CVE-2014-0158)\n\n - In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-17479)\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : openjpeg (EulerOS-SA-2019-2639)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1447", "CVE-2013-6045", "CVE-2013-6887", "CVE-2014-0158", "CVE-2016-10505", "CVE-2016-7445", "CVE-2017-14040", "CVE-2017-14041", "CVE-2017-17479"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2639.NASL", "href": "https://www.tenable.com/plugins/nessus/132174", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132174);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-6887\",\n \"CVE-2014-0158\",\n \"CVE-2016-10505\",\n \"CVE-2016-7445\",\n \"CVE-2017-14040\",\n \"CVE-2017-14041\",\n \"CVE-2017-17479\"\n );\n script_bugtraq_id(\n 64140\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : openjpeg (EulerOS-SA-2019-2639)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A stack-based buffer overflow was discovered in the\n pgxtoimage function in bin/jp2/convert.c in OpenJPEG\n 2.2.0. The vulnerability causes an out-of-bounds write,\n which may lead to remote denial of service or possibly\n remote code execution.(CVE-2017-14041)\n\n - An invalid write access was discovered in\n bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash\n in the tgatoimage function. The vulnerability may lead\n to remote denial of service or possibly unspecified\n other impact.(CVE-2017-14040)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - Heap-based buffer overflow in the JPEG2000 image tile\n decoder in OpenJPEG before 1.5.2 allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted file because of incorrect j2k_decode,\n j2k_read_eoc, and tcd_decode_tile interaction, a\n related issue to CVE-2013-6045. NOTE: this is not a\n duplicate of CVE-2013-1447, because the scope of\n CVE-2013-1447 was specifically defined in\n http://openwall.com/lists/oss-security/2013/12/04/6 as\n only 'null pointer dereferences, division by zero, and\n anything that would just fit as DoS.'(CVE-2014-0158)\n\n - In OpenJPEG 2.3.0, a stack-based buffer overflow was\n discovered in the pgxtoimage function in\n jpwl/convert.c. The vulnerability causes an\n out-of-bounds write, which may lead to remote denial of\n service or possibly remote code\n execution.(CVE-2017-17479)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a\n denial of service via unspecified vectors that trigger\n NULL pointer dereferences, division-by-zero, and other\n errors.(CVE-2013-6887)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2639\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9efb114\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-16.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-17T14:22:55", "description": "This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n\n - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n\n - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n\n - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] \n\n - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] \n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openjpeg2 (openSUSE-2017-101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenjp2-7", "p-cpe:/a:novell:opensuse:libopenjp2-7-32bit", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openjpeg2", "p-cpe:/a:novell:opensuse:openjpeg2-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg2-debugsource", "p-cpe:/a:novell:opensuse:openjpeg2-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-101.NASL", "href": "https://www.tenable.com/plugins/nessus/96577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-101.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96577);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n\n script_name(english:\"openSUSE Security Update : openjpeg2 (openSUSE-2017-101)\");\n script_summary(english:\"Check for the openSUSE-2017-101 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9114: NULL pointer Access in function\n imagetopnm of convert.c:1943(jp2) could lead to crash\n [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function\n imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer\n overflow via integer overflow and infite loop\n [bsc#1014975]\n\n - CVE-2016-9117: NULL pointer Access in function\n imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function\n pnmtoimage of convert.c [bsc#1007744] \n\n - CVE-2016-9112: FPE(Floating Point Exception) in\n lib/openjp2/pi.c:523 [bsc#1007747] \n\n - CVE-2016-9116: NULL pointer Access in function\n imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9113: NULL point dereference in function\n imagetobmp of convertbmp.c could lead to crash\n [bsc#1007739] \n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in\n imagetopnm() could lead to heap buffer overflow\n [bsc#1014543]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000\n format could lead to code execution [bsc#1002414] \n\n - CVE-2016-7445: NULL pointer dereference in convert.c\n could lead to crash [bsc#999817] \n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenjp2-7-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenjp2-7-debuginfo-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openjpeg2-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openjpeg2-debuginfo-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openjpeg2-debugsource-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openjpeg2-devel-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenjp2-7-32bit-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenjp2-7-debuginfo-32bit-2.1.0-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjp2-7 / libopenjp2-7-32bit / libopenjp2-7-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-17T14:22:56", "description": "This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]\n\n - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openjpeg2 (openSUSE-2017-108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenjp2-7", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg2", "p-cpe:/a:novell:opensuse:openjpeg2-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg2-debugsource", "p-cpe:/a:novell:opensuse:openjpeg2-devel", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2017-108.NASL", "href": "https://www.tenable.com/plugins/nessus/96580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96580);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n\n script_name(english:\"openSUSE Security Update : openjpeg2 (openSUSE-2017-108)\");\n script_summary(english:\"Check for the openSUSE-2017-108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in\n imagetopnm() could lead to heap buffer overflow\n [bsc#1014543]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer\n overflow via integer overflow and infite loop\n [bsc#1014975]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c\n could lead to crash [bsc#999817]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000\n format could lead to code execution [bsc#1002414]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in\n lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9113: NULL point dereference in function\n imagetobmp of convertbmp.c could lead to crash\n [bsc#1007739]\n\n - CVE-2016-9114: NULL pointer Access in function\n imagetopnm of convert.c:1943(jp2) could lead to crash\n [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function\n imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9116: NULL pointer Access in function\n imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9117: NULL pointer Access in function\n imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function\n pnmtoimage of convert.c [bsc#1007744]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenjp2-7-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenjp2-7-debuginfo-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openjpeg2-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openjpeg2-debuginfo-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openjpeg2-debugsource-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openjpeg2-devel-2.1.0-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjp2-7 / libopenjp2-7-debuginfo / openjpeg2 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:11:36", "description": "This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]\n\n - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openjpeg2 (openSUSE-2017-120)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenjp2-7", "p-cpe:/a:novell:opensuse:libopenjp2-7-32bit", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openjpeg2", "p-cpe:/a:novell:opensuse:openjpeg2-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg2-debugsource", "p-cpe:/a:novell:opensuse:openjpeg2-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2017-120.NASL", "href": "https://www.tenable.com/plugins/nessus/96646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-120.