openSUSE Security Update : openjpeg2 (openSUSE-2017-120)

2017-01-20T00:00:00

Description

This update for openjpeg2 fixes the following issues : - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]

{"id": "OPENSUSE-2017-120.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : openjpeg2 (openSUSE-2017-120)", "description": "This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]\n\n - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]", "published": "2017-01-20T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/96646", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9115", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9112", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7445", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573", "https://bugzilla.opensuse.org/show_bug.cgi?id=1014543", "https://bugzilla.opensuse.org/show_bug.cgi?id=1007742", "https://bugzilla.opensuse.org/show_bug.cgi?id=1007739", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8332", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9116", "https://bugzilla.opensuse.org/show_bug.cgi?id=999817", "https://bugzilla.opensuse.org/show_bug.cgi?id=1007744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9114", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581", "https://bugzilla.opensuse.org/show_bug.cgi?id=1007741", "https://bugzilla.opensuse.org/show_bug.cgi?id=1007743", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9118", "https://bugzilla.opensuse.org/show_bug.cgi?id=1002414", "https://bugzilla.opensuse.org/show_bug.cgi?id=1014975", "https://bugzilla.opensuse.org/show_bug.cgi?id=1007747", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9113", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9117", "https://bugzilla.opensuse.org/show_bug.cgi?id=1007740", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580"], "cvelist": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "immutableFields": [], "lastseen": "2022-06-16T16:11:36", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "androidsecurity", "idList": ["ANDROID:2017-06-01"]}, {"type": "centos", "idList": ["CESA-2017:0838"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0993"]}, {"type": "cve", "idList": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1851-1:4EDE1", "DEBIAN:DLA-1851-1:F8F52", "DEBIAN:DSA-3678-1:F57E2", "DEBIAN:DSA-4013-1:DCD18"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-7445", "DEBIANCVE:CVE-2016-8332", "DEBIANCVE:CVE-2016-9112", "DEBIANCVE:CVE-2016-9113", "DEBIANCVE:CVE-2016-9114", "DEBIANCVE:CVE-2016-9115", "DEBIANCVE:CVE-2016-9116", "DEBIANCVE:CVE-2016-9117", "DEBIANCVE:CVE-2016-9118", "DEBIANCVE:CVE-2016-9572", "DEBIANCVE:CVE-2016-9573", "DEBIANCVE:CVE-2016-9580", "DEBIANCVE:CVE-2016-9581"]}, {"type": "fedora", "idList": ["FEDORA:049F860C2514", "FEDORA:07C30602F04F", "FEDORA:0CB3260608E3", "FEDORA:0E2196058513", "FEDORA:1A14B602F582", "FEDORA:1F3D1602E7E1", "FEDORA:1FC5760879A1", "FEDORA:4EF9D604C914", "FEDORA:6DF8E601FBFA", "FEDORA:A5CD160600CD", "FEDORA:D52A760608E3", "FEDORA:DC070605E1F6", "FEDORA:E22266087495", "FEDORA:F1D5660875BD"]}, {"type": "gentoo", "idList": ["GLSA-201612-26", "GLSA-201710-26"]}, {"type": "ibm", "idList": ["F4E642BAABA6CD9F15F012564A0B353D03E4443EDA7683A452A665DEEF4E45A3"]}, {"type": "mageia", "idList": ["MGASA-2016-0353", "MGASA-2016-0362", "MGASA-2016-0426", "MGASA-2017-0051", "MGASA-2017-0122"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2017-0838.NASL", "DEBIAN_DLA-1851.NASL", "DEBIAN_DSA-3768.NASL", "DEBIAN_DSA-4013.NASL", "EULEROS_SA-2017-1060.NASL", "EULEROS_SA-2017-1088.NASL", "EULEROS_SA-2019-2110.NASL", "EULEROS_SA-2019-2111.NASL", "EULEROS_SA-2019-2177.NASL", "EULEROS_SA-2019-2503.NASL", "EULEROS_SA-2019-2639.NASL", "EULEROS_SA-2020-1049.NASL", "FEDORA_2016-0B80DCFE5A.NASL", "FEDORA_2016-0BF602E920.NASL", "FEDORA_2016-3B7F39A8C1.NASL", "FEDORA_2016-52A1B18397.NASL", "FEDORA_2016-58A8F32C86.NASL", "FEDORA_2016-89EE54C661.NASL", "FEDORA_2016-AD1871CF02.NASL", "FEDORA_2016-C23A8CE9E5.NASL", "FEDORA_2016-C404A59411.NASL", "FEDORA_2016-F8235D2EF9.NASL", "FEDORA_2016-FC8577BF00.NASL", "FEDORA_2016-FE55F449E0.NASL", "FEDORA_2017-920B27E8F4.NASL", "FEDORA_2017-F6E3215F2B.NASL", "GENTOO_GLSA-201612-26.NASL", "GENTOO_GLSA-201710-26.NASL", "OPENSUSE-2016-1139.NASL", "OPENSUSE-2017-101.NASL", "OPENSUSE-2017-108.NASL", "ORACLELINUX_ELSA-2017-0838.NASL", "ORACLE_RDBMS_CPU_JUL_2019.NASL", "REDHAT-RHSA-2017-0838.NASL", "SLACKWARE_SSA_2017-279-02.NASL", "SL_20170322_OPENJPEG_ON_SL7_X.NASL", "SUSE_SU-2016-3270-1.NASL", "UBUNTU_USN-4497-1.NASL", "VIRTUOZZO_VZLSA-2017-0838.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703768", "OPENVAS:1361412562310704013", "OPENVAS:1361412562310809902", "OPENVAS:1361412562310809907", "OPENVAS:1361412562310809938", "OPENVAS:1361412562310809972", "OPENVAS:1361412562310851478", "OPENVAS:1361412562310851480", "OPENVAS:1361412562310851510", "OPENVAS:1361412562310871791", "OPENVAS:1361412562310871948", "OPENVAS:1361412562310872083", "OPENVAS:1361412562310872113", "OPENVAS:1361412562310872121", "OPENVAS:1361412562310872167", "OPENVAS:1361412562310872217", "OPENVAS:1361412562310872220", "OPENVAS:1361412562310872223", "OPENVAS:1361412562310873263", "OPENVAS:1361412562310873295", "OPENVAS:1361412562310882686", "OPENVAS:1361412562310891851", "OPENVAS:1361412562311220171060", "OPENVAS:1361412562311220171088", "OPENVAS:1361412562311220192110", "OPENVAS:1361412562311220192111", "OPENVAS:1361412562311220192177", "OPENVAS:1361412562311220192503", "OPENVAS:1361412562311220192639", "OPENVAS:1361412562311220201049", "OPENVAS:703768"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUJUL2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0838"]}, {"type": "osv", "idList": ["OSV:DLA-1851-1", "OSV:DSA-3768-1", "OSV:DSA-4013-1"]}, {"type": "redhat", "idList": ["RHSA-2017:0838"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-8332", "RH:CVE-2016-9112", "RH:CVE-2016-9113", "RH:CVE-2016-9114", "RH:CVE-2016-9115", "RH:CVE-2016-9116", "RH:CVE-2016-9117", "RH:CVE-2016-9118", "RH:CVE-2016-9572", "RH:CVE-2016-9573", "RH:CVE-2016-9580", "RH:CVE-2016-9581"]}, {"type": "seebug", "idList": ["SSV:96672"]}, {"type": "slackware", "idList": ["SSA-2017-279-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0155-1", "OPENSUSE-SU-2017:0185-1", "OPENSUSE-SU-2017:0207-1", "OPENSUSE-SU-2017:2567-1", "SUSE-SU-2016:3270-1"]}, {"type": "talos", "idList": ["TALOS-2016-0193"]}, {"type": "thn", "idList": ["THN:1C6DD059E76C91837FE072F66F0C7360"]}, {"type": "ubuntu", "idList": ["USN-4497-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-7445", "UB:CVE-2016-8332", "UB:CVE-2016-9112", "UB:CVE-2016-9113", "UB:CVE-2016-9114", "UB:CVE-2016-9115", "UB:CVE-2016-9116", "UB:CVE-2016-9117", "UB:CVE-2016-9118", "UB:CVE-2016-9572", "UB:CVE-2016-9573", "UB:CVE-2016-9580", "UB:CVE-2016-9581"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "androidsecurity", "idList": ["ANDROID:2017-06-01"]}, {"type": "centos", "idList": ["CESA-2017:0838"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0993"]}, {"type": "cve", "idList": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3678-1:F57E2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9572", "DEBIANCVE:CVE-2016-9573", "DEBIANCVE:CVE-2016-9580", "DEBIANCVE:CVE-2016-9581"]}, {"type": "fedora", "idList": ["FEDORA:049F860C2514", "FEDORA:0CB3260608E3", "FEDORA:1A14B602F582", "FEDORA:6DF8E601FBFA", "FEDORA:D52A760608E3", "FEDORA:F1D5660875BD"]}, {"type": "gentoo", "idList": ["GLSA-201612-26"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/UBUNTU-CVE-2016-9112/"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-2111.NASL", "EULEROS_SA-2019-2177.NASL", "FEDORA_2016-58A8F32C86.NASL", "FEDORA_2016-AD1871CF02.NASL", "FEDORA_2016-C23A8CE9E5.NASL", "FEDORA_2016-FE55F449E0.NASL", "OPENSUSE-2016-1139.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872113", "OPENVAS:1361412562310872121", "OPENVAS:1361412562310872167", "OPENVAS:1361412562311220171088"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0838"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9572", "RH:CVE-2016-9573", "RH:CVE-2016-9580", "RH:CVE-2016-9581"]}, {"type": "slackware", "idList": ["SSA-2017-279-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0155-1"]}, {"type": "talos", "idList": ["TALOS-2016-0193"]}, {"type": "thn", "idList": ["THN:1C6DD059E76C91837FE072F66F0C7360"]}, {"type": "ubuntu", "idList": ["USN-4497-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9572", "UB:CVE-2016-9573", "UB:CVE-2016-9580", "UB:CVE-2016-9581"]}]}, "exploitation": null, "vulnersScore": 0.0}, "_state": {"dependencies": 1659998956, "score": 1659834466}, "_internal": {"score_hash": "ec3036bd57f5ef9e258b5bddc1500a19"}, "pluginID": "96646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-120.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96646);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n\n script_name(english:\"openSUSE Security Update : openjpeg2 (openSUSE-2017-120)\");\n script_summary(english:\"Check for the openSUSE-2017-120 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in\n imagetopnm() could lead to heap buffer overflow\n [bsc#1014543]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer\n overflow via integer overflow and infite loop\n [bsc#1014975]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c\n could lead to crash [bsc#999817]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000\n format could lead to code execution [bsc#1002414]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in\n lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9113: NULL point dereference in function\n imagetobmp of convertbmp.c could lead to crash\n [bsc#1007739]\n\n - CVE-2016-9114: NULL pointer Access in function\n imagetopnm of convert.c:1943(jp2) could lead to crash\n [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function\n imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9116: NULL pointer Access in function\n imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9117: NULL pointer Access in function\n imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function\n pnmtoimage of convert.c [bsc#1007744]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjp2-7-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjp2-7-debuginfo-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg2-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg2-debuginfo-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg2-debugsource-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg2-devel-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjp2-7-32bit-2.1.0-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjp2-7-debuginfo-32bit-2.1.0-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjp2-7 / libopenjp2-7-32bit / libopenjp2-7-debuginfo / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:libopenjp2-7", "p-cpe:/a:novell:opensuse:libopenjp2-7-32bit", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openjpeg2", "p-cpe:/a:novell:opensuse:openjpeg2-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg2-debugsource", "p-cpe:/a:novell:opensuse:openjpeg2-devel", "cpe:/o:novell:opensuse:42.1"], "solution": "Update the affected openjpeg2 packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2017-01-19T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"suse": [{"lastseen": "2016-12-27T18:05:30", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n", "cvss3": {}, "published": "2016-12-27T15:07:08", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2016-12-27T15:07:08", "id": "SUSE-SU-2016:3270-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00095.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-16T19:01:21", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2017-01-16T19:20:39", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2017-01-16T19:20:39", "id": "OPENSUSE-SU-2017:0155-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00021.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-17T18:59:44", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n\n", "cvss3": {}, "published": "2017-01-17T19:47:35", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2017-01-17T19:47:35", "id": "OPENSUSE-SU-2017:0185-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00030.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-01-19T14:59:37", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n\n", "cvss3": {}, "published": "2017-01-19T15:08:59", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2017-01-19T15:08:59", "id": "OPENSUSE-SU-2017:0207-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-26T05:37:45", "description": "This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n * CVE 2016-7163: Integer Overflow could lead to remote code execution\n [bsc#997857]\n * CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead\n to denial of service [bsc#979907]\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2017-09-26T03:07:23", "type": "suse", "title": "Security update for openjpeg2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-7163", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2015-8871", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2017-09-26T03:07:23", "id": "OPENSUSE-SU-2017:2567-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00082.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T12:38:33", "description": "This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n\n - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openjpeg2 (SUSE-SU-2016:3270-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenjp2", "p-cpe:/a:novell:suse_linux:libopenjp2-7-debuginfo", "p-cpe:/a:novell:suse_linux:openjpeg2-debuginfo", "p-cpe:/a:novell:suse_linux:openjpeg2-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3270-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3270-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96147);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openjpeg2 (SUSE-SU-2016:3270-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9114: NULL pointer Access in function\n imagetopnm of convert.c:1943(jp2) could lead to crash\n [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function\n imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer\n overflow via integer overflow and infite loop\n [bsc#1014975]\n\n - CVE-2016-9117: NULL pointer Access in function\n imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function\n pnmtoimage of convert.c [bsc#1007744]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in\n lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9116: NULL pointer Access in function\n imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9113: NULL point dereference in function\n imagetobmp of convertbmp.c could lead to crash\n [bsc#1007739]\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in\n imagetopnm() could lead to heap buffer overflow\n [bsc#1014543]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000\n format could lead to code execution [bsc#1002414]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c\n could lead to crash [bsc#999817]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7445/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9573/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9581/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163270-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be37f534\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1914=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1914=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1914=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenjp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenjp2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenjp2-7-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenjp2-7-debuginfo-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openjpeg2-debuginfo-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openjpeg2-debugsource-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenjp2-7-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenjp2-7-debuginfo-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openjpeg2-debuginfo-2.1.0-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openjpeg2-debugsource-2.1.0-3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-17T14:22:55", "description": "This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n\n - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] \n\n - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] \n\n - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] \n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] \n\n - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817] \n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openjpeg2 (openSUSE-2017-101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenjp2-7", "p-cpe:/a:novell:opensuse:libopenjp2-7-32bit", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openjpeg2", "p-cpe:/a:novell:opensuse:openjpeg2-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg2-debugsource", "p-cpe:/a:novell:opensuse:openjpeg2-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-101.NASL", "href": "https://www.tenable.com/plugins/nessus/96577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-101.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96577);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n\n script_name(english:\"openSUSE Security Update : openjpeg2 (openSUSE-2017-101)\");\n script_summary(english:\"Check for the openSUSE-2017-101 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9114: NULL pointer Access in function\n imagetopnm of convert.c:1943(jp2) could lead to crash\n [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function\n imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer\n overflow via integer overflow and infite loop\n [bsc#1014975]\n\n - CVE-2016-9117: NULL pointer Access in function\n imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function\n pnmtoimage of convert.c [bsc#1007744] \n\n - CVE-2016-9112: FPE(Floating Point Exception) in\n lib/openjp2/pi.c:523 [bsc#1007747] \n\n - CVE-2016-9116: NULL pointer Access in function\n imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9113: NULL point dereference in function\n imagetobmp of convertbmp.c could lead to crash\n [bsc#1007739] \n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in\n imagetopnm() could lead to heap buffer overflow\n [bsc#1014543]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000\n format could lead to code execution [bsc#1002414] \n\n - CVE-2016-7445: NULL pointer dereference in convert.c\n could lead to crash [bsc#999817] \n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenjp2-7-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenjp2-7-debuginfo-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openjpeg2-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openjpeg2-debuginfo-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openjpeg2-debugsource-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openjpeg2-devel-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenjp2-7-32bit-2.1.0-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenjp2-7-debuginfo-32bit-2.1.0-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjp2-7 / libopenjp2-7-32bit / libopenjp2-7-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-17T14:22:56", "description": "This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c could lead to crash [bsc#999817]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739]\n\n - CVE-2016-9114: NULL pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9116: NULL pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9117: NULL pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744]", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openjpeg2 (openSUSE-2017-108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445", "CVE-2016-8332", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenjp2-7", "p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg2", "p-cpe:/a:novell:opensuse:openjpeg2-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg2-debugsource", "p-cpe:/a:novell:opensuse:openjpeg2-devel", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2017-108.NASL", "href": "https://www.tenable.com/plugins/nessus/96580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96580);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n\n script_name(english:\"openSUSE Security Update : openjpeg2 (openSUSE-2017-108)\");\n script_summary(english:\"Check for the openSUSE-2017-108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg2 fixes the following issues :\n\n - CVE-2016-9572 CVE-2016-9573: Insuficient check in\n imagetopnm() could lead to heap buffer overflow\n [bsc#1014543]\n\n - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer\n overflow via integer overflow and infite loop\n [bsc#1014975]\n\n - CVE-2016-7445: NULL pointer dereference in convert.c\n could lead to crash [bsc#999817]\n\n - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000\n format could lead to code execution [bsc#1002414]\n\n - CVE-2016-9112: FPE(Floating Point Exception) in\n lib/openjp2/pi.c:523 [bsc#1007747]\n\n - CVE-2016-9113: NULL point dereference in function\n imagetobmp of convertbmp.c could lead to crash\n [bsc#1007739]\n\n - CVE-2016-9114: NULL pointer Access in function\n imagetopnm of convert.c:1943(jp2) could lead to crash\n [bsc#1007740]\n\n - CVE-2016-9115: Heap Buffer Overflow in function\n imagetotga of convert.c(jp2) [bsc#1007741]\n\n - CVE-2016-9116: NULL pointer Access in function\n imagetopnm of convert.c:2226(jp2) [bsc#1007742]\n\n - CVE-2016-9117: NULL pointer Access in function\n imagetopnm of convert.c(jp2):1289 [bsc#1007743]\n\n - CVE-2016-9118: Heap Buffer Overflow in function\n pnmtoimage of convert.c [bsc#1007744]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenjp2-7-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenjp2-7-debuginfo-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openjpeg2-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openjpeg2-debuginfo-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openjpeg2-debugsource-2.1.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openjpeg2-devel-2.1.0-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjp2-7 / libopenjp2-7-debuginfo / openjpeg2 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:19", "description": "This update fixes CVE-2016-9580 and CVE-2016-9581.\n\n----\n\nThis update adds a patch to fix CVE-2016-9573 and CVE-2016-9572.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "Fedora 24 : mingw-openjpeg2 (2016-52a1b18397)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-52A1B18397.NASL", "href": "https://www.tenable.com/plugins/nessus/96202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-52a1b18397.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96202);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n script_xref(name:\"FEDORA\", value:\"2016-52a1b18397\");\n\n script_name(english:\"Fedora 24 : mingw-openjpeg2 (2016-52a1b18397)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2016-9580 and CVE-2016-9581.\n\n----\n\nThis update adds a patch to fix CVE-2016-9573 and CVE-2016-9572.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-52a1b18397\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"mingw-openjpeg2-2.1.2-3.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:32", "description": "This update fixes CVE-2016-9580 and CVE-2016-9581.\n\n----\n\nThis update adds a patch to fix CVE-2016-9573 and CVE-2016-9572.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "Fedora 25 : mingw-openjpeg2 (2016-89ee54c661)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-89EE54C661.NASL", "href": "https://www.tenable.com/plugins/nessus/96211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-89ee54c661.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96211);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n script_xref(name:\"FEDORA\", value:\"2016-89ee54c661\");\n\n script_name(english:\"Fedora 25 : mingw-openjpeg2 (2016-89ee54c661)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2016-9580 and CVE-2016-9581.\n\n----\n\nThis update adds a patch to fix CVE-2016-9573 and CVE-2016-9572.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-89ee54c661\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mingw-openjpeg2-2.1.2-3.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:16", "description": "The remote host is affected by the vulnerability described in GLSA-201710-26 (OpenJPEG: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenJPEG. Please review the references below for details.\n Impact :\n\n A remote attacker, via a crafted BMP, PDF, or j2k document, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-23T00:00:00", "type": "nessus", "title": "GLSA-201710-26 : OpenJPEG: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10504", "CVE-2016-10505", "CVE-2016-10506", "CVE-2016-10507", "CVE-2016-1626", "CVE-2016-1628", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581", "CVE-2017-12982", "CVE-2017-14039", "CVE-2017-14164"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openjpeg", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201710-26.NASL", "href": "https://www.tenable.com/plugins/nessus/104069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201710-26.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104069);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10504\", \"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-10507\", \"CVE-2016-1626\", \"CVE-2016-1628\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\", \"CVE-2017-12982\", \"CVE-2017-14039\", \"CVE-2017-14164\");\n script_xref(name:\"GLSA\", value:\"201710-26\");\n\n script_name(english:\"GLSA-201710-26 : OpenJPEG: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201710-26\n(OpenJPEG: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenJPEG. Please review\n the references below for details.\n \nImpact :\n\n A remote attacker, via a crafted BMP, PDF, or j2k document, could\n execute arbitrary code, cause a Denial of Service condition, or have\n other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201710-26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenJPEG users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openjpeg-2.3.0:2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openjpeg\", unaffected:make_list(\"ge 2.3.0\"), vulnerable:make_list(\"lt 2.3.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenJPEG\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:12:11", "description": "Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "Debian DSA-3768-1 : openjpeg2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5159", "CVE-2016-8332", "CVE-2016-9572", "CVE-2016-9573"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjpeg2", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3768.NASL", "href": "https://www.tenable.com/plugins/nessus/96667", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3768. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96667);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5159\", \"CVE-2016-8332\", \"CVE-2016-9572\", \"CVE-2016-9573\");\n script_xref(name:\"DSA\", value:\"3768\");\n\n script_name(english:\"Debian DSA-3768-1 : openjpeg2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the\nexecution of arbitrary code if a malformed JPEG 2000 file is\nprocessed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openjpeg2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3768\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjpeg2 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2.1.0-2+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7-dbg\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7-dev\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-tools\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp3d-tools\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp3d7\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-dec-server\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-server\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-viewer\", reference:\"2.1.0-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip7\", reference:\"2.1.0-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:29", "description": "This update fixes CVE-2016-9580 and CVE-2016-9581.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Fedora 25 : openjpeg2 (2016-c404a59411)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-C404A59411.NASL", "href": "https://www.tenable.com/plugins/nessus/95946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c404a59411.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95946);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9580\", \"CVE-2016-9581\");\n script_xref(name:\"FEDORA\", value:\"2016-c404a59411\");\n\n script_name(english:\"Fedora 25 : openjpeg2 (2016-c404a59411)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2016-9580 and CVE-2016-9581.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c404a59411\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"openjpeg2-2.1.2-3.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:37", "description": "This update fixes CVE-2016-9580 and CVE-2016-9581.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "Fedora 24 : openjpeg2 (2016-3b7f39a8c1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9580", "CVE-2016-9581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-3B7F39A8C1.NASL", "href": "https://www.tenable.com/plugins/nessus/96201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-3b7f39a8c1.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96201);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9580\", \"CVE-2016-9581\");\n script_xref(name:\"FEDORA\", value:\"2016-3b7f39a8c1\");\n\n script_name(english:\"Fedora 24 : openjpeg2 (2016-3b7f39a8c1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2016-9580 and CVE-2016-9581.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b7f39a8c1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"openjpeg2-2.1.2-3.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:50", "description": "This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "Fedora 25 : openjpeg2 (2016-fc8577bf00)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-FC8577BF00.NASL", "href": "https://www.tenable.com/plugins/nessus/95692", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-fc8577bf00.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95692);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9572\", \"CVE-2016-9573\");\n script_xref(name:\"FEDORA\", value:\"2016-fc8577bf00\");\n\n script_name(english:\"Fedora 25 : openjpeg2 (2016-fc8577bf00)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-fc8577bf00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"openjpeg2-2.1.2-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:01", "description": "This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "Fedora 24 : openjpeg2 (2016-0b80dcfe5a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-0B80DCFE5A.NASL", "href": "https://www.tenable.com/plugins/nessus/95669", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-0b80dcfe5a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95669);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9572\", \"CVE-2016-9573\");\n script_xref(name:\"FEDORA\", value:\"2016-0b80dcfe5a\");\n\n script_name(english:\"Fedora 24 : openjpeg2 (2016-0b80dcfe5a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b80dcfe5a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"openjpeg2-2.1.2-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:05", "description": "New openjpeg packages are available for Slackware 14.2 and -current to fix security issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-09T00:00:00", "type": "nessus", "title": "Slackware 14.2 / current : openjpeg (SSA:2017-279-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581", "CVE-2017-12982", "CVE-2017-14039", "CVE-2017-14040", "CVE-2017-14041", "CVE-2017-14151", "CVE-2017-14152", "CVE-2017-14164"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openjpeg", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-279-02.NASL", "href": "https://www.tenable.com/plugins/nessus/103704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-279-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103704);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\", \"CVE-2017-12982\", \"CVE-2017-14039\", \"CVE-2017-14040\", \"CVE-2017-14041\", \"CVE-2017-14151\", \"CVE-2017-14152\", \"CVE-2017-14164\");\n script_xref(name:\"SSA\", value:\"2017-279-02\");\n\n script_name(english:\"Slackware 14.2 / current : openjpeg (SSA:2017-279-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openjpeg packages are available for Slackware 14.2 and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.395569\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?afbd26c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"openjpeg\", pkgver:\"2.3.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"openjpeg\", pkgver:\"2.3.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openjpeg\", pkgver:\"2.3.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openjpeg\", pkgver:\"2.3.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:40", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : mingw-openjpeg2 (2016-f8235d2ef9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-F8235D2EF9.NASL", "href": "https://www.tenable.com/plugins/nessus/94887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f8235d2ef9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94887);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-f8235d2ef9\");\n\n script_name(english:\"Fedora 25 : mingw-openjpeg2 (2016-f8235d2ef9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8235d2ef9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mingw-openjpeg2-2.1.2-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:34", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : openjpeg2 (2016-0bf602e920)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-0BF602E920.NASL", "href": "https://www.tenable.com/plugins/nessus/94772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-0bf602e920.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94772);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-0bf602e920\");\n\n script_name(english:\"Fedora 25 : openjpeg2 (2016-0bf602e920)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-0bf602e920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"openjpeg2-2.1.2-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T13:49:47", "description": "This update for openjpeg fixes the following issues :\n\n - CVE-2016-7445: Avoid a crash (NULL pointer dereference) when convertng images. (boo#999817, CVE-2016-7445).", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openjpeg (openSUSE-2016-1139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenjpeg1", "p-cpe:/a:novell:opensuse:libopenjpeg1-32bit", "p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo", "p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openjpeg", "p-cpe:/a:novell:opensuse:openjpeg-debuginfo", "p-cpe:/a:novell:opensuse:openjpeg-debugsource", "p-cpe:/a:novell:opensuse:openjpeg-devel", "p-cpe:/a:novell:opensuse:openjpeg-devel-32bit", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1139.NASL", "href": "https://www.tenable.com/plugins/nessus/93824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1139.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93824);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7445\");\n\n script_name(english:\"openSUSE Security Update : openjpeg (openSUSE-2016-1139)\");\n script_summary(english:\"Check for the openSUSE-2016-1139 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openjpeg fixes the following issues :\n\n - CVE-2016-7445: Avoid a crash (NULL pointer dereference)\n when convertng images. (boo#999817, CVE-2016-7445).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenjpeg1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openjpeg-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjpeg1-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenjpeg1-debuginfo-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-debuginfo-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-debugsource-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openjpeg-devel-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjpeg1-32bit-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenjpeg1-debuginfo-32bit-1.5.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"openjpeg-devel-32bit-1.5.2-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenjpeg1 / libopenjpeg1-32bit / libopenjpeg1-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:51", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-06T00:00:00", "type": "nessus", "title": "Fedora 24 : openjpeg2 (2016-58a8f32c86)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-58A8F32C86.NASL", "href": "https://www.tenable.com/plugins/nessus/93880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-58a8f32c86.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93880);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-58a8f32c86\");\n\n script_name(english:\"Fedora 24 : openjpeg2 (2016-58a8f32c86)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-58a8f32c86\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"openjpeg2-2.1.2-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:40:02", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "type": "nessus", "title": "Fedora 24 : mingw-openjpeg2 (2016-c23a8ce9e5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-C23A8CE9E5.NASL", "href": "https://www.tenable.com/plugins/nessus/93929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c23a8ce9e5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93929);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-c23a8ce9e5\");\n\n script_name(english:\"Fedora 24 : mingw-openjpeg2 (2016-c23a8ce9e5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c23a8ce9e5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"mingw-openjpeg2-2.1.2-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:40:02", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "type": "nessus", "title": "Fedora 23 : mingw-openjpeg2 (2016-fe55f449e0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-FE55F449E0.NASL", "href": "https://www.tenable.com/plugins/nessus/93931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-fe55f449e0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93931);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-fe55f449e0\");\n\n script_name(english:\"Fedora 23 : mingw-openjpeg2 (2016-fe55f449e0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe55f449e0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"mingw-openjpeg2-2.1.2-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:56", "description": "Update to version 2.1.2, see https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-10T00:00:00", "type": "nessus", "title": "Fedora 23 : openjpeg2 (2016-ad1871cf02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-AD1871CF02.NASL", "href": "https://www.tenable.com/plugins/nessus/93927", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ad1871cf02.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93927);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7445\");\n script_xref(name:\"FEDORA\", value:\"2016-ad1871cf02\");\n\n script_name(english:\"Fedora 23 : openjpeg2 (2016-ad1871cf02)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.1.2, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad1871cf02\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.1.2/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"openjpeg2-2.1.2-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:41", "description": "Update to version 2.2.0, see https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-21T00:00:00", "type": "nessus", "title": "Fedora 25 : mingw-openjpeg2 (2017-f6e3215f2b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-F6E3215F2B.NASL", "href": "https://www.tenable.com/plugins/nessus/102611", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f6e3215f2b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102611);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9112\");\n script_xref(name:\"FEDORA\", value:\"2017-f6e3215f2b\");\n\n script_name(english:\"Fedora 25 : mingw-openjpeg2 (2017-f6e3215f2b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.2.0, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f6e3215f2b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mingw-openjpeg2-2.2.0-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:17:22", "description": "According to the versions of the openjpeg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).(CVE-2018-14423)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-01-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : openjpeg2 (EulerOS-SA-2020-1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2018-14423"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:uvp:3.0.5.0"], "id": "EULEROS_SA-2020-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/132803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132803);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-7445\",\n \"CVE-2018-14423\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : openjpeg2 (EulerOS-SA-2020-1049)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - Division-by-zero vulnerabilities in the functions\n pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in\n lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow\n remote attackers to cause a denial of service\n (application crash).(CVE-2018-14423)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1049\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ddae8d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.0-9.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:18:30", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2019-2503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6887", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2503.NASL", "href": "https://www.tenable.com/plugins/nessus/131656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131656);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-6887\",\n \"CVE-2016-10505\",\n \"CVE-2016-7445\"\n );\n script_bugtraq_id(\n 64140\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2019-2503)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a\n denial of service via unspecified vectors that trigger\n NULL pointer dereferences, division-by-zero, and other\n errors.(CVE-2013-6887)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2503\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf01e56f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-16.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:18:29", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : openjpeg (EulerOS-SA-2019-2177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-10506", "CVE-2016-7445"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2177.NASL", "href": "https://www.tenable.com/plugins/nessus/130639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130639);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-10506\",\n \"CVE-2016-7445\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : openjpeg (EulerOS-SA-2019-2177)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions\n opj_pi_next_cprl, opj_pi_next_pcrl, and\n opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow\n remote attackers to cause a denial of service\n (application crash) via crafted j2k\n files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2177\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a7d9b95\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-17.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:17:52", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : openjpeg (EulerOS-SA-2019-2110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-10506", "CVE-2016-7445"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2110.NASL", "href": "https://www.tenable.com/plugins/nessus/130819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130819);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-10506\",\n \"CVE-2016-7445\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : openjpeg (EulerOS-SA-2019-2110)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions\n opj_pi_next_cprl, opj_pi_next_pcrl, and\n opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow\n remote attackers to cause a denial of service\n (application crash) via crafted j2k\n files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2110\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d96204ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-22.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:18:07", "description": "According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2019-2111)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-10506", "CVE-2016-7445"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2111.NASL", "href": "https://www.tenable.com/plugins/nessus/130820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130820);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10505\",\n \"CVE-2016-10506\",\n \"CVE-2016-7445\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2019-2111)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - Division-by-zero vulnerabilities in the functions\n opj_pi_next_cprl, opj_pi_next_pcrl, and\n opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow\n remote attackers to cause a denial of service\n (application crash) via crafted j2k\n files.(CVE-2016-10506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2111\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cad852b8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg2-2.3.0-9.h3.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-24T22:06:22", "description": "Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000 image library.\n\nCVE-2016-9112\n\nA floating point exception or divide by zero in the function opj_pi_next_cprl may lead to a denial of service.\n\nCVE-2018-20847\n\nAn improper computation of values in the function opj_get_encoding_parameters can lead to an integer overflow. This issue was partly fixed by the patch for CVE-2015-1239.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.1.0-2+deb8u7.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-11T00:00:00", "type": "nessus", "title": "Debian DLA-1851-1 : openjpeg2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1239", "CVE-2016-9112", "CVE-2018-20847"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libopenjp2-7", "p-cpe:/a:debian:debian_linux:libopenjp2-7-dbg", "p-cpe:/a:debian:debian_linux:libopenjp2-7-dev", "p-cpe:/a:debian:debian_linux:libopenjp2-tools", "p-cpe:/a:debian:debian_linux:libopenjp3d-tools", "p-cpe:/a:debian:debian_linux:libopenjp3d7", "p-cpe:/a:debian:debian_linux:libopenjpip-dec-server", "p-cpe:/a:debian:debian_linux:libopenjpip-server", "p-cpe:/a:debian:debian_linux:libopenjpip-viewer", "p-cpe:/a:debian:debian_linux:libopenjpip7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1851.NASL", "href": "https://www.tenable.com/plugins/nessus/126607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1851-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126607);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9112\", \"CVE-2018-20847\");\n\n script_name(english:\"Debian DLA-1851-1 : openjpeg2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000\nimage library.\n\nCVE-2016-9112\n\nA floating point exception or divide by zero in the function\nopj_pi_next_cprl may lead to a denial of service.\n\nCVE-2018-20847\n\nAn improper computation of values in the function\nopj_get_encoding_parameters can lead to an integer overflow. This\nissue was partly fixed by the patch for CVE-2015-1239.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.1.0-2+deb8u7.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openjpeg2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp2-7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp2-7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp3d-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjp3d7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjpip-dec-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjpip-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjpip-viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenjpip7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7-dbg\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7-dev\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-tools\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp3d-tools\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp3d7\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-dec-server\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-server\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-viewer\", reference:\"2.1.0-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip7\", reference:\"2.1.0-2+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:41", "description": "Update to version 2.2.0, see https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-14T00:00:00", "type": "nessus", "title": "Fedora 26 : openjpeg2 (2017-920b27e8f4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-9112"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openjpeg2", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-920B27E8F4.NASL", "href": "https://www.tenable.com/plugins/nessus/102459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-920b27e8f4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102459);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-9112\");\n script_xref(name:\"FEDORA\", value:\"2017-920b27e8f4\");\n\n script_name(english:\"Fedora 26 : openjpeg2 (2017-920b27e8f4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 2.2.0, see\nhttps://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-920b27e8f4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"openjpeg2-2.2.0-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:17:06", "description": "An update for openjpeg is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nSecurity Fix(es) :\n\n* Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-23T00:00:00", "type": "nessus", "title": "RHEL 7 : openjpeg (RHSA-2017:0838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openjpeg", "p-cpe:/a:redhat:enterprise_linux:openjpeg-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openjpeg-devel", "p-cpe:/a:redhat:enterprise_linux:openjpeg-libs", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0838.NASL", "href": "https://www.tenable.com/plugins/nessus/97911", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0838. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97911);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-7163\", \"CVE-2016-9573\", \"CVE-2016-9675\");\n script_xref(name:\"RHSA\", value:\"2017:0838\");\n\n script_name(english:\"RHEL 7 : openjpeg (RHSA-2017:0838)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openjpeg is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenJPEG is an open source library for reading and writing image files\nin JPEG2000 format.