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96646);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n\n script_name(english:\"openSUSE Security Update : openjpeg2 (openSUSE-2017-120)\");\n script_summary(english:\"Check for the openSUSE-2017-120 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in\n imagetopnm() could lead to heap buffer overflow\n [bsc#1014543]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer\n overflow via integer overflow and infite loop\n [bsc#1014975]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c\n could lead to crash [bsc#999817]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000\n format could lead to code execution [bsc#1002414]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in\n lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9113: NULL point dereference in function\n imagetobmp of convertbmp.c could lead to crash\n [bsc#1007739]\n\n - CVE-2016-9114: NULL pointer Access in function\n imagetopnm of convert.c:1943(jp2) could lead to crash\n [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function\n imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9116: NULL pointer Access in function\n imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9117: NULL pointer Access in function\n imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function\n pnmtoimage of convert.c [bsc#1007744]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjp2-7-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjp2-7-debuginfo-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg2-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg2-debuginfo-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg2-debugsource-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg2-devel-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjp2-7-32bit-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjp2-7-debuginfo-32bit-2.1.0-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjp2-7 / libopenjp2-7-32bit / libopenjp2-7-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:33", "description": "This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n\n - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openjpeg2 (SUSE-SU-2016:3270-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenjp2", "p-cpe:/a:novell:suse_linux:libopenjp2-7-debuginfo", "p-cpe:/a:novell:suse_linux:openjpeg2-debuginfo", "p-cpe:/a:novell:suse_linux:openjpeg2-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3270-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3270-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96147);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openjpeg2 (SUSE-SU-2016:3270-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9114: NULL pointer Access in function\n imagetopnm of convert.c:1943(jp2) could lead to crash\n [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function\n imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer\n overflow via integer overflow and infite loop\n [bsc#1014975]\n\n - CVE-2016-9117: NULL pointer Access in function\n imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function\n pnmtoimage of convert.c [bsc#1007744]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in\n lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9116: NULL pointer Access in function\n imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9113: NULL point dereference in function\n imagetobmp of convertbmp.c could lead to crash\n [bsc#1007739]\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in\n imagetopnm() could lead to heap buffer overflow\n [bsc#1014543]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000\n format could lead to code execution [bsc#1002414]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c\n could lead to crash [bsc#999817]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7445/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9573/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9581/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163270-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be37f534\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1914=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1914=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1914=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenjp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenjp2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenjp2-7-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenjp2-7-debuginfo-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openjpeg2-debuginfo-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openjpeg2-debugsource-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenjp2-7-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenjp2-7-debuginfo-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openjpeg2-debuginfo-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openjpeg2-debugsource-2.1.0-3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:06:09", "description": "### Background\n\nOpenJPEG is an open-source JPEG 2000 library.\n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenJPEG 2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-libs/openjpeg-2.1.1_p20160922:2\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-08T00:00:00", "type": "gentoo", "title": "OpenJPEG: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8871", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-3181", "CVE-2016-3182", "CVE-2016-3183", "CVE-2016-7445"], "modified": "2016-12-08T00:00:00", "id": "GLSA-201612-26", "href": "https://security.gentoo.org/glsa/201612-26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-12-27T18:05:30", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n", "cvss3": {}, "published": "2016-12-27T15:07:08", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2016-12-27T15:07:08", "id": "SUSE-SU-2016:3270-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00095.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-16T19:01:21", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2017-01-16T19:20:39", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2017-01-16T19:20:39", "id": "OPENSUSE-SU-2017:0155-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00021.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-17T18:59:44", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n\n", "cvss3": {}, "published": "2017-01-17T19:47:35", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2017-01-17T19:47:35", "id": "OPENSUSE-SU-2017:0185-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00030.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-19T14:59:37", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n\n", "cvss3": {}, "published": "2017-01-19T15:08:59", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2017-01-19T15:08:59", "id": "OPENSUSE-SU-2017:0207-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-26T05:37:45", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE 2016-7163: Integer Overflow could lead to remote code execution\n [bsc#997857]\n * CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead\n to denial of service [bsc#979907]\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2017-09-26T03:07:23", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-7163", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2015-8871", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2017-09-26T03:07:23", "id": "OPENSUSE-SU-2017:2567-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00082.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}