\n\nSecurity Fix(es) :\n\n* Multiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in OpenJPEG. A specially crafted JPEG2000 image\ncould cause an application using OpenJPEG to crash or, potentially,\nexecute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,\nCVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the\nj2k_to_image tool. Converting a specially crafted JPEG2000 file to\nanother format could cause the application to crash or, potentially,\ndisclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A\nspecially crafted JPEG2000 image, when read by an application using\nOpenJPEG, could cause the application to crash or, potentially,\nexecute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\nCVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert\n(Red Hat Product Security).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9675\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openjpeg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openjpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0838\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openjpeg-1.5.1-16.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openjpeg-1.5.1-16.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openjpeg-debuginfo-1.5.1-16.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openjpeg-devel-1.5.1-16.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openjpeg-libs-1.5.1-16.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg / openjpeg-debuginfo / openjpeg-devel / openjpeg-libs\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:16:24", "description": "From Red Hat Security Advisory 2017:0838 :\n\nAn update for openjpeg is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nSecurity Fix(es) :\n\n* Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-23T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openjpeg (ELSA-2017-0838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openjpeg", "p-cpe:/a:oracle:linux:openjpeg-devel", "p-cpe:/a:oracle:linux:openjpeg-libs", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0838.NASL", "href": "https://www.tenable.com/plugins/nessus/97907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0838 and \n# Oracle Linux Security Advisory ELSA-2017-0838 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97907);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-7163\", \"CVE-2016-9573\", \"CVE-2016-9675\");\n script_xref(name:\"RHSA\", value:\"2017:0838\");\n\n script_name(english:\"Oracle Linux 7 : openjpeg (ELSA-2017-0838)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0838 :\n\nAn update for openjpeg is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenJPEG is an open source library for reading and writing image files\nin JPEG2000 format.\n\nSecurity Fix(es) :\n\n* Multiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in OpenJPEG. A specially crafted JPEG2000 image\ncould cause an application using OpenJPEG to crash or, potentially,\nexecute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,\nCVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the\nj2k_to_image tool. Converting a specially crafted JPEG2000 file to\nanother format could cause the application to crash or, potentially,\ndisclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A\nspecially crafted JPEG2000 image, when read by an application using\nOpenJPEG, could cause the application to crash or, potentially,\nexecute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\nCVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert\n(Red Hat Product Security).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006791.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openjpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openjpeg-1.5.1-16.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openjpeg-devel-1.5.1-16.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openjpeg-libs-1.5.1-16.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg / openjpeg-devel / openjpeg-libs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:18:19", "description": "Security Fix(es) :\n\n - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-24T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openjpeg on SL7.x x86_64 (20170322)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openjpeg", "p-cpe:/a:fermilab:scientific_linux:openjpeg-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openjpeg-devel", "p-cpe:/a:fermilab:scientific_linux:openjpeg-libs", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170322_OPENJPEG_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97935);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-7163\", \"CVE-2016-9573\", \"CVE-2016-9675\");\n\n script_name(english:\"Scientific Linux Security Update : openjpeg on SL7.x x86_64 (20170322)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple integer overflow flaws, leading to heap-based\n buffer overflows, were found in OpenJPEG. A specially\n crafted JPEG2000 image could cause an application using\n OpenJPEG to crash or, potentially, execute arbitrary\n code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,\n CVE-2016-7163)\n\n - An out-of-bounds read vulnerability was found in\n OpenJPEG, in the j2k_to_image tool. Converting a\n specially crafted JPEG2000 file to another format could\n cause the application to crash or, potentially, disclose\n some data from the heap. (CVE-2016-9573)\n\n - A heap-based buffer overflow vulnerability was found in\n OpenJPEG. A specially crafted JPEG2000 image, when read\n by an application using OpenJPEG, could cause the\n application to crash or, potentially, execute arbitrary\n code. (CVE-2016-9675)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=9984\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4198884\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openjpeg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openjpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openjpeg-1.5.1-16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openjpeg-debuginfo-1.5.1-16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openjpeg-devel-1.5.1-16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openjpeg-libs-1.5.1-16.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg / openjpeg-debuginfo / openjpeg-devel / openjpeg-libs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:16:23", "description": "An update for openjpeg is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nSecurity Fix(es) :\n\n* Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "CentOS 7 : openjpeg (CESA-2017:0838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openjpeg", "p-cpe:/a:centos:centos:openjpeg-devel", "p-cpe:/a:centos:centos:openjpeg-libs", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0838.NASL", "href": "https://www.tenable.com/plugins/nessus/99041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0838 and \n# CentOS Errata and Security Advisory 2017:0838 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99041);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-7163\", \"CVE-2016-9573\", \"CVE-2016-9675\");\n script_xref(name:\"RHSA\", value:\"2017:0838\");\n\n script_name(english:\"CentOS 7 : openjpeg (CESA-2017:0838)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openjpeg is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenJPEG is an open source library for reading and writing image files\nin JPEG2000 format.\n\nSecurity Fix(es) :\n\n* Multiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in OpenJPEG. A specially crafted JPEG2000 image\ncould cause an application using OpenJPEG to crash or, potentially,\nexecute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,\nCVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the\nj2k_to_image tool. Converting a specially crafted JPEG2000 file to\nanother format could cause the application to crash or, potentially,\ndisclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A\nspecially crafted JPEG2000 image, when read by an application using\nOpenJPEG, could cause the application to crash or, potentially,\nexecute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\nCVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert\n(Red Hat Product Security).\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022349.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28e4f42b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openjpeg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5139\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openjpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openjpeg-1.5.1-16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openjpeg-devel-1.5.1-16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openjpeg-libs-1.5.1-16.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg / openjpeg-devel / openjpeg-libs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:25:04", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}, "published": "2017-06-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : openjpeg (EulerOS-SA-2017-1088)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1088.NASL", "href": "https://www.tenable.com/plugins/nessus/100683", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100683);\n script_version(\"3.86\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5139\",\n \"CVE-2016-5158\",\n \"CVE-2016-5159\",\n \"CVE-2016-7163\",\n \"CVE-2016-9573\",\n \"CVE-2016-9675\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : openjpeg (EulerOS-SA-2017-1088)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple integer overflow flaws, leading to heap-based\n buffer overflows, were found in OpenJPEG. A specially\n crafted JPEG2000 image could cause an application using\n OpenJPEG to crash or, potentially, execute arbitrary\n code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,\n CVE-2016-7163)\n\n - An out-of-bounds read vulnerability was found in\n OpenJPEG, in the j2k_to_image tool. Converting a\n specially crafted JPEG2000 file to another format could\n cause the application to crash or, potentially,\n disclose some data from the heap. (CVE-2016-9573)\n\n - A heap-based buffer overflow vulnerability was found in\n OpenJPEG. A specially crafted JPEG2000 image, when read\n by an application using OpenJPEG, could cause the\n application to crash or, potentially, execute arbitrary\n code. (CVE-2016-9675)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1088\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fcaf6b0c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-16\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:18:57", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2017-1060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/99905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99905);\n script_version(\"1.77\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5139\",\n \"CVE-2016-5158\",\n \"CVE-2016-5159\",\n \"CVE-2016-7163\",\n \"CVE-2016-9573\",\n \"CVE-2016-9675\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2017-1060)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple integer overflow flaws, leading to heap-based\n buffer overflows, were found in OpenJPEG. A specially\n crafted JPEG2000 image could cause an application using\n OpenJPEG to crash or, potentially, execute arbitrary\n code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,\n CVE-2016-7163)\n\n - An out-of-bounds read vulnerability was found in\n OpenJPEG, in the j2k_to_image tool. Converting a\n specially crafted JPEG2000 file to another format could\n cause the application to crash or, potentially,\n disclose some data from the heap. (CVE-2016-9573)\n\n - A heap-based buffer overflow vulnerability was found in\n OpenJPEG. A specially crafted JPEG2000 image, when read\n by an application using OpenJPEG, could cause the\n application to crash or, potentially, execute arbitrary\n code. (CVE-2016-9675)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1060\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a3feb88\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-16\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:28:17", "description": "An update for openjpeg is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nSecurity Fix(es) :\n\n* Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : openjpeg / openjpeg-devel / openjpeg-libs (VZLSA-2017-0838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:openjpeg", "p-cpe:/a:virtuozzo:virtuozzo:openjpeg-devel", "p-cpe:/a:virtuozzo:virtuozzo:openjpeg-libs", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0838.NASL", "href": "https://www.tenable.com/plugins/nessus/101442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101442);\n script_version(\"1.75\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-5139\",\n \"CVE-2016-5158\",\n \"CVE-2016-5159\",\n \"CVE-2016-7163\",\n \"CVE-2016-9573\",\n \"CVE-2016-9675\"\n );\n\n script_name(english:\"Virtuozzo 7 : openjpeg / openjpeg-devel / openjpeg-libs (VZLSA-2017-0838)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for openjpeg is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenJPEG is an open source library for reading and writing image files\nin JPEG2000 format.\n\nSecurity Fix(es) :\n\n* Multiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in OpenJPEG. A specially crafted JPEG2000 image\ncould cause an application using OpenJPEG to crash or, potentially,\nexecute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,\nCVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the\nj2k_to_image tool. Converting a specially crafted JPEG2000 file to\nanother format could cause the application to crash or, potentially,\ndisclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A\nspecially crafted JPEG2000 image, when read by an application using\nOpenJPEG, could cause the application to crash or, potentially,\nexecute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\nCVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert\n(Red Hat Product Security).\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0838.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?369da545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0838\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg / openjpeg-devel / openjpeg-libs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:openjpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-1.5.1-16.vl7\",\n \"openjpeg-devel-1.5.1-16.vl7\",\n \"openjpeg-libs-1.5.1-16.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg / openjpeg-devel / openjpeg-libs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:05", "description": "The remote host is affected by the vulnerability described in GLSA-201612-26 (OpenJPEG: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "GLSA-201612-26 : OpenJPEG: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8871", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-3181", "CVE-2016-3182", "CVE-2016-3183", "CVE-2016-7445"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openjpeg", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201612-26.NASL", "href": "https://www.tenable.com/plugins/nessus/95642", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-26.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95642);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8871\", \"CVE-2016-1923\", \"CVE-2016-1924\", \"CVE-2016-3181\", \"CVE-2016-3182\", \"CVE-2016-3183\", \"CVE-2016-7445\");\n script_xref(name:\"GLSA\", value:\"201612-26\");\n\n script_name(english:\"GLSA-201612-26 : OpenJPEG: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-26\n(OpenJPEG: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenJPEG. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted JPEG\n file, possibly resulting in execution of arbitrary code or a Denial of\n Service condition. Furthermore, a remote attacker may be able to obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenJPEG 2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-libs/openjpeg-2.1.1_p20160922:2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openjpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openjpeg\", unaffected:make_list(\"ge 2.1.1_p20160922\", \"rge 1.5.2\"), vulnerable:make_list(\"lt 2.1.1_p20160922\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenJPEG\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-17T14:39:59", "description": "The remote Oracle Database Server is missing the July 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified vulnerability in the Spatial component of Oracle Database Server, which could allow an authenticated, remote attacker to cause a partial denial of service of Spatial. (CVE-2016-9572)\n\n - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an unauthenticated, remote attacker to take over Core RDBMS (CVE-2018-11058)\n\n - An unspecified vulnerability in the Application Express component of Oracle Database Server, which could allow an authenticated, remote attacker to manipulate Application Express accessible data. (CVE-2019-2484)\n\n - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an authenticated, local attacker complete access to all Core RDBMS accessible data. (CVE-2019-2569)\n\n - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an authenticated, remote attacker to manipulate Java VM accessible data or cause a complete denial of service of Java VM. (CVE-2019-2749)\n\n - An unspecified vulnerability in the Oracle Text component of Oracle Database Server, which could allow an authenticated, remote attacker to read a subset of Oracle Text accessible data or cause a partial denial of service of Oracle Text. (CVE-2019-2753)\n\n - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an authenticated, remote attacker complete access to all Core RDBMS accessible data. (CVE-2019-2776)\n\n - An unspecified vulnerability in the Oracle ODBC Driver component of Oracle Database Server, which could allow an authenticated, remote attacker to take over Oracle ODBC Driver. Note this vulnerability only affects the Windows platform. (CVE-2019-2799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-19T00:00:00", "type": "nessus", "title": "Oracle Database Server Multiple Vulnerabilities (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9572", "CVE-2018-11058", "CVE-2019-2484", "CVE-2019-2569", "CVE-2019-2749", "CVE-2019-2753", "CVE-2019-2776", "CVE-2019-2799"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_JUL_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/126830", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126830);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-9572\",\n \"CVE-2018-11058\",\n \"CVE-2019-2484\",\n \"CVE-2019-2569\",\n \"CVE-2019-2749\",\n \"CVE-2019-2753\",\n \"CVE-2019-2776\",\n \"CVE-2019-2799\"\n );\n script_bugtraq_id(\n 108106,\n 109195,\n 109203,\n 109211,\n 109214,\n 109217,\n 109224,\n 109233\n );\n\n script_name(english:\"Oracle Database Server Multiple Vulnerabilities (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Database Server is missing the July 2019 Critical Patch Update (CPU). It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An unspecified vulnerability in the Spatial component of Oracle Database Server, which could allow an\n authenticated, remote attacker to cause a partial denial of service of Spatial. (CVE-2016-9572)\n\n - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an\n unauthenticated, remote attacker to take over Core RDBMS (CVE-2018-11058)\n\n - An unspecified vulnerability in the Application Express component of Oracle Database Server, which could allow an\n authenticated, remote attacker to manipulate Application Express accessible data. (CVE-2019-2484)\n\n - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an\n authenticated, local attacker complete access to all Core RDBMS accessible data. (CVE-2019-2569)\n\n - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an\n authenticated, remote attacker to manipulate Java VM accessible data or cause a complete denial of service of\n Java VM. (CVE-2019-2749)\n\n - An unspecified vulnerability in the Oracle Text component of Oracle Database Server, which could allow an\n authenticated, remote attacker to read a subset of Oracle Text accessible data or cause a partial denial of service\n of Oracle Text. (CVE-2019-2753)\n\n - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an\n authenticated, remote attacker complete access to all Core RDBMS accessible data. (CVE-2019-2776)\n\n - An unspecified vulnerability in the Oracle ODBC Driver component of Oracle Database Server, which could allow an\n authenticated, remote attacker to take over Oracle ODBC Driver. Note this vulnerability only affects the Windows\n platform. (CVE-2019-2799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixDB\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d1d765d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11058\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_rdbms::get_app_info();\n\nvar constraints = [\n # RDBMS:\n {'min_version': '19.0', 'fixed_version': '19.4.0.0.190716', 'missing_patch':'29708769, 29834717', 'os':'unix', 'component':'db'},\n {'min_version': '19.0', 'fixed_version': '19.4.0.0.190716', 'missing_patch':'29859191', 'os':'win', 'component':'db'},\n\n {'min_version': '18.7', 'fixed_version': '18.7.0.0.190716', 'missing_patch':'29708703, 29757256', 'os':'unix', 'component':'db'},\n {'min_version': '18.0', 'fixed_version': '18.7.0.0.190716', 'missing_patch':'29859180', 'os':'win', 'component':'db'},\n {'min_version': '18.6', 'fixed_version': '18.6.1.0.190716', 'missing_patch':'29708235', 'os':'unix', 'component':'db'},\n {'min_version': '18.0', 'fixed_version': '18.5.2.0.190716', 'missing_patch':'29708437', 'os':'unix', 'component':'db'},\n\n {'min_version': '12.2.0.1', 'fixed_version': '12.2.0.1.190716', 'missing_patch':'29708381, 29708478, 29757449', 'os':'unix', 'component':'db'},\n {'min_version': '12.2.0.1', 'fixed_version': '12.2.0.1.190716', 'missing_patch':'29832062', 'os':'win', 'component':'db'},\n \n {'min_version': '12.1.0.2', 'fixed_version': '12.1.0.2.190716', 'missing_patch':'29496791, 29494060', 'os':'unix', 'component':'db'},\n {'min_version': '12.1.0.2', 'fixed_version': '12.1.0.2.190716', 'missing_patch':'29831650', 'os':'win', 'component':'db'},\n \n {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.190716', 'missing_patch':'29698813, 29497421', 'os':'unix', 'component':'db'},\n {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.190716', 'missing_patch':'29596609', 'os':'win', 'component':'db'},\n\n # OJVM :\n {'min_version': '19.0', 'fixed_version': '19.4.0.0.190716', 'missing_patch':'29774421', 'os':'unix', 'component':'ojvm'},\n\n {'min_version': '18.0', 'fixed_version': '18.7.0.0.190716', 'missing_patch':'29774410', 'os':'unix', 'component':'ojvm'},\n {'min_version': '18.0', 'fixed_version': '18.7.0.0.190716', 'missing_patch':'29774410', 'os':'win', 'component':'ojvm'},\n\n {'min_version': '12.2.0.1', 'fixed_version': '12.2.0.1.190716', 'missing_patch':'29774415', 'os':'unix', 'component':'ojvm'},\n {'min_version': '12.2.0.1', 'fixed_version': '12.2.0.1.190716', 'missing_patch':'29837425', 'os':'win', 'component':'ojvm'},\n \n {'min_version': '12.1.0.2', 'fixed_version': '12.1.0.2.190716', 'missing_patch':'29774383', 'os':'unix', 'component':'ojvm'},\n {'min_version': '12.1.0.2', 'fixed_version': '12.1.0.2.190716', 'missing_patch':'29837393', 'os':'win', 'component':'ojvm'},\n \n {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.190716', 'missing_patch':'29610422', 'os':'unix', 'component':'ojvm'},\n {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.190716', 'missing_patch':'30012911', 'os':'win', 'component':'ojvm'}\n];\n\nvcf::oracle_rdbms::check_version_and_report(app_info:app_info, severity:SECURITY_HOLE, constraints:constraints);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-22T20:45:17", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4497-1 advisory.\n\n - Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112)\n\n - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\n - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.\n (CVE-2018-21010)\n\n - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.\n Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\n - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. (CVE-2020-6851)\n\n - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-09-15T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : OpenJPEG vulnerabilities (USN-4497-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2018-20847", "CVE-2018-21010", "CVE-2018-6616", "CVE-2019-12973", "CVE-2020-15389", "CVE-2020-6851", "CVE-2020-8112"], "modified": "2022-02-04T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7-dev", "p-cpe:/a:canonical:ubuntu_linux:libopenjp2-tools", "p-cpe:/a:canonical:ubuntu_linux:libopenjp3d-tools", "p-cpe:/a:canonical:ubuntu_linux:libopenjp3d7", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-dec-server", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-server", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip-viewer", "p-cpe:/a:canonical:ubuntu_linux:libopenjpip7"], "id": "UBUNTU_USN-4497-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140592", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4497-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140592);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/04\");\n\n script_cve_id(\n \"CVE-2016-9112\",\n \"CVE-2018-20847\",\n \"CVE-2018-21010\",\n \"CVE-2019-12973\",\n \"CVE-2020-6851\",\n \"CVE-2020-8112\",\n \"CVE-2020-15389\"\n );\n script_xref(name:\"USN\", value:\"4497-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : OpenJPEG vulnerabilities (USN-4497-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4497-1 advisory.\n\n - Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in\n OpenJPEG 2.1.2. (CVE-2016-9112)\n\n - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in\n openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)\n\n - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.\n (CVE-2018-21010)\n\n - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.\n Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n This issue is similar to CVE-2018-6616. (CVE-2019-12973)\n\n - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c\n because of lack of opj_j2k_update_image_dimensions validation. (CVE-2020-6851)\n\n - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer\n overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112)\n\n - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a\n mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free\n may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4497-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8112\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp3d-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjp3d7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-dec-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip-viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenjpip7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2022 Canonical, Inc. / NASL script (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libopenjp2-7', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjp2-7-dev', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjp2-tools', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjp3d-tools', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjp3d7', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-dec-server', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-server', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjpip-viewer', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'libopenjpip7', 'pkgver': '2.1.2-1.1+deb9u5build0.16.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenjp2-7 / libopenjp2-7-dev / libopenjp2-tools / libopenjp3d-tools / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-24T21:38:15", "description": "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-14041)\n\n - An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.(CVE-2017-14040)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\n - Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only 'null pointer dereferences, division by zero, and anything that would just fit as DoS.'(CVE-2014-0158)\n\n - In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-17479)\n\n - NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : openjpeg (EulerOS-SA-2019-2639)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1447", "CVE-2013-6045", "CVE-2013-6887", "CVE-2014-0158", "CVE-2016-10505", "CVE-2016-7445", "CVE-2017-14040", "CVE-2017-14041", "CVE-2017-17479"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openjpeg-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2639.NASL", "href": "https://www.tenable.com/plugins/nessus/132174", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132174);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-6887\",\n \"CVE-2014-0158\",\n \"CVE-2016-10505\",\n \"CVE-2016-7445\",\n \"CVE-2017-14040\",\n \"CVE-2017-14041\",\n \"CVE-2017-17479\"\n );\n script_bugtraq_id(\n 64140\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : openjpeg (EulerOS-SA-2019-2639)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openjpeg package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A stack-based buffer overflow was discovered in the\n pgxtoimage function in bin/jp2/convert.c in OpenJPEG\n 2.2.0. The vulnerability causes an out-of-bounds write,\n which may lead to remote denial of service or possibly\n remote code execution.(CVE-2017-14041)\n\n - An invalid write access was discovered in\n bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash\n in the tgatoimage function. The vulnerability may lead\n to remote denial of service or possibly unspecified\n other impact.(CVE-2017-14040)\n\n - convert.c in OpenJPEG before 2.1.2 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors\n involving the variable s.(CVE-2016-7445)\n\n - Heap-based buffer overflow in the JPEG2000 image tile\n decoder in OpenJPEG before 1.5.2 allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n crafted file because of incorrect j2k_decode,\n j2k_read_eoc, and tcd_decode_tile interaction, a\n related issue to CVE-2013-6045. NOTE: this is not a\n duplicate of CVE-2013-1447, because the scope of\n CVE-2013-1447 was specifically defined in\n http://openwall.com/lists/oss-security/2013/12/04/6 as\n only 'null pointer dereferences, division by zero, and\n anything that would just fit as DoS.'(CVE-2014-0158)\n\n - In OpenJPEG 2.3.0, a stack-based buffer overflow was\n discovered in the pgxtoimage function in\n jpwl/convert.c. The vulnerability causes an\n out-of-bounds write, which may lead to remote denial of\n service or possibly remote code\n execution.(CVE-2017-17479)\n\n - NULL pointer dereference vulnerabilities in the\n imagetopnm function in convert.c, sycc444_to_rgb\n function in color.c, color_esycc_to_rgb function in\n color.c, and sycc422_to_rgb function in color.c in\n OpenJPEG before 2.2.0 allow remote attackers to cause a\n denial of service (application crash) via crafted j2k\n files.(CVE-2016-10505)\n\n - OpenJPEG 1.5.1 allows remote attackers to cause a\n denial of service via unspecified vectors that trigger\n NULL pointer dereferences, division-by-zero, and other\n errors.(CVE-2013-6887)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2639\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9efb114\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openjpeg packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openjpeg-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openjpeg-libs-1.5.1-16.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjpeg\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-11T18:53:43", "description": "Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-02T00:00:00", "type": "nessus", "title": "Debian DSA-4013-1 : openjpeg2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10504", "CVE-2016-1628", "CVE-2016-5152", "CVE-2016-5157", "CVE-2016-9118", "CVE-2017-14039", "CVE-2017-14040", "CVE-2017-14041", "CVE-2017-14151", "CVE-2017-14152"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:openjpeg2:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4013.NASL", "href": "https://www.tenable.com/plugins/nessus/104339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4013. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104339);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-10504\", \"CVE-2016-1628\", \"CVE-2016-5152\", \"CVE-2016-5157\", \"CVE-2016-9118\", \"CVE-2017-14039\", \"CVE-2017-14040\", \"CVE-2017-14041\", \"CVE-2017-14151\", \"CVE-2017-14152\");\n script_xref(name:\"DSA\", value:\"4013\");\n\n script_name(english:\"Debian DSA-4013-1 : openjpeg2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the\nexecution of arbitrary code if a malformed JPEG 2000 file is\nprocessed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openjpeg2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openjpeg2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4013\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjpeg2 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 2.1.0-2+deb8u3.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.1.2-1.1+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjpeg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7-dbg\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-7-dev\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp2-tools\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp3d-tools\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjp3d7\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-dec-server\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-server\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip-viewer\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenjpip7\", reference:\"2.1.0-2+deb8u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp2-7\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp2-7-dbg\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp2-7-dev\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp2-tools\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp3d-tools\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjp3d7\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjpip-dec-server\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjpip-server\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjpip-viewer\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenjpip7\", reference:\"2.1.2-1.1+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-31T18:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-20T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0207-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851480", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851480\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-20 05:40:23 +0100 (Fri, 20 Jan 2017)\");\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\",\n \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\",\n \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\",\n \"CVE-2016-9581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0207-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\");\n\n script_tag(name:\"affected\", value:\"openjpeg2 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0207-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7\", rpm:\"libopenjp2-7~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo\", rpm:\"libopenjp2-7-debuginfo~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debuginfo\", rpm:\"openjpeg2-debuginfo~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debugsource\", rpm:\"openjpeg2-debugsource~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-devel\", rpm:\"openjpeg2-devel~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-32bit\", rpm:\"libopenjp2-7-32bit~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo-32bit\", rpm:\"libopenjp2-7-debuginfo-32bit~2.1.0~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:26:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0185-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851478", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851478\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-18 05:46:30 +0100 (Wed, 18 Jan 2017)\");\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\",\n \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\",\n \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\",\n \"CVE-2016-9581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0185-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\");\n\n script_tag(name:\"affected\", value:\"openjpeg2 on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0185-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7\", rpm:\"libopenjp2-7~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo\", rpm:\"libopenjp2-7-debuginfo~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debuginfo\", rpm:\"openjpeg2-debuginfo~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debugsource\", rpm:\"openjpeg2-debugsource~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-devel\", rpm:\"openjpeg2-devel~2.1.0~2.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0155-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9581", "CVE-2016-7445", "CVE-2016-9118", "CVE-2016-8332", "CVE-2016-9116", "CVE-2016-9572", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851510", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851510\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:17:36 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-7445\", \"CVE-2016-8332\", \"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\", \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-9572\", \"CVE-2016-9573\", \"CVE-2016-9580\", \"CVE-2016-9581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openjpeg2 (openSUSE-SU-2017:0155-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openjpeg2 fixes the following issues:\n\n * CVE-2016-9114: NULL Pointer Access in function imagetopnm of\n convert.c:1943(jp2) could lead to crash [bsc#1007740]\n\n * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of\n convert.c(jp2) [bsc#1007741]\n\n * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer\n overflow and infite loop [bsc#1014975]\n\n * CVE-2016-9117: NULL Pointer Access in function imagetopnm of\n convert.c(jp2):1289 [bsc#1007743]\n\n * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c\n [bsc#1007744]\n\n * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523\n [bsc#1007747]\n\n * CVE-2016-9116: NULL Pointer Access in function imagetopnm of\n convert.c:2226(jp2) [bsc#1007742]\n\n * CVE-2016-9113: NULL point dereference in function imagetobmp of\n convertbmp.c could lead to crash [bsc#1007739]\n\n * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could\n lead to heap buffer overflow [bsc#1014543]\n\n * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to\n code execution [bsc#1002414]\n\n * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash\n [bsc#999817]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"openjpeg2 on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0155-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7\", rpm:\"libopenjp2-7~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo\", rpm:\"libopenjp2-7-debuginfo~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debuginfo\", rpm:\"openjpeg2-debuginfo~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-debugsource\", rpm:\"openjpeg2-debugsource~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2-devel\", rpm:\"openjpeg2-devel~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-32bit\", rpm:\"libopenjp2-7-32bit~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenjp2-7-debuginfo-32bit\", rpm:\"libopenjp2-7-debuginfo-32bit~2.1.0~11.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2017-f6e3215f2b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9118", "CVE-2016-9116", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873295", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_f6e3215f2b_mingw-openjpeg2_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2017-f6e3215f2b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873295\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 07:55:40 +0200 (Mon, 21 Aug 2017)\");\n script_cve_id(\"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\",\n \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2017-f6e3215f2b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-f6e3215f2b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXIR7QKA6S5UXAOVEZ2RJDWG3CHLDE7Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.2.0~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-04T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-89ee54c661", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9581", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872220", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872220", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-89ee54c661\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872220\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-04 09:01:54 +0100 (Wed, 04 Jan 2017)\");\n script_cve_id(\"CVE-2016-9580\", \"CVE-2016-9581\", \"CVE-2016-9573\", \"CVE-2016-9572\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-89ee54c661\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-89ee54c661\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CXCIZ64VWB7OCAYZJZSISRAEPLAOBW2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-04T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-52a1b18397", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9581", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-52a1b18397\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872223\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-04 09:02:19 +0100 (Wed, 04 Jan 2017)\");\n script_cve_id(\"CVE-2016-9580\", \"CVE-2016-9581\", \"CVE-2016-9573\", \"CVE-2016-9572\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-52a1b18397\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-52a1b18397\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGTRTPSEUAYXZ6C5CICE5K66RT3LO5ZR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2017-920b27e8f4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5158", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9118", "CVE-2016-9116", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9117", "CVE-2016-5139", "CVE-2016-5159"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873263", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_920b27e8f4_openjpeg2_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for openjpeg2 FEDORA-2017-920b27e8f4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873263\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-14 07:44:22 +0200 (Mon, 14 Aug 2017)\");\n script_cve_id(\"CVE-2016-9112\", \"CVE-2016-9113\", \"CVE-2016-9114\", \"CVE-2016-9115\",\n \"CVE-2016-9116\", \"CVE-2016-9117\", \"CVE-2016-9118\", \"CVE-2016-5139\",\n \"CVE-2016-5158\", \"CVE-2016-5159\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2017-920b27e8f4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-920b27e8f4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PJNE4QIJJNGE56J5SUTAQFVK6D4Y4FY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.2.0~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:57:44", "description": "Multiple vulnerabilities in OpenJPEG,\na JPEG 2000 image compression / decompression library, may result in denial of\nservice or the execution of arbitrary code if a malformed JPEG 2000 file is\nprocessed.", "cvss3": {}, "published": "2017-01-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3768-1 (openjpeg2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8332", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-5159"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703768", "href": "http://plugins.openvas.org/nasl.php?oid=703768", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3768.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3768-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703768);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-5159\", \"CVE-2016-8332\", \"CVE-2016-9572\", \"CVE-2016-9573\");\n script_name(\"Debian Security Advisory DSA 3768-1 (openjpeg2 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-01-20 00:00:00 +0100 (Fri, 20 Jan 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3768.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openjpeg2 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 2.1.0-2+deb8u2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openjpeg2 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities in OpenJPEG,\na JPEG 2000 image compression / decompression library, may result in denial of\nservice or the execution of arbitrary code if a malformed JPEG 2000 file is\nprocessed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libopenjp2-7:amd64\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjp2-7:i386\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libopenjp2-7-dbg:amd64\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjp2-7-dbg:i386\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libopenjp2-7-dev\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjp2-tools\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjp3d-tools\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjp3d7:amd64\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjp3d7:i386\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libopenjpip-dec-server\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjpip-server\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjpip-viewer\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjpip7:amd64\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenjpip7:i386\", ver:\"2.1.0-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:35", "description": "Multiple vulnerabilities in OpenJPEG,\na JPEG 2000 image compression / decompression library, may result in denial of\nservice or the execution of arbitrary code if a malformed JPEG 2000 file is\nprocessed.", "cvss3": {}, "published": "2017-01-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3768-1 (openjpeg2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8332", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-5159"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703768", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3768.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3768-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703768\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-5159\", \"CVE-2016-8332\", \"CVE-2016-9572\", \"CVE-2016-9573\");\n script_name(\"Debian Security Advisory DSA 3768-1 (openjpeg2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-20 00:00:00 +0100 (Fri, 20 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3768.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 2.1.0-2+deb8u2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openjpeg2 packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities in OpenJPEG,\na JPEG 2000 image compression / decompression library, may result in denial of\nservice or the execution of arbitrary code if a malformed JPEG 2000 file is\nprocessed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libopenjp2-7:amd64\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-7:i386\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libopenjp2-7-dbg:amd64\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-7-dbg:i386\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libopenjp2-7-dev\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-tools\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp3d-tools\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp3d7:amd64\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp3d7:i386\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libopenjpip-dec-server\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip-server\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip-viewer\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip7:amd64\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip7:i386\", ver:\"2.1.0-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-c404a59411", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9581", "CVE-2016-9580"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872167", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-c404a59411\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872167\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-20 06:00:43 +0100 (Tue, 20 Dec 2016)\");\n script_cve_id(\"CVE-2016-9580\", \"CVE-2016-9581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-c404a59411\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c404a59411\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBFRC3OO5376WRT5PO5VE2JL6UB3NBO7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-04T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-3b7f39a8c1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9581", "CVE-2016-9580"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872217", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-3b7f39a8c1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872217\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-04 09:01:52 +0100 (Wed, 04 Jan 2017)\");\n script_cve_id(\"CVE-2016-9580\", \"CVE-2016-9581\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-3b7f39a8c1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-3b7f39a8c1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNAVHS6ULKZQPAM3Q3QNQ6HGSMSH4KE5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-10T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-fc8577bf00", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872113", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-fc8577bf00\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872113\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-10 06:34:51 +0100 (Sat, 10 Dec 2016)\");\n script_cve_id(\"CVE-2016-9573\", \"CVE-2016-9572\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-fc8577bf00\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-fc8577bf00\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4ELDRIRCLKVC64UYYRJN6SPSRC7H5YK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-0b80dcfe5a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872121", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-0b80dcfe5a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872121\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-12 06:27:12 +0100 (Mon, 12 Dec 2016)\");\n script_cve_id(\"CVE-2016-9573\", \"CVE-2016-9572\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-0b80dcfe5a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-0b80dcfe5a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G3C7U32IFCUOTSYNRT6QD5AFHWZ2ELHE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-0bf602e920", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871948", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-0bf602e920\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871948\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:21:35 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-0bf602e920\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-0bf602e920\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN54IKECYKPJVM7SESFLDNL64OZZNW2Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872083\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:27:05 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-f8235d2ef9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f8235d2ef9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6DF5TYBCH2W2BMJZJWWR35PU4CYYRJQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809902", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809902", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809902\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 18:00:05 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-ad1871cf02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ad1871cf02\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENSR5M4KSDDNGFAUAPCEOW7SUW5AFLGA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809972", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809972\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:02 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-c23a8ce9e5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c23a8ce9e5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAJXXJ2V5VUKBDHAQ2DNC4WQ2WO7SGJW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809907\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:31 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openjpeg2 FEDORA-2016-58a8f32c86\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-58a8f32c86\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHS6XBX3YP6VZUVHISLWHGLKVVNNHCL4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.1.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7445"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310809938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809938", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809938\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:45 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-openjpeg2 FEDORA-2016-fe55f449e0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openjpeg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-openjpeg2 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-fe55f449e0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMW3UQHCKGDYD5XPHCM42TOFJ3D6TLSM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openjpeg2\", rpm:\"mingw-openjpeg2~2.1.2~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:33", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2020-1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2018-14423"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201049", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1049\");\n script_version(\"2020-01-23T13:18:11+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-7445\", \"CVE-2018-14423\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:18:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:18:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2020-1049)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1049\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1049\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg2' package(s) announced via the EulerOS-SA-2020-1049 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nconvert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nDivision-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).(CVE-2018-14423)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg2' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.3.0~9.h4.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:42", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192177", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2177\");\n script_version(\"2020-01-23T12:37:34+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:37:34 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:37:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2177)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2177\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2177\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2177 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~17.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2016-7445", "CVE-2013-6887"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192503", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2503\");\n script_version(\"2020-01-23T13:01:53+0000\");\n script_cve_id(\"CVE-2013-6887\", \"CVE-2016-10505\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:01:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:01:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2503)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2503\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2503\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2503 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nOpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\n\nconvert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-27T18:35:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192110", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2110\");\n script_version(\"2020-01-23T12:34:51+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:34:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2110)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2110\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2110\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2110 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~22.h2.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2019-2111)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10506", "CVE-2016-10505", "CVE-2016-7445"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192111", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2111\");\n script_version(\"2020-01-23T12:34:54+0000\");\n script_cve_id(\"CVE-2016-10505\", \"CVE-2016-10506\", \"CVE-2016-7445\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:34:54 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:54 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2019-2111)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2111\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2111\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg2' package(s) announced via the EulerOS-SA-2019-2111 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10506)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg2' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg2\", rpm:\"openjpeg2~2.3.0~9.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:30:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-11T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for openjpeg2 (DLA-1851-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9112", "CVE-2015-1239", "CVE-2018-20847"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891851", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891851", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891851\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-1239\", \"CVE-2016-9112\", \"CVE-2018-20847\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-11 02:00:10 +0000 (Thu, 11 Jul 2019)\");\n script_name(\"Debian LTS: Security Advisory for openjpeg2 (DLA-1851-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1851-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/931294\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/844551\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg2'\n package(s) announced via the DLA-1851-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000\nimage library.\n\nCVE-2016-9112\n\nA floating point exception or divide by zero in the function\nopj_pi_next_cprl may lead to a denial-of-service.\n\nCVE-2018-20847\n\nAn improper computation of values in the function\nopj_get_encoding_parameters can lead to an integer overflow.\nThis issue was partly fixed by the patch for CVE-2015-1239.\");\n\n script_tag(name:\"affected\", value:\"'openjpeg2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.1.0-2+deb8u7.\n\nWe recommend that you upgrade your openjpeg2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjp2-7\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjp2-7-dbg\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjp2-7-dev\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjp2-tools\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjp3d-tools\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjp3d7\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjpip-dec-server\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjpip-server\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjpip-viewer\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenjpip7\", ver:\"2.1.0-2+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:42", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2017-1088)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9675", "CVE-2016-5158", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-5139", "CVE-2016-5159"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171088", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1088\");\n script_version(\"2020-01-23T10:48:41+0000\");\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-7163\", \"CVE-2016-9573\", \"CVE-2016-9675\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:48:41 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:41 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2017-1088)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1088\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1088\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2017-1088 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\nAn out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\nA heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2017-1060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9675", "CVE-2016-5158", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-5139", "CVE-2016-5159"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171060", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1060\");\n script_version(\"2020-01-23T10:47:02+0000\");\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-7163\", \"CVE-2016-9573\", \"CVE-2016-9675\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:47:02 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:02 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2017-1060)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1060\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1060\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2017-1060 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\nAn out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\nA heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:04", "description": "Check the version of openjpeg", "cvss3": {}, "published": "2017-03-30T00:00:00", "type": "openvas", "title": "CentOS Update for openjpeg CESA-2017:0838 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9675", "CVE-2016-5158", "CVE-2016-7163", "CVE-2016-9573", "CVE-2013-6045", "CVE-2016-5139", "CVE-2016-5159"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882686", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882686", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openjpeg CESA-2017:0838 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882686\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-30 06:31:52 +0200 (Thu, 30 Mar 2017)\");\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-7163\",\n \"CVE-2016-9573\", \"CVE-2016-9675\", \"CVE-2013-6045\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openjpeg CESA-2017:0838 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of openjpeg\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenJPEG is an open source library for\nreading and writing image files in JPEG2000 format.\n\nSecurity Fix(es):\n\n * Multiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in OpenJPEG. A specially crafted JPEG2000 image could cause an\napplication using OpenJPEG to crash or, potentially, execute arbitrary\ncode. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n * An out-of-bounds read vulnerability was found in OpenJPEG, in the\nj2k_to_image tool. Converting a specially crafted JPEG2000 file to another\nformat could cause the application to crash or, potentially, disclose some\ndata from the heap. (CVE-2016-9573)\n\n * A heap-based buffer overflow vulnerability was found in OpenJPEG. A\nspecially crafted JPEG2000 image, when read by an application using\nOpenJPEG, could cause the application to crash or, potentially, execute\narbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\nCVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red\nHat Product Security).\");\n script_tag(name:\"affected\", value:\"openjpeg on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0838\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022349.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg\", rpm:\"openjpeg~1.5.1~16.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openjpeg-devel\", rpm:\"openjpeg-devel~1.5.1~16.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-23T00:00:00", "type": "openvas", "title": "RedHat Update for openjpeg RHSA-2017:0838-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9675", "CVE-2016-5158", "CVE-2016-7163", "CVE-2016-9573", "CVE-2013-6045", "CVE-2016-5139", "CVE-2016-5159"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openjpeg RHSA-2017:0838-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871791\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-23 05:46:54 +0100 (Thu, 23 Mar 2017)\");\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-7163\",\n \"CVE-2016-9573\", \"CVE-2016-9675\", \"CVE-2013-6045\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openjpeg RHSA-2017:0838-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjpeg'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenJPEG is an open source library for\nreading and writing image files in JPEG2000 format.\n\nSecurity Fix(es):\n\n * Multiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in OpenJPEG. A specially crafted JPEG2000 image could cause an\napplication using OpenJPEG to crash or, potentially, execute arbitrary\ncode. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n * An out-of-bounds read vulnerability was found in OpenJPEG, in the\nj2k_to_image tool. Converting a specially crafted JPEG2000 file to another\nformat could cause the application to crash or, potentially, disclose some\ndata from the heap. (CVE-2016-9573)\n\n * A heap-based buffer overflow vulnerability was found in OpenJPEG. A\nspecially crafted JPEG2000 image, when read by an application using\nOpenJPEG, could cause the application to crash or, potentially, execute\narbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting\nCVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red\nHat Product Security).\");\n script_tag(name:\"affected\", value:\"openjpeg on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0838-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00065.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openjpeg-debuginfo\", rpm:\"openjpeg-debuginfo~1.5.1~16.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:57", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2639)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10505", "CVE-2017-14040", "CVE-2016-7445", "CVE-2013-1447", "CVE-2013-6887", "CVE-2014-0158", "CVE-2017-14041", "CVE-2017-17479", "CVE-2013-6045"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192639", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2639\");\n script_version(\"2020-01-23T13:52:22+0000\");\n script_cve_id(\"CVE-2013-6887\", \"CVE-2014-0158\", \"CVE-2016-10505\", \"CVE-2016-7445\", \"CVE-2017-14040\", \"CVE-2017-14041\", \"CVE-2017-17479\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:52:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:10:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openjpeg (EulerOS-SA-2019-2639)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2639\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2639\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2013/12/04/6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openjpeg' package(s) announced via the EulerOS-SA-2019-2639 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-14041)\n\nAn invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.(CVE-2017-14040)\n\nconvert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.(CVE-2016-7445)\n\nHeap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in the linked references as only 'null pointer dereferences, division by zero, and anything that would just fit as DoS.'(CVE-2014-0158)\n\nIn OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.(CVE-2017-17479)\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.(CVE-2016-10505)\n\nOpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.(CVE-2013-6887)\");\n\n script_tag(name:\"affected\", value:\"'openjpeg' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openjpeg-libs\", rpm:\"openjpeg-libs~1.5.1~16.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:52", "description": "Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.", "cvss3": {}, "published": "2017-10-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4013-1 (openjpeg2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1628", "CVE-2017-14152", "CVE-2017-14040", "CVE-2017-14151", "CVE-2016-9118", "CVE-2016-10504", "CVE-2017-14039", "CVE-2017-14041", "CVE-2016-5157", "CVE-2016-5152"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704013", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4013.nasl 14275 2019-03-18 14:39:45Z cfischer $\n#\n# Auto-generated from advisory DSA 4013-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704013\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-10504\", \"CVE-2016-1628\", \"CVE-2016-5152\", \"CVE-2016-5157\", \"CVE-2016-9118\", \"CVE-2017-14039\", \"CVE-2017-14040\", \"CVE-2017-14041\", \"CVE-2017-14151\", \"CVE-2017-14152\");\n script_name(\"Debian Security Advisory DSA 4013-1 (openjpeg2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-31 00:00:00 +0100 (Tue, 31 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4013.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"openjpeg2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 2.1.0-2+deb8u3.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.1.2-1.1+deb9u2.\n\nWe recommend that you upgrade your openjpeg2 packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libopenjp2-7\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-7-dbg\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-7-dev\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-tools\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp3d-tools\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp3d7\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip-dec-server\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip-server\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip-viewer\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip7\", ver:\"2.1.0-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-7\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-7-dbg\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-7-dev\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp2-tools\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp3d-tools\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjp3d7\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip-dec-server\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip-server\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip-viewer\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libopenjpip7\", ver:\"2.1.2-1.1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112) There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9113) There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9114) Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9115) NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9116) NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9117) Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-18T21:50:00", "type": "mageia", "title": "Updated openjpeg2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2017-02-18T21:50:00", "id": "MGASA-2017-0051", "href": "https://advisories.mageia.org/MGASA-2017-0051.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "A NULL pointer dereference flaw was found in the way openjpeg decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image (CVE-2016-9572). A heap buffer overflow flaw was found in the way openjpeg decompressed certain input images. Due to an insufficient check in the imagetopnm() function, an application using openjpeg to process image data could crash when processing a crafted image (CVE-2016-9573). An integer overflow vulnerability was found in tiftoimage function resulting into heap buffer overflow (CVE-2016-9580). An infinite loop vulnerability in tiftoimage that results into heap buffer overflow in convert_32s_C1P1 was found (CVE-2016-9581) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-12-29T10:29:11", "type": "mageia", "title": "Updated openjpeg2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2016-12-29T10:29:11", "id": "MGASA-2016-0426", "href": "https://advisories.mageia.org/MGASA-2016-0426.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "The openjpeg library was vulnerable to a crash when converting images due to a NULL pointer dereference in read_pnm_header() (CVE-2016-7445). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-23T08:49:50", "type": "mageia", "title": "Updated openjpeg packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-20T22:35:16", "id": "MGASA-2016-0353", "href": "https://advisories.mageia.org/MGASA-2016-0353.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in opj_tcd_free_tile() (CVE-2016-3181). A specially crafted JPEG2000 image file can force Heap Corruption in opj_free() (CVE-2016-3182). A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in sycc422_to_rgb() (CVE-2016-3183). OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb() in color.c (CVE-2016-4796). OpenJPEG division-by-zero in function opj_tcd_init_tile() in tcd.c (CVE-2016-4797). Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data (CVE-2016-5157). Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write (CVE-2016-7163). convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s (CVE-2016-7445). A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution (CVE-2016-8332). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-11-03T09:02:50", "type": "mageia", "title": "Updated openjpeg2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3181", "CVE-2016-3182", "CVE-2016-3183", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5157", "CVE-2016-7163", "CVE-2016-7445", "CVE-2016-8332"], "modified": "2016-11-03T09:02:50", "id": "MGASA-2016-0362", "href": "https://advisories.mageia.org/MGASA-2016-0362.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. (CVE-2016-5139) Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. (CVE-2016-5158) Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. (CVE-2016-5159) Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. (CVE-2016-7163) An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573 \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-02T06:37:59", "type": "mageia", "title": "Updated openjpeg packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573"], "modified": "2017-05-02T06:37:59", "id": "MGASA-2017-0122", "href": "https://advisories.mageia.org/MGASA-2017-0122.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:52:49", "description": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-01T03:17:49", "type": "redhatcve", "title": "CVE-2016-9118", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2019-10-12T00:54:01", "id": "RH:CVE-2016-9118", "href": "https://access.redhat.com/security/cve/cve-2016-9118", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:52:48", "description": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-01T03:18:15", "type": "redhatcve", "title": "CVE-2016-9117", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2019-10-12T00:53:54", "id": "RH:CVE-2016-9117", "href": "https://access.redhat.com/security/cve/cve-2016-9117", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:52:48", "description": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-01T03:18:27", "type": "redhatcve", "title": "CVE-2016-9114", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2019-10-12T00:53:46", "id": "RH:CVE-2016-9114", "href": "https://access.redhat.com/security/cve/cve-2016-9114", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-03T01:50:08", "description": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-01T03:18:22", "type": "redhatcve", "title": "CVE-2016-9115", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2019-10-12T00:53:50", "id": "RH:CVE-2016-9115", "href": "https://access.redhat.com/security/cve/cve-2016-9115", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:52:48", "description": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-01T03:17:56", "type": "redhatcve", "title": "CVE-2016-9113", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2019-10-12T00:53:41", "id": "RH:CVE-2016-9113", "href": "https://access.redhat.com/security/cve/cve-2016-9113", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:52:48", "description": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-01T03:18:17", "type": "redhatcve", "title": "CVE-2016-9116", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2019-10-12T00:53:52", "id": "RH:CVE-2016-9116", "href": "https://access.redhat.com/security/cve/cve-2016-9116", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:52:05", "description": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-15T19:10:44", "type": "redhatcve", "title": "CVE-2016-9580", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9580"], "modified": "2019-10-12T00:59:24", "id": "RH:CVE-2016-9580", "href": "https://access.redhat.com/security/cve/cve-2016-9580", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:06", "description": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-15T19:10:53", "type": "redhatcve", "title": "CVE-2016-9581", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9581"], "modified": "2019-10-12T00:59:27", "id": "RH:CVE-2016-9581", "href": "https://access.redhat.com/security/cve/cve-2016-9581", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:47", "description": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-08T09:17:31", "type": "redhatcve", "title": "CVE-2016-9572", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572"], "modified": "2019-10-12T00:59:08", "id": "RH:CVE-2016-9572", "href": "https://access.redhat.com/security/cve/cve-2016-9572", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:53:07", "description": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-09T05:47:27", "type": "redhatcve", "title": "CVE-2016-8332", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8332"], "modified": "2019-10-12T00:37:46", "id": "RH:CVE-2016-8332", "href": "https://access.redhat.com/security/cve/cve-2016-8332", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-20T21:15:01", "description": "An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-12-08T09:17:25", "type": "redhatcve", "title": "CVE-2016-9573", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9573"], "modified": "2022-01-20T21:03:57", "id": "RH:CVE-2016-9573", "href": "https://access.redhat.com/security/cve/cve-2016-9573", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-09-02T22:51:24", "description": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-01T02:47:40", "type": "redhatcve", "title": "CVE-2016-9112", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9112"], "modified": "2019-10-12T00:53:37", "id": "RH:CVE-2016-9112", "href": "https://access.redhat.com/security/cve/cve-2016-9112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-20T23:53:42", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mingw-openjpeg2-2.2.0-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2017-08-20T23:53:42", "id": "FEDORA:1F3D1602E7E1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EXIR7QKA6S5UXAOVEZ2RJDWG3CHLDE7Q/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-01T21:51:40", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mingw-openjpeg2-2.1.2-3.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2017-01-01T21:51:40", "id": "FEDORA:1A14B602F582", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7CXCIZ64VWB7OCAYZJZSISRAEPLAOBW2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-01T23:18:41", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-openjpeg2-2.1.2-3.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581"], "modified": "2017-01-01T23:18:41", "id": "FEDORA:0CB3260608E3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EGTRTPSEUAYXZ6C5CICE5K66RT3LO5ZR/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 7.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 4.7}, "published": "2017-08-13T20:56:24", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: openjpeg2-2.2.0-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118"], "modified": "2017-08-13T20:56:24", "id": "FEDORA:07C30602F04F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2PJNE4QIJJNGE56J5SUTAQFVK6D4Y4FY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-19T23:26:27", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-3.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9580", "CVE-2016-9581"], "modified": "2016-12-19T23:26:27", "id": "FEDORA:F1D5660875BD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FBFRC3OO5376WRT5PO5VE2JL6UB3NBO7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-01T23:18:38", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: openjpeg2-2.1.2-3.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9580", "CVE-2016-9581"], "modified": "2017-01-01T23:18:38", "id": "FEDORA:D52A760608E3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TNAVHS6ULKZQPAM3Q3QNQ6HGSMSH4KE5/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-12-09T22:31:42", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573"], "modified": "2016-12-09T22:31:42", "id": "FEDORA:6DF8E601FBFA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q4ELDRIRCLKVC64UYYRJN6SPSRC7H5YK/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-12-11T21:55:31", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: openjpeg2-2.1.2-2.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573"], "modified": "2016-12-11T21:55:31", "id": "FEDORA:049F860C2514", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G3C7U32IFCUOTSYNRT6QD5AFHWZ2ELHE/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-01T00:53:41", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: openjpeg2-2.1.2-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-01T00:53:41", "id": "FEDORA:A5CD160600CD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GHS6XBX3YP6VZUVHISLWHGLKVVNNHCL4/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T03:17:16", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mingw-openjpeg2-2.1.2-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T03:17:16", "id": "FEDORA:4EF9D604C914", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D6DF5TYBCH2W2BMJZJWWR35PU4CYYRJQ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T03:17:23", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T03:17:23", "id": "FEDORA:1FC5760879A1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BN54IKECYKPJVM7SESFLDNL64OZZNW2Z/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T06:26:29", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-openjpeg2-2.1.2-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T06:26:29", "id": "FEDORA:0E2196058513", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YAJXXJ2V5VUKBDHAQ2DNC4WQ2WO7SGJW/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "MinGW Windows openjpeg2 library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T09:26:01", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mingw-openjpeg2-2.1.2-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T09:26:01", "id": "FEDORA:DC070605E1F6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MMW3UQHCKGDYD5XPHCM42TOFJ3D6TLSM/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profil e-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple component transforms for multispectral and hyperspectral imagery) ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-09T09:26:07", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openjpeg2-2.1.2-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-09T09:26:07", "id": "FEDORA:E22266087495", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ENSR5M4KSDDNGFAUAPCEOW7SUW5AFLGA/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:04:47", "description": "### Background\n\nOpenJPEG is an open-source JPEG 2000 library.\n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenJPEG. Please review the references below for details. \n\n### Impact\n\nA remote attacker, via a crafted BMP, PDF, or j2k document, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenJPEG users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/openjpeg-2.3.0:2\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-23T00:00:00", "type": "gentoo", "title": "OpenJPEG: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10504", "CVE-2016-10505", "CVE-2016-10506", "CVE-2016-10507", "CVE-2016-1626", "CVE-2016-1628", "CVE-2016-9112", "CVE-2016-9113", "CVE-2016-9114", "CVE-2016-9115", "CVE-2016-9116", "CVE-2016-9117", "CVE-2016-9118", "CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581", "CVE-2017-12982", "CVE-2017-14039", "CVE-2017-14164"], "modified": "2017-10-23T00:00:00", "id": "GLSA-201710-26", "href": "https://security.gentoo.org/glsa/201710-26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-17T19:06:09", "description": "### Background\n\nOpenJPEG is an open-source JPEG 2000 library.\n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted JPEG file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenJPEG 2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-libs/openjpeg-2.1.1_p20160922:2\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-08T00:00:00", "type": "gentoo", "title": "OpenJPEG: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8871", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-3181", "CVE-2016-3182", "CVE-2016-3183", "CVE-2016-7445"], "modified": "2016-12-08T00:00:00", "id": "GLSA-201612-26", "href": "https://security.gentoo.org/glsa/201612-26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-12-18T23:02:43", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3768-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 20, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjpeg2\nCVE ID : CVE-2016-5159 CVE-2016-8332 CVE-2016-9572 CVE-2016-9573\n\nMultiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.\n\t\t \nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-2+deb8u2.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-20T22:07:58", "type": "debian", "title": "[SECURITY] [DSA 3678-1] openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5159", "CVE-2016-8332", "CVE-2016-9572", "CVE-2016-9573"], "modified": "2017-01-20T22:07:58", "id": "DEBIAN:DSA-3678-1:F57E2", "href": "https://lists.debian.org/debian-security-announce/2017/msg00019.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-26T19:34:22", "description": "Package : openjpeg2\nVersion : 2.1.0-2+deb8u7\nCVE ID : CVE-2016-9112 CVE-2018-20847\nDebian Bug : 931294 844551\n\nTwo security vulnerabilities were discovered in openjpeg2, a JPEG 2000\nimage library.\n\nCVE-2016-9112\n\n A floating point exception or divide by zero in the function\n opj_pi_next_cprl may lead to a denial-of-service.\n\nCVE-2018-20847\n\n An improper computation of values in the function\n opj_get_encoding_parameters can lead to an integer overflow.\n This issue was partly fixed by the patch for CVE-2015-1239.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.1.0-2+deb8u7.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-07-10T18:17:41", "type": "debian", "title": "[SECURITY] [DLA 1851-1] openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1239", "CVE-2016-9112", "CVE-2018-20847"], "modified": "2019-07-10T18:17:41", "id": "DEBIAN:DLA-1851-1:4EDE1", "href": "https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T12:48:37", "description": "Package : openjpeg2\nVersion : 2.1.0-2+deb8u7\nCVE ID : CVE-2016-9112 CVE-2018-20847\nDebian Bug : 931294 844551\n\nTwo security vulnerabilities were discovered in openjpeg2, a JPEG 2000\nimage library.\n\nCVE-2016-9112\n\n A floating point exception or divide by zero in the function\n opj_pi_next_cprl may lead to a denial-of-service.\n\nCVE-2018-20847\n\n An improper computation of values in the function\n opj_get_encoding_parameters can lead to an integer overflow.\n This issue was partly fixed by the patch for CVE-2015-1239.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.1.0-2+deb8u7.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-10T18:17:41", "type": "debian", "title": "[SECURITY] [DLA 1851-1] openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1239", "CVE-2016-9112", "CVE-2018-20847"], "modified": "2019-07-10T18:17:41", "id": "DEBIAN:DLA-1851-1:F8F52", "href": "https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-29T01:01:11", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4013-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 31, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjpeg2\nCVE ID : CVE-2016-1628 CVE-2016-5152 CVE-2016-5157 CVE-2016-9118\n CVE-2016-10504 CVE-2017-14039 CVE-2017-14040\n\t\t CVE-2017-14041 CVE-2017-14151 CVE-2017-14152\n\nMultiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 2.1.0-2+deb8u3.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.1.2-1.1+deb9u2.\n\nWe recommend that you upgrade your openjpeg2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T22:01:32", "type": "debian", "title": "[SECURITY] [DSA 4013-1] openjpeg2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10504", "CVE-2016-1628", "CVE-2016-5152", "CVE-2016-5157", "CVE-2016-9118", "CVE-2017-14039", "CVE-2017-14040", "CVE-2017-14041", "CVE-2017-14151", "CVE-2017-14152"], "modified": "2017-10-31T22:01:32", "id": "DEBIAN:DSA-4013-1:DCD18", "href": "https://lists.debian.org/debian-security-announce/2017/msg00275.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:11:52", "description": "\nMultiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-2+deb8u2.\n\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\n\nWe recommend that you upgrade your openjpeg2 packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-01-20T00:00:00", "type": "osv", "title": "openjpeg2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5158", "CVE-2016-5159", "CVE-2016-8332", "CVE-2016-9572", "CVE-2016-9573"], "modified": "2022-08-10T07:11:49", "id": "OSV:DSA-3768-1", "href": "https://osv.dev/vulnerability/DSA-3768-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:32", "description": "\nTwo security vulnerabilities were discovered in openjpeg2, a JPEG 2000\nimage library.\n\n\n* [CVE-2016-9112](https://security-tracker.debian.org/tracker/CVE-2016-9112)\nA floating point exception or divide by zero in the function\n opj\\_pi\\_next\\_cprl may lead to a denial-of-service.\n* [CVE-2018-20847](https://security-tracker.debian.org/tracker/CVE-2018-20847)\nAn improper computation of values in the function\n opj\\_get\\_encoding\\_parameters can lead to an integer overflow.\n This issue was partly fixed by the patch for [CVE-2015-1239](https://security-tracker.debian.org/tracker/CVE-2015-1239).\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2.1.0-2+deb8u7.\n\n\nWe recommend that you upgrade your openjpeg2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-07-10T00:00:00", "type": "osv", "title": "openjpeg2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1239", "CVE-2016-9112", "CVE-2018-20847"], "modified": "2022-08-05T05:18:31", "id": "OSV:DLA-1851-1", "href": "https://osv.dev/vulnerability/DLA-1851-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:24:27", "description": "\nMultiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 2.1.0-2+deb8u3.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.1.2-1.1+deb9u2.\n\n\nWe recommend that you upgrade your openjpeg2 packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "osv", "title": "openjpeg2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1626", "CVE-2016-1628", "CVE-2016-5152", "CVE-2016-9118", "CVE-2017-14039", "CVE-2017-14040", "CVE-2017-14041", "CVE-2017-14152"], "modified": "2022-07-21T05:49:37", "id": "OSV:DSA-4013-1", "href": "https://osv.dev/vulnerability/DSA-4013-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2021-07-28T14:46:42", "description": "New openjpeg packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz: Upgraded.\n This update fixes security issues which may lead to a denial of service\n or possibly remote code execution.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12982\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14040\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14164\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openjpeg-2.3.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openjpeg-2.3.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/openjpeg-2.3.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/openjpeg-2.3.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 package:\nc78cde70d1a1747d2f4cf426938ab9c3 openjpeg-2.3.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n5f835fa6479eb3090d4268fac1e5205e openjpeg-2.3.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc7e3989424543c80b46a80ae428bc8c5 l/openjpeg-2.3.0-i586-1.txz\n\nSlackware x86_64 -current package:\n55bb3a432bed62fcf69c5a33f86529f6 l/openjpeg-2.3.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg openjpeg-2.3.0-i586-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-06T06:34:10", "type": "slackware", "title": "[slackware-security] openjpeg", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572", "CVE-2016-9573", "CVE-2016-9580", "CVE-2016-9581", "CVE-2017-12982", "CVE-2017-14039", "CVE-2017-14040", "CVE-2017-14041", "CVE-2017-14151", "CVE-2017-14152", "CVE-2017-14164"], "modified": "2017-10-06T06:34:10", "id": "SSA-2017-279-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.395569", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T16:32:58", "description": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-01T16:29:00", "type": "cve", "title": "CVE-2016-9580", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9580"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9580", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9580", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:33:02", "description": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-01T14:29:00", "type": "cve", "title": "CVE-2016-9581", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9581"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9581", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9581", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:11:53", "description": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "cve", "title": "CVE-2016-9117", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9117"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9117", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9117", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:32:37", "description": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-01T16:29:00", "type": "cve", "title": "CVE-2016-9572", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2016-9572", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9572", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-20T00:51:30", "description": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-10-28T14:59:00", "type": "cve", "title": "CVE-2016-8332", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8332"], "modified": "2022-04-19T20:15:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.1"], "id": "CVE-2016-8332", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8332", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:17:38", "description": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-03T16:09:00", "type": "cve", "title": "CVE-2016-7445", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.1", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-7445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:a:uclouvain:openjpeg:2.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:32:41", "description": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2018-08-01T06:29:00", "type": "cve", "title": "CVE-2016-9573", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9573"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/a:uclouvain:openjpeg:2.1.2", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3"], "id": "CVE-2016-9573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9573", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:12:01", "description": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-10-30T22:59:00", "type": "cve", "title": "CVE-2016-9118", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9118"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9118", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9118", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:11:35", "description": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "cve", "title": "CVE-2016-9113", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9113", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9113", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:11:45", "description": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "cve", "title": "CVE-2016-9115", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9115"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9115", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:12:15", "description": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "cve", "title": "CVE-2016-9114", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9114"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9114", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9114", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:11:47", "description": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "cve", "title": "CVE-2016-9116", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9116"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9116", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:11:28", "description": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-29T10:59:00", "type": "cve", "title": "CVE-2016-9112", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9112"], "modified": "2020-09-09T19:57:00", "cpe": ["cpe:/a:uclouvain:openjpeg:2.1.2"], "id": "CVE-2016-9112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uclouvain:openjpeg:2.1.2:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T13:47:27", "description": "An integer overflow vulnerability was found in tiftoimage function in\nopenjpeg 2.1.2, resulting in heap buffer overflow.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-01T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9580", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9580"], "modified": "2018-08-01T00:00:00", "id": "UB:CVE-2016-9580", "href": "https://ubuntu.com/security/CVE-2016-9580", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:47:27", "description": "An infinite loop vulnerability in tiftoimage that results in heap buffer\noverflow in convert_32s_C1P1 was found in openjpeg 2.1.2.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-01T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9581", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9581"], "modified": "2018-08-01T00:00:00", "id": "UB:CVE-2016-9581", "href": "https://ubuntu.com/security/CVE-2016-9581", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:08:01", "description": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in\nOpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted\nj2k file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9117", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9117"], "modified": "2016-10-30T00:00:00", "id": "UB:CVE-2016-9117", "href": "https://ubuntu.com/security/CVE-2016-9117", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:47:26", "description": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded\ncertain input images. Due to a logic error in the code responsible for\ndecoding the input image, an application using openjpeg to process image\ndata could crash when processing a crafted image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-01T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9572", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572"], "modified": "2018-08-01T00:00:00", "id": "UB:CVE-2016-9572", "href": "https://ubuntu.com/security/CVE-2016-9572", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:08:04", "description": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when\nparsing a crafted image. An exploitable code execution vulnerability exists\nin the jpeg2000 image file format parser as implemented in the OpenJpeg\nlibrary. A specially crafted jpeg2000 file can cause an out of bound heap\nwrite resulting in heap corruption leading to arbitrary code execution. For\na successful attack, the target user needs to open a malicious jpeg2000\nfile. The jpeg2000 image file format is mostly used for embedding images\ninside PDF documents and the OpenJpeg library is used by a number of\npopular PDF renderers making PDF documents a likely attack vector.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/1630702>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | code not present in openjpeg 1.x\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-10-28T00:00:00", "type": "ubuntucve", "title": "CVE-2016-8332", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8332"], "modified": "2016-10-28T00:00:00", "id": "UB:CVE-2016-8332", "href": "https://ubuntu.com/security/CVE-2016-8332", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:08:37", "description": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a\ndenial of service (NULL pointer dereference and application crash) via\nvectors involving the variable s.\n\n#### Bugs\n\n * <https://github.com/uclouvain/openjpeg/issues/843>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-03T00:00:00", "type": "ubuntucve", "title": "CVE-2016-7445", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-03T00:00:00", "id": "UB:CVE-2016-7445", "href": "https://ubuntu.com/security/CVE-2016-7445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:47:28", "description": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the\nj2k_to_image tool. Converting a specially crafted JPEG2000 file to another\nformat could cause the application to crash or, potentially, disclose some\ndata from the heap.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2018-08-01T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9573", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9573"], "modified": "2018-08-01T00:00:00", "id": "UB:CVE-2016-9573", "href": "https://ubuntu.com/security/CVE-2016-9573", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-04T14:08:01", "description": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of\nconvert.c:1719 in OpenJPEG 2.1.2.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-10-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9118", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9118"], "modified": "2016-10-30T00:00:00", "id": "UB:CVE-2016-9118", "href": "https://ubuntu.com/security/CVE-2016-9118", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:08:02", "description": "There is a NULL pointer dereference in function imagetobmp of\nconvertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a\nvalue after initialization(NULL). Impact is Denial of Service.\n\n#### Bugs\n\n * <https://github.com/uclouvain/openjpeg/issues/856>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9113", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113"], "modified": "2016-10-30T00:00:00", "id": "UB:CVE-2016-9113", "href": "https://ubuntu.com/security/CVE-2016-9113", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:08:03", "description": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in\nOpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted\nj2k file.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844554>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1390231>\n * <https://github.com/uclouvain/openjpeg/issues/858>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9115", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9115"], "modified": "2016-10-30T00:00:00", "id": "UB:CVE-2016-9115", "href": "https://ubuntu.com/security/CVE-2016-9115", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:08:02", "description": "There is a NULL Pointer Access in function imagetopnm of\nconvert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not\nassigned a value after initialization(NULL). Impact is Denial of Service.\n\n#### Bugs\n\n * <https://github.com/uclouvain/openjpeg/issues/857>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9114", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9114"], "modified": "2016-10-30T00:00:00", "id": "UB:CVE-2016-9114", "href": "https://ubuntu.com/security/CVE-2016-9114", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:08:03", "description": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in\nOpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted\nj2k file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9116", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9116"], "modified": "2016-10-30T00:00:00", "id": "UB:CVE-2016-9116", "href": "https://ubuntu.com/security/CVE-2016-9116", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:08:03", "description": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl\nfunction in openjp2/pi.c:523 in OpenJPEG 2.1.2.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-29T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9112", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9112"], "modified": "2016-10-29T00:00:00", "id": "UB:CVE-2016-9112", "href": "https://ubuntu.com/security/CVE-2016-9112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:20", "description": "An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-01T16:29:00", "type": "debiancve", "title": "CVE-2016-9580", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9580"], "modified": "2018-08-01T16:29:00", "id": "DEBIANCVE:CVE-2016-9580", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9580", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-01T14:29:00", "type": "debiancve", "title": "CVE-2016-9581", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9581"], "modified": "2018-08-01T14:29:00", "id": "DEBIANCVE:CVE-2016-9581", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9581", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "debiancve", "title": "CVE-2016-9117", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9117"], "modified": "2016-10-30T22:59:00", "id": "DEBIANCVE:CVE-2016-9117", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9117", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-01T16:29:00", "type": "debiancve", "title": "CVE-2016-9572", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9572"], "modified": "2018-08-01T16:29:00", "id": "DEBIANCVE:CVE-2016-9572", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9572", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-10-28T14:59:00", "type": "debiancve", "title": "CVE-2016-8332", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8332"], "modified": "2016-10-28T14:59:00", "id": "DEBIANCVE:CVE-2016-8332", "href": "https://security-tracker.debian.org/tracker/CVE-2016-8332", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-03T16:09:00", "type": "debiancve", "title": "CVE-2016-7445", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7445"], "modified": "2016-10-03T16:09:00", "id": "DEBIANCVE:CVE-2016-7445", "href": "https://security-tracker.debian.org/tracker/CVE-2016-7445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2018-08-01T06:29:00", "type": "debiancve", "title": "CVE-2016-9573", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9573"], "modified": "2018-08-01T06:29:00", "id": "DEBIANCVE:CVE-2016-9573", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9573", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2016-10-30T22:59:00", "type": "debiancve", "title": "CVE-2016-9118", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9118"], "modified": "2016-10-30T22:59:00", "id": "DEBIANCVE:CVE-2016-9118", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9118", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "debiancve", "title": "CVE-2016-9113", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9113"], "modified": "2016-10-30T22:59:00", "id": "DEBIANCVE:CVE-2016-9113", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9113", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "debiancve", "title": "CVE-2016-9115", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9115"], "modified": "2016-10-30T22:59:00", "id": "DEBIANCVE:CVE-2016-9115", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9115", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "debiancve", "title": "CVE-2016-9114", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9114"], "modified": "2016-10-30T22:59:00", "id": "DEBIANCVE:CVE-2016-9114", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9114", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-30T22:59:00", "type": "debiancve", "title": "CVE-2016-9116", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9116"], "modified": "2016-10-30T22:59:00", "id": "DEBIANCVE:CVE-2016-9116", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9116", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:01:20", "description": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-29T10:59:00", "type": "debiancve", "title": "CVE-2016-9112", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9112"], "modified": "2016-10-29T10:59:00", "id": "DEBIANCVE:CVE-2016-9112", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:38:16", "description": "An out-of-bounds write vulnerability has been discovered in OpenJPEG. The vulnerability is due to a lack of validation on the index values of MCC markers when parsing maliciously crafted JPEG2000 image files. A remote attacker could exploit this vulnerability by enticing a user to open a malicious JPEG file with a vulnerable application. Successful exploitation would result in execution of arbitrary attacker code in the security context of the target user.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-03T00:00:00", "type": "checkpoint_advisories", "title": "OpenJPEG JPEG2000 Image Processing Out-of-Bounds Write (CVE-2016-8332)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8332"], "modified": "2019-06-17T00:00:00", "id": "CPAI-2016-0993", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "talos": [{"lastseen": "2022-01-26T11:54:03", "description": "### Summary\n\nAn exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.\n\n### Tested Versions\n\nOpenJpeg openjp2 2.1.1\n\n### Product URLs\n\n<http://www.openjpeg.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### Details\n\nThe OpenJpeg library is a reference implementation of JPEG2000 standard and is used by many popular PDF renderers. Most notably Poppler, MuPDF and Pdfium.\n\nDue to an error while parsing `mcc` records in the jpeg2000 file, out of bounds memory can be accessed resulting in an erroneous read and write of adjacent heap area memory. Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control.\n\nThe vulnerability lies in `opj_j2k_read_mcc_record` function in `src/lib/openjp2/j2k.c` file which is responsible for parsing `mcc` records.\n \n \n ```\n l_mcc_record = l_tcp->m_mcc_records;\n \n for(i=0;i<l_tcp->m_nb_mcc_records;++i) {\n if (l_mcc_record->m_index == l_indix) {\n break;\n }\n ++l_mcc_record;\n }\n ```\n \n\nWhen an `mcc` record is being parsed, a `l_mcc_recprd` array is being iterated over in search of appropriate index. Next, if the index is not found, the following code is executed:\n \n \n ```\n if (i == l_tcp->m_nb_mcc_records) {\n if (l_tcp->m_nb_mcc_records == l_tcp->m_nb_max_mcc_records) {\n opj_simple_mcc_decorrelation_data_t *new_mcc_records;\n l_tcp->m_nb_max_mcc_records += OPJ_J2K_MCC_DEFAULT_NB_RECORDS;\n \n new_mcc_records = (opj_simple_mcc_decorrelation_data_t *) opj_realloc(\n l_tcp->m_mcc_records, l_tcp->m_nb_max_mcc_records * sizeof(opj_simple_mcc_decorrelation_data_t));\n if (! new_mcc_records) {\n opj_free(l_tcp->m_mcc_records);\n l_tcp->m_mcc_records = NULL;\n l_tcp->m_nb_max_mcc_records = 0;\n l_tcp->m_nb_mcc_records = 0;\n opj_event_msg(p_manager, EVT_ERROR, \"Not enough memory to read MCC marker\\n\");\n return OPJ_FALSE;\n }\n l_tcp->m_mcc_records = new_mcc_records;\n l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;\n memset(l_mcc_record,0,(l_tcp->m_nb_max_mcc_records-l_tcp->m_nb_mcc_records) * sizeof(opj_simple_mcc_decorrelation_data_t));\n }\n l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;\n }\n l_mcc_record->m_index = l_indix;\n ```\n \n\nThe first if statement is entered if the index was not found, then, if current number of records has reached a maximum of `l_tcp->m_nb_max_mcc_records` (which is 10 initially), maximum is increased and memory is reallocated to accommodate more records. At the end of the function, number of records is increased:\n \n \n ```\n ++l_tcp->m_nb_mcc_records;\n return OPJ_TRUE;\n ```\n \n\nThe vulnerability in the above code lies in the improper increment of the number of records at the end of the function. If a malicious image is created, such that it has a number of `mcc` records with the same (zero) index, the counter in the for loop can never reach the value that would satisfy `i == l_tcp->m_nb_mcc_records` condition. If there are 10 or more such objects, `l_tcp->m_nb_mcc_records` will be increased to more than `l_tcp->m_nb_max_mcc_records` without actually reallocating the appropriate amount of memory. If then there is an mcc record with a different index in the image, the if condition inside the for loop won\u2019t ever be true, which will lead to `l_mcc_record` pointer being increased out of bounds, causing an out of bounds read. Further on, this out of bounds pointer is retained and is used in a write operation when its index is being updated by a controlled value.\n\nBy varying the number of mcc records, an attacker can target a particular heap memory area and by abusing the same bug multiple times gain enough control over the process memory to get arbitrary code execution.\n\n### Crash Information\n \n \n ```\n bash-4.3$ valgrind $opj_decompress -i minimal.jp2 -o dasd.bmp\n ==13197== Memcheck, a memory error detector\n ==13197== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.\n ==13197== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info\n ==13197== Command:../openjpeg/build/bin/opj_decompress -i minimal.jp2 -o dasd.bmp\n ==13197==\n \n [INFO] Start to read j2k main header (119).\n \n ==13197== Invalid read of size 4\n ==13197== at 0x4049768: opj_j2k_read_mcc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\n ==13197== Address 0x4439080 is 0 bytes after a block of size 200 alloc'd\n ==13197== at 0x402CEBA: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)\n ==13197== by 0x406D4C2: opj_calloc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x40436B6: opj_j2k_read_siz (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\n ==13197==\n ==13197== Invalid write of size 4\n ==13197== at 0x4049940: opj_j2k_read_mcc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\n ==13197== Address 0x4439094 is 20 bytes after a block of size 200 in arena \"client\"\n ==13197==\n [ERROR] Error reading MCC marker\n [ERROR] Marker handler function failed to read the marker segment\n ```\n \n\nIn the above Valgrind output, an invalid out of bounds read and write is recorded.\n\n### Timeline\n\n2016-07-26 - Vendor Disclosure \n2016-09-29 - Public Release\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-29T00:00:00", "type": "talos", "title": "OpenJPEG JPEG2000 mcc record Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8332"], "modified": "2016-09-29T00:00:00", "id": "TALOS-2016-0193", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0193", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T11:56:27", "description": "### Summary\r\nAn exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.\r\n\r\n### Tested Versions\r\nOpenJpeg openjp2 2.1.1\r\n\r\n### Product URLs\r\nhttp://www.openjpeg.org/\r\n\r\n### CVSSv3 Score\r\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\r\n\r\n### Details\r\nThe OpenJpeg library is a reference implementation of JPEG2000 standard and is used by many popular PDF renderers. Most notably Poppler, MuPDF and Pdfium.\r\n\r\nDue to an error while parsing `mcc` records in the jpeg2000 file, out of bounds memory can be accessed resulting in an erroneous read and write of adjacent heap area memory. Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control.\r\n\r\nThe vulnerability lies in `opj_j2k_read_mcc_record` function in `src/lib/openjp2/j2k.c` file which is responsible for parsing `mcc` records.\r\n```\r\n l_mcc_record = l_tcp->m_mcc_records;\r\n\r\n for(i=0;i<l_tcp->m_nb_mcc_records;++i) {\r\n if (l_mcc_record->m_index == l_indix) {\r\n break;\r\n }\r\n ++l_mcc_record;\r\n }\r\n```\r\nWhen an `mcc` record is being parsed, a `l_mcc_recprd` array is being iterated over in search of appropriate index. Next, if the index is not found, the following code is executed:\r\n```\r\n if (i == l_tcp->m_nb_mcc_records) {\r\n if (l_tcp->m_nb_mcc_records == l_tcp->m_nb_max_mcc_records) {\r\n opj_simple_mcc_decorrelation_data_t *new_mcc_records;\r\n l_tcp->m_nb_max_mcc_records += OPJ_J2K_MCC_DEFAULT_NB_RECORDS;\r\n\r\n new_mcc_records = (opj_simple_mcc_decorrelation_data_t *) opj_realloc(\r\n l_tcp->m_mcc_records, l_tcp->m_nb_max_mcc_records * sizeof(opj_simple_mcc_decorrelation_data_t));\r\n if (! new_mcc_records) {\r\n opj_free(l_tcp->m_mcc_records);\r\n l_tcp->m_mcc_records = NULL;\r\n l_tcp->m_nb_max_mcc_records = 0;\r\n l_tcp->m_nb_mcc_records = 0;\r\n opj_event_msg(p_manager, EVT_ERROR, \"Not enough memory to read MCC marker\\n\");\r\n return OPJ_FALSE;\r\n }\r\n l_tcp->m_mcc_records = new_mcc_records;\r\n l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;\r\n memset(l_mcc_record,0,(l_tcp->m_nb_max_mcc_records-l_tcp->m_nb_mcc_records) * sizeof(opj_simple_mcc_decorrelation_data_t));\r\n }\r\n l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;\r\n }\r\n l_mcc_record->m_index = l_indix;\r\n```\r\nThe first if statement is entered if the index was not found, then, if current number of records has reached a maximum of `l_tcp->m_nb_max_mcc_records` (which is 10 initially), maximum is increased and memory is reallocated to accommodate more records. At the end of the function, number of records is increased:\r\n```\r\n ++l_tcp->m_nb_mcc_records;\r\n return OPJ_TRUE;\r\n```\r\nThe vulnerability in the above code lies in the improper increment of the number of records at the end of the function. If a malicious image is created, such that it has a number of `mcc` records with the same (zero) index, the counter in the for loop can never reach the value that would satisfy `i == l_tcp->m_nb_mcc_records` condition. If there are 10 or more such objects, `l_tcp->m_nb_mcc_records` will be increased to more than `l_tcp->m_nb_max_mcc_records` without actually reallocating the appropriate amount of memory. If then there is an mcc record with a different index in the image, the if condition inside the for loop won\u2019t ever be true, which will lead to `l_mcc_record` pointer being increased out of bounds, causing an out of bounds read. Further on, this out of bounds pointer is retained and is used in a write operation when its index is being updated by a controlled value.\r\n\r\nBy varying the number of mcc records, an attacker can target a particular heap memory area and by abusing the same bug multiple times gain enough control over the process memory to get arbitrary code execution.\r\n\r\n### Crash Information\r\n```\r\n bash-4.3$ valgrind $opj_decompress -i minimal.jp2 -o dasd.bmp\r\n ==13197== Memcheck, a memory error detector\r\n ==13197== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.\r\n ==13197== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info\r\n ==13197== Command:../openjpeg/build/bin/opj_decompress -i minimal.jp2 -o dasd.bmp\r\n ==13197==\r\n\r\n [INFO] Start to read j2k main header (119).\r\n\r\n ==13197== Invalid read of size 4\r\n ==13197== at 0x4049768: opj_j2k_read_mcc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\r\n ==13197== Address 0x4439080 is 0 bytes after a block of size 200 alloc'd\r\n ==13197== at 0x402CEBA: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)\r\n ==13197== by 0x406D4C2: opj_calloc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x40436B6: opj_j2k_read_siz (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\r\n ==13197==\r\n ==13197== Invalid write of size 4\r\n ==13197== at 0x4049940: opj_j2k_read_mcc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\r\n ==13197== Address 0x4439094 is 20 bytes after a block of size 200 in arena \"client\"\r\n ==13197==\r\n [ERROR] Error reading MCC marker\r\n [ERROR] Marker handler function failed to read the marker segment\r\n```\r\nIn the above Valgrind output, an invalid out of bounds read and write is recorded.\r\n\r\n### Timeline\r\n* 2016-07-26 - Vendor Disclosure\r\n* 2016-09-29 - Public Release", "cvss3": {}, "published": "2017-10-13T00:00:00", "type": "seebug", "title": "OpenJPEG JPEG2000 mcc record Code Execution Vulnerability(CVE-2016-8332)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-8332"], "modified": "2017-10-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96672", "id": "SSV:96672", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "thn": [{"lastseen": "2018-01-27T10:06:47", "description": "[![openjpeg-exploit-hack](https://4.bp.blogspot.com/-wyaskRjjtUE/V_NxoSzDcuI/AAAAAAAApq8/zzsFrBsA8Fk4m6ZJdNixirFyuPgssqcTwCLcB/s1600/openjpeg-exploit-hack.png)](<https://4.bp.blogspot.com/-wyaskRjjtUE/V_NxoSzDcuI/AAAAAAAApq8/zzsFrBsA8Fk4m6ZJdNixirFyuPgssqcTwCLcB/s1600/openjpeg-exploit-hack.png>)\n\nResearchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in [OpenJPEG library](<http://www.openjpeg.org/>), which could allow an attacker to remotely execute arbitrary code on the affected systems. \n \nDiscovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/[CVE-2016-8332](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8332>), could allow an out-of-bound heap write to occur that triggers the heap corruption and leads to arbitrary code execution. \n \nOpenJPEG is an open-source JPEG 2000 codec. Written in C language, the software was developed for coding and encoding JPEG2000 images, a format that is often used for tasks like embedding image files within PDF documents through popular software including PdFium, Poppler, and MuPDF. \n \nHackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email. \n \nThe hacker could even upload the malicious JPEG2000 image file to a file hosting service, like Dropbox or Google Drive, and then send that link to the victim. \n \nOnce downloaded to the system, it would create a way for hackers to remotely execute malicious code on the affected system. \n \nThe flaw was caused \"_due to an error while parsing mcc records in the jpeg2000 file,...resulting in an erroneous read and write of adjacent heap area memory_,\" Cisco explained in its [advisory](<http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html>). \n \n\"_Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control._\" \n \nThe researchers successfully tested the JPEG 2000 image exploit on the OpenJPEG openjp2 version 2.1.1. The flaw was discovered by Aleksandar Nikolic from the Cisco Talos Security team. \n \nThe team reported the zero-day flaw to OpenJPEG developers in late July, and the company patched the flaw last week with the [release of version 2.1.2](<http://www.openjpeg.org/2016/09/28/OpenJPEG-2.1.2-released>). \n \nThe vulnerability has been assigned a CVSS score of 7.5, categorizing it as a high-severity bug.\n", "cvss3": {}, "published": "2016-10-03T22:23:00", "type": "thn", "title": "Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2016-8332"], "modified": "2016-10-04T09:23:48", "id": "THN:1C6DD059E76C91837FE072F66F0C7360", "href": "https://thehackernews.com/2016/10/openjpeg-exploit-hack.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2022-02-27T11:51:50", "description": "**CentOS Errata and Security Advisory** CESA-2017:0838\n\n\nOpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nSecurity Fix(es):\n\n* Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-March/059268.html\n\n**Affected packages:**\nopenjpeg\nopenjpeg-devel\nopenjpeg-libs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:0838", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-29T10:58:56", "type": "centos", "title": "openjpeg security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2017-03-29T10:58:56", "id": "CESA-2017:0838", "href": "https://lists.centos.org/pipermail/centos-announce/2017-March/059268.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:44:21", "description": "OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.\n\nSecurity Fix(es):\n\n* Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)\n\n* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)\n\n* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)\n\nRed Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-23T02:35:48", "type": "redhat", "title": "(RHSA-2017:0838) Moderate: openjpeg security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2018-04-11T23:32:42", "id": "RHSA-2017:0838", "href": "https://access.redhat.com/errata/RHSA-2017:0838", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:25:00", "description": "[1.5.1-16]\n- Revert previous changes in patch for CVE-2016-5159\n- Fix memory leaks\n Related: #1419772\n[1.5.1-15]\n- Add two more allocation checks to patch for CVE-2016-5159\n Related: #1419772\n[1.5.1-14]\n- Fix CWE-825 errors in patch for CVE-2016-5158\n Related: #1419772\n[1.5.1-13]\n- Add patches for CVE-2016-5139, CVE-2016-5158, CVE-2016-5159\n Related: #1419772\n[1.5.1-12]\n- Fix patch name: CVE-2016-9675 => CVE-2016-7163\n Related: #1419772\n[1.5.1-11]\n- Fix decoding of chroma-subsampled images\n- Add patches for CVE-2016-9573 and CVE-2016-9675\n- Fix Coverity issues\n Resolves: #1419772", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-22T00:00:00", "type": "oraclelinux", "title": "openjpeg security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2017-03-22T00:00:00", "id": "ELSA-2017-0838", "href": "http://linux.oracle.com/errata/ELSA-2017-0838.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-06-28T21:58:51", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in openjpeg. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5139_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5139>)** \nDESCRIPTION:** Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by pdfium. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115759_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115759>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-5158_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5158>)** \nDESCRIPTION:** Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by PDFium. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116533_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116533>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-5159_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5159>)** \nDESCRIPTION:** Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by PDFium. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116534_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116534>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7163_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7163>)** \nDESCRIPTION:** OpenJPEG could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the opj_pi_create_decode function in pi.c. By persuading a victim to open a specially crafted JP2 file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117141_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117141>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-9573_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573>)** \nDESCRIPTION:** OpenJPEG is vulnerable to a denial of service, caused by an out-of-bounds read in j2k_to_image tool. By using a specially-crafted JPEG2000 file, a remote attacker could exploit this vulnerability to cause the application to crash or possibly obtain sensitive information. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125136_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125136>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9675_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9675>)** \nDESCRIPTION:** OpenJPEG is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By using a specially-crafted jpeg2000 image file, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120194_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120194>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 8.\n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 May 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-18T01:36:15", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in openjpeg affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675"], "modified": "2018-06-18T01:36:15", "id": "F4E642BAABA6CD9F15F012564A0B353D03E4443EDA7683A452A665DEEF4E45A3", "href": "https://www.ibm.com/support/pages/node/631227", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T11:14:37", "description": "It was discovered that OpenJPEG incorrectly handled certain image files. A \nremote attacker could possibly use this issue to cause a denial of service. \n(CVE-2016-9112)\n\nIt was discovered that OpenJPEG did not properly handle certain input. If \nOpenJPEG were supplied with specially crafted input, it could be made to crash \nor potentially execute arbitrary code. \n(CVE-2018-20847, CVE-2018-21010, CVE-2020-6851, CVE-2020-8112, CVE-2020-15389)\n\nIt was discovered that OpenJPEG incorrectly handled certain BMP files. A \nremote attacker could possibly use this issue to cause a denial of service. \n(CVE-2019-12973)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-15T00:00:00", "type": "ubuntu", "title": "OpenJPEG vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12973", "CVE-2020-15389", "CVE-2016-9112", "CVE-2020-8112", "CVE-2020-6851", "CVE-2018-20847", "CVE-2018-21010"], "modified": "2020-09-15T00:00:00", "id": "USN-4497-1", "href": "https://ubuntu.com/security/notices/USN-4497-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "androidsecurity": [{"lastseen": "2021-11-26T23:23:09", "description": "The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of June 05, 2017 or later address all of these issues. Refer to the [Pixel and Nexus update schedule](<https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices>) to learn how to check a device's security patch level.\n\nPartners were notified of the issues described in the bulletin at least a month ago. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.\n\nThe most severe of these issues is a critical security vulnerability in Media Framework that could enable a remote attacker using a specially crafted file to cause memory corruption during media file and data processing. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.\n\nWe have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and [Google Play Protect](<https://www.android.com/play-protect>), which improve the security of the Android platform.\n\nWe encourage all customers to accept these updates to their devices.\n\n**Note:** Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the Google device updates section.\n\n## Announcements\n\n * We've streamlined the monthly security bulletin to make it easier to read. As part of this update, vulnerability information is categorized by affected component, sorted by component name within a security patch level, and Google device-specific information is hosted in a dedicated section.\n * This bulletin has two security patch level strings to provide Android partners with the flexibility to more quickly fix a subset of vulnerabilities that are similar across all Android devices. See Common questions and answers for additional information: \n * **2017-06-01**: Partial security patch level string. This security patch level string indicates that all issues associated with 2017-06-01 (and all previous security patch level strings) are addressed.\n * **2017-06-05**: Complete security patch level string. This security patch level string indicates that all issues associated with 2017-06-01 and 2017-06-05 (and all previous security patch level strings) are addressed.\n\n## Android and Google Play Protect mitigations\n\nThis is a summary of the mitigations provided by the Android security platform and service protections such as [Google Play Protect](<https://www.android.com/play-protect>). These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.\n\n * Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.\n * The Android security team actively monitors for abuse through [Google Play Protect](<https://www.android.com/play-protect>) and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with [Google Mobile Services](<http://www.android.com/gms>), and is especially important for users who install apps from outside of Google Play.\n\n## 2017-06-01 security patch level\u2014Vulnerability details\n\nIn the sections below, we provide details for each of the security vulnerabilities that apply to the 2017-06-01 patch level. Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.\n\n### Bluetooth\n\nThe most severe vulnerability in this section could enable a local malicious app to access data outside of its permission levels.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2017-0645 | [A-35385327](<https://android.googlesource.com/platform/packages/apps/Bluetooth/+/14b7d7e1537af60b7bca6c7b9e55df0dc7c6bf41>) | EoP | Moderate | 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-0646 | [A-33899337](<https://android.googlesource.com/platform/system/bt/+/2bcdf8ec7db12c5651c004601901f1fc25153f2c>) | ID | Moderate | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \n \n### Libraries\n\nThe most severe vulnerability in this section could enable a remote attacker using a specially crafted file execute arbitrary code within the context of an unprivileged process.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2015-8871 | A-35443562* | RCE | High | 5.0.2, 5.1.1, 6.0, 6.0.1 \nCVE-2016-8332 | A-37761553* | RCE | High | 5.0.2, 5.1.1, 6.0, 6.0.1 \nCVE-2016-5131 | [A-36554209](<https://android.googlesource.com/platform/external/libxml2/+/0eff71008becb7f2c2b4509708da4b79985948bb>) | RCE | High | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2016-4658 | [A-36554207](<https://android.googlesource.com/platform/external/libxml2/+/8ea80f29ea5fdf383ee3ae59ce35e55421a339f8>) | RCE | High | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-0663 | [A-37104170](<https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc>) | RCE | High | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-7376 | [A-36555370](<https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4>) | RCE | High | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-5056 | [A-36809819](<https://android.googlesource.com/platform/external/libxml2/+/3f571b1bb85cf56903f06bab3a820182115c5541>) | RCE | Moderate | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-7375 | [A-36556310](<https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa>) | RCE | Moderate | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-0647 | [A-36392138](<https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5>) | ID | Moderate | 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2016-1839 | [A-36553781](<https://android.googlesource.com/platform/external/libxml2/+/ff20cd797822dba8569ee518c44e6864d6b4ebfa>) | DoS | Moderate | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \n \n### Media framework\n\nThe most severe vulnerability in this section could enable a remote attacker using a specially crafted file to cause memory corruption during media file and data processing.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2017-0637 | [A-34064500](<https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258>) | RCE | Critical | 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-0391 | [A-32322258](<https://android.googlesource.com/platform/external/libhevc/+/14bc1678a80af5be7401cf750ab762ae8c75cc5a>) | DoS | High | 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-0640 | A-33129467* | DoS | High | 6.0, 6.0.1, 7.0, 7.1.1 \nCVE-2017-0641 | [A-34360591](<https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb>) | DoS | High | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-0642 | [A-34819017](<https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d>) | DoS | High | 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \nCVE-2017-0643 | A-35645051* | DoS | High | 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 \nCVE-2017-0644 | A-35472997* | DoS | High | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 \n \n### System UI\n\nThe most severe vulnerability in this section could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2017-0638 | [A-36368305](<https://android.googlesource.com/platform/external/libgdx/+/a98943dd4aece3024f023f00256607d50dcbcd1e>) | RCE | High | 7.1.1, 7.1.2 \n \n## 2017-06-05 security patch level\u2014Vulnerability details\n\nIn the sections below, we provide details for each of the security vulnerabilities that apply to the 2017-06-05 patch level. Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, severity, component (where applicable), and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.\n\n### Kernel components\n\nThe most severe vulnerability in this section could enable a local malicious app to execute arbitrary code within the context of the kernel.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-0648 | A-36101220* | EoP | High | FIQ debugger \nCVE-2017-0651 | A-35644815* | ID | Low | ION subsystem \n \n### Libraries\n\nThe most severe vulnerability in this section could enable a remote attacker using a specially crafted file to gain access to sensitive information.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2015-7995 | A-36810065* | ID | Moderate | 4.4.4 \n \n### MediaTek components\n\nThe most severe vulnerability in this section could enable a local malicious app to execute arbitrary code within the context of the kernel.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-0636 | A-35310230* M-ALPS03162263 | EoP | High | Command queue driver \nCVE-2017-0649 | A-34468195* M-ALPS03162283 | EoP | Moderate | Sound driver \n \n### NVIDIA components\n\nThe most severe vulnerability in this section could enable a local malicious app to execute arbitrary code within the context of the kernel.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-6247 | A-34386301* N-CVE-2017-6247 | EoP | High | Sound driver \nCVE-2017-6248 | A-34372667* N-CVE-2017-6248 | EoP | Moderate | Sound driver \nCVE-2017-6249 | A-34373711* N-CVE-2017-6249 | EoP | Moderate | Sound driver \n \n### Qualcomm components\n\nThe most severe vulnerability in this section could enable a proximate attacker to execute arbitrary code within the context of the kernel.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-7371 | A-36250786 [QC-CR#1101054](<https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd>) | RCE | Critical | Bluetooth driver \nCVE-2017-7365 | A-32449913 [QC-CR#1017009](<https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db>) | EoP | High | Bootloader \nCVE-2017-7366 | A-36252171 [QC-CR#1036161](<https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45>) [[2](<https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00>)] | EoP | High | GPU driver \nCVE-2017-7367 | A-34514708 [QC-CR#1008421](<https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57>) | DoS | High | Bootloader \nCVE-2016-5861 | A-36251375 [QC-CR#1103510](<https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d>) | EoP | Moderate | Video driver \nCVE-2016-5864 | A-36251231 [QC-CR#1105441](<https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a>) | EoP | Moderate | Sound driver \nCVE-2017-6421 | A-36251986 [QC-CR#1110563](<https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b>) | EoP | Moderate | MStar touchscreen driver \nCVE-2017-7364 | A-36252179 [QC-CR#1113926](<https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267>) | EoP | Moderate | Video driver \nCVE-2017-7368 | A-33452365 [QC-CR#1103085](<https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d>) | EoP | Moderate | Sound driver \nCVE-2017-7369 | A-33751424 [QC-CR#2009216](<https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006>) [[2](<https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e>)] | EoP | Moderate | Sound driver \nCVE-2017-7370 | A-34328139 [QC-CR#2006159](<https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85>) | EoP | Moderate | Video driver \nCVE-2017-7372 | A-36251497 [QC-CR#1110068](<https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13>) | EoP | Moderate | Video driver \nCVE-2017-7373 | A-36251984 [QC-CR#1090244](<https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75>) | EoP | Moderate | Video driver \nCVE-2017-8233 | A-34621613 [QC-CR#2004036](<https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385>) | EoP | Moderate | Camera driver \nCVE-2017-8234 | A-36252121 [QC-CR#832920](<https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be>) | EoP | Moderate | Camera driver \nCVE-2017-8235 | A-36252376 [QC-CR#1083323](<https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f>) | EoP | Moderate | Camera driver \nCVE-2017-8236 | A-35047217 [QC-CR#2009606](<https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db>) | EoP | Moderate | IPA driver \nCVE-2017-8237 | A-36252377 [QC-CR#1110522](<https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf>) | EoP | Moderate | Networking driver \nCVE-2017-8242 | A-34327981 [QC-CR#2009231](<https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5>) | EoP | Moderate | Secure Execution Environment Communicator driver \nCVE-2017-8239 | A-36251230 [QC-CR#1091603](<https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610>) | ID | Moderate | Camera driver \nCVE-2017-8240 | A-36251985 [QC-CR#856379](<https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547>) | ID | Moderate | Pin controller driver \nCVE-2017-8241 | A-34203184 [QC-CR#1069175](<https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724>) | ID | Low | Wi-Fi driver \n \n### Synaptics components\n\nThe most severe vulnerability in this section could enable a local malicious app to access data outside of its permission levels.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-0650 | A-35472278* | EoP | Low | Touchscreen driver \n \n### Qualcomm closed-source components\n\nThese vulnerabilities affect Qualcomm components and are described in further detail in Qualcomm AMSS security bulletins from 2014\u20132016. They are included in this Android security bulletin to associate their fixes with an Android security patch level. Fixes for these vulnerabilities are available directly from Qualcomm.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2014-9960 | A-37280308* | N/A | Critical | Closed-source component \nCVE-2014-9961 | A-37279724* | N/A | Critical | Closed-source component \nCVE-2014-9953 | A-36714770* | N/A | Critical | Closed-source component \nCVE-2014-9967 | A-37281466* | N/A | Critical | Closed-source component \nCVE-2015-9026 | A-37277231* | N/A | Critical | Closed-source component \nCVE-2015-9027 | A-37279124* | N/A | Critical | Closed-source component \nCVE-2015-9008 | A-36384689* | N/A | Critical | Closed-source component \nCVE-2015-9009 | A-36393600* | N/A | Critical | Closed-source component \nCVE-2015-9010 | A-36393101* | N/A | Critical | Closed-source component \nCVE-2015-9011 | A-36714882* | N/A | Critical | Closed-source component \nCVE-2015-9024 | A-37265657* | N/A | Critical | Closed-source component \nCVE-2015-9012 | A-36384691* | N/A | Critical | Closed-source component \nCVE-2015-9013 | A-36393251* | N/A | Critical | Closed-source component \nCVE-2015-9014 | A-36393750* | N/A | Critical | Closed-source component \nCVE-2015-9015 | A-36714120* | N/A | Critical | Closed-source component \nCVE-2015-9029 | A-37276981* | N/A | Critical | Closed-source component \nCVE-2016-10338 | A-37277738* | N/A | Critical | Closed-source component \nCVE-2016-10336 | A-37278436* | N/A | Critical | Closed-source component \nCVE-2016-10333 | A-37280574* | N/A | Critical | Closed-source component \nCVE-2016-10341 | A-37281667* | N/A | Critical | Closed-source component \nCVE-2016-10335 | A-37282802* | N/A | Critical | Closed-source component \nCVE-2016-10340 | A-37280614* | N/A | Critical | Closed-source component \nCVE-2016-10334 | A-37280664* | N/A | Critical | Closed-source component \nCVE-2016-10339 | A-37280575* | N/A | Critical | Closed-source component \nCVE-2016-10298 | A-36393252* | N/A | Critical | Closed-source component \nCVE-2016-10299 | A-32577244* | N/A | Critical | Closed-source component \nCVE-2014-9954 | A-36388559* | N/A | High | Closed-source component \nCVE-2014-9955 | A-36384686* | N/A | High | Closed-source component \nCVE-2014-9956 | A-36389611* | N/A | High | Closed-source component \nCVE-2014-9957 | A-36387564* | N/A | High | Closed-source component \nCVE-2014-9958 | A-36384774* | N/A | High | Closed-source component \nCVE-2014-9962 | A-37275888* | N/A | High | Closed-source component \nCVE-2014-9963 | A-37276741* | N/A | High | Closed-source component \nCVE-2014-9959 | A-36383694* | N/A | High | Closed-source component \nCVE-2014-9964 | A-37280321* | N/A | High | Closed-source component \nCVE-2014-9965 | A-37278233* | N/A | High | Closed-source component \nCVE-2014-9966 | A-37282854* | N/A | High | Closed-source component \nCVE-2015-9023 | A-37276138* | N/A | High | Closed-source component \nCVE-2015-9020 | A-37276742* | N/A | High | Closed-source component \nCVE-2015-9021 | A-37276743* | N/A | High | Closed-source component \nCVE-2015-9025 | A-37276744* | N/A | High | Closed-source component \nCVE-2015-9022 | A-37280226* | N/A | High | Closed-source component \nCVE-2015-9028 | A-37277982* | N/A | High | Closed-source component \nCVE-2015-9031 | A-37275889* | N/A | High | Closed-source component \nCVE-2015-9032 | A-37279125* | N/A | High | Closed-source component \nCVE-2015-9033 | A-37276139* | N/A | High | Closed-source component \nCVE-2015-9030 | A-37282907* | N/A | High | Closed-source component \nCVE-2016-10332 | A-37282801* | N/A | High | Closed-source component \nCVE-2016-10337 | A-37280665* | N/A | High | Closed-source component \nCVE-2016-10342 | A-37281763* | N/A | High | Closed-source component \n \n## Google device updates\n\nThis table contains the security patch level in the latest over-the-air update (OTA) and firmware images for Google devices. The Google device firmware images are available on the [Google Developer site](<https://developers.google.com/android/nexus/images>).\n\nGoogle device | Security patch level \n---|--- \nPixel / Pixel XL | June 05, 2017 \nNexus 5X | June 05, 2017 \nNexus 6 | June 05, 2017 \nNexus 6P | June 05, 2017 \nNexus 9 | June 05, 2017 \nNexus Player | June 05, 2017 \nPixel C | June 05, 2017 \n \nGoogle device updates also contain patches for these security vulnerabilities, if applicable:\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2017-0639 | [A-35310991](<https://android.googlesource.com/platform/packages/apps/Bluetooth/+/f196061addcc56878078e5684f2029ddbf7055ff>) | ID | High | 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 \n \n## Acknowledgements\n\nWe would like to thank these researchers for their contributions:\n\nCVEs | Researchers \n---|--- \nCVE-2017-0643, CVE-2017-0641 | Ecular Xu(\u5f90\u5065) of Trend Micro \nCVE-2017-0645, CVE-2017-0639 | En He ([@heeeeen4x](<https://twitter.com/heeeeen4x>)) and Bo Liu of [MS509Team](<http://www.ms509.com>) \nCVE-2017-0649 | Gengjia Chen ([@chengjia4574](<https://twitter.com/chengjia4574>)) and [pjf](<http://weibo.com/jfpan>) of IceSword Lab, Qihoo 360 Technology Co. Ltd. \nCVE-2017-0646 | Godzheng (\u90d1\u6587\u9009 -[@VirtualSeekers](<https://twitter.com/VirtualSeekers>)) of Tencent PC Manager \nCVE-2017-0636 | Jake Corina ([@JakeCorina](<https://twitter.com/JakeCorina>)) of Shellphish Grill Team \nCVE-2017-8233 | Jianqiang Zhao ([@jianqiangzhao](<https://twitter.com/jianqiangzhao>)) and [pjf ](<http://weibo.com/jfpan>)of IceSword Lab, Qihoo 360 \nCVE-2017-7368 | Lubo Zhang ([zlbzlb815@163.com](<mailto:zlbzlb815@163.com>)),Yuan-Tsung Lo ([computernik@gmail.com](<mailto:computernik@gmail.com>)), and Xuxian Jiang of [C0RE Team](<http://c0reteam.org>) \nCVE-2017-8242 | Nathan Crandall ([@natecray](<https://twitter.com/natecray>)) of Tesla's Product Security Team \nCVE-2017-0650 | Omer Shwartz, Amir Cohen, Dr. Asaf Shabtai, and Dr. Yossi Oren of Ben Gurion University Cyber Lab \nCVE-2017-0648 | Roee Hay ([@roeehay](<https://twitter.com/roeehay>)) of [Aleph Research](<https://alephsecurity.com/>), HCL Technologies \nCVE-2017-7369, CVE-2017-6249, CVE-2017-6247, CVE-2017-6248 | sevenshen ([@lingtongshen](<https://twitter.com/lingtongshen>)) of TrendMicro \nCVE-2017-0642, CVE-2017-0637, CVE-2017-0638 | Vasily Vasiliev \nCVE-2017-0640 | V.E.O ([@VYSEa](<https://twitter.com/vysea>)) of [Mobile Threat Response Team](<http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/>), [Trend Micro](<http://www.trendmicro.com>) \nCVE-2017-8236 | Xiling Gong of Tencent Security Platform Department \nCVE-2017-0647 | Yangkang ([@dnpushme](<https://twitter.com/dnpushme>)) and Liyadong of Qex Team, Qihoo 360 \nCVE-2017-7370 | Yonggang Guo ([@guoygang](<https://twitter.com/guoygang>)) of IceSword Lab, Qihoo 360 Technology Co. Ltd \nCVE-2017-0651 | Yuan-Tsung Lo ([computernik@gmail.com](<mailto:computernik@gmail.com>)) and Xuxian Jiang of [C0RE Team](<http://c0reteam.org>) \nCVE-2017-8241 | Zubin Mithra of Google \n \n## Common questions and answers\n\nThis section answers common questions that may occur after reading this bulletin.\n\n**1\\. How do I determine if my device is updated to address these issues? **\n\nTo learn how to check a device's security patch level, read the instructions on the [Pixel and Nexus update schedule](<https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices>).\n\n * Security patch levels of 2017-06-01 or later address all issues associated with the 2017-06-01 security patch level.\n * Security patch levels of 2017-06-05 or later address all issues associated with the 2017-06-05 security patch level and all previous patch levels.\n\nDevice manufacturers that include these updates should set the patch string level to:\n\n * [ro.build.version.security_patch]:[2017-06-01]\n * [ro.build.version.security_patch]:[2017-06-05]\n\n**2\\. Why does this bulletin have two security patch levels?**\n\nThis bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.\n\n * Devices that use the June 01, 2017 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.\n * Devices that use the security patch level of June 05, 2017 or newer must include all applicable patches in this (and previous) security bulletins.\n\nPartners are encouraged to bundle the fixes for all issues they are addressing in a single update.\n\n**3\\. What do the entries in the _Type_ column mean?**\n\nEntries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.\n\nAbbreviation | Definition \n---|--- \nRCE | Remote code execution \nEoP | Elevation of privilege \nID | Information disclosure \nDoS | Denial of service \nN/A | Classification not available \n \n**4\\. What do the entries in the _References_ column mean?**\n\nEntries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.\n\nPrefix | Reference \n---|--- \nA- | Android bug ID \nQC- | Qualcomm reference number \nM- | MediaTek reference number \nN- | NVIDIA reference number \nB- | Broadcom reference number \n \n**5\\. What does a * next to the Android bug ID in the _References_ column mean?**\n\nIssues that are not publicly available have a * next to the Android bug ID in the _References_ column. The update for that issue is generally contained in the latest binary drivers for Nexus devices available from the [Google Developer site](<https://developers.google.com/android/nexus/drivers>).\n\n## Versions\n\nVersion | Date | Notes \n---|---|--- \n1.0 | June 5, 2017 | Bulletin published. \n1.1 | June 7, 2017 | Bulletin revised to include AOSP links. \n1.2 | July 11, 2017 | Bulletin revised to include CVE-2017-6249. \n1.3 | August 17, 2017 | Bulletin revised to update reference numbers.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-05T00:00:00", "type": "androidsecurity", "title": "Android Security Bulletin\u2014June 2017", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9953", "CVE-2014-9954", "CVE-2014-9955", "CVE-2014-9956", "CVE-2014-9957", "CVE-2014-9958", "CVE-2014-9959", "CVE-2014-9960", "CVE-2014-9961", "CVE-2014-9962", "CVE-2014-9963", "CVE-2014-9964", "CVE-2014-9965", "CVE-2014-9966", "CVE-2014-9967", "CVE-2015-7995", "CVE-2015-8871", "CVE-2015-9008", "CVE-2015-9009", "CVE-2015-9010", "CVE-2015-9011", "CVE-2015-9012", "CVE-2015-9013", "CVE-2015-9014", "CVE-2015-9015", "CVE-2015-9020", "CVE-2015-9021", "CVE-2015-9022", "CVE-2015-9023", "CVE-2015-9024", "CVE-2015-9025", "CVE-2015-9026", "CVE-2015-9027", "CVE-2015-9028", "CVE-2015-9029", "CVE-2015-9030", "CVE-2015-9031", "CVE-2015-9032", "CVE-2015-9033", "CVE-2016-10298", "CVE-2016-10299", "CVE-2016-10332", "CVE-2016-10333", "CVE-2016-10334", "CVE-2016-10335", "CVE-2016-10336", "CVE-2016-10337", "CVE-2016-10338", "CVE-2016-10339", "CVE-2016-10340", "CVE-2016-10341", "CVE-2016-10342", "CVE-2016-1839", "CVE-2016-4658", "CVE-2016-5131", "CVE-2016-5861", "CVE-2016-5864", "CVE-2016-8332", "CVE-2017-0391", "CVE-2017-0636", "CVE-2017-0637", "CVE-2017-0638", "CVE-2017-0639", "CVE-2017-0640", "CVE-2017-0641", "CVE-2017-0642", "CVE-2017-0643", "CVE-2017-0644", "CVE-2017-0645", "CVE-2017-0646", "CVE-2017-0647", "CVE-2017-0648", "CVE-2017-0649", "CVE-2017-0650", "CVE-2017-0651", "CVE-2017-0663", "CVE-2017-5056", "CVE-2017-6247", "CVE-2017-6248", "CVE-2017-6249", "CVE-2017-6421", "CVE-2017-7364", "CVE-2017-7365", "CVE-2017-7366", "CVE-2017-7367", "CVE-2017-7368", "CVE-2017-7369", "CVE-2017-7370", "CVE-2017-7371", "CVE-2017-7372", "CVE-2017-7373", "CVE-2017-7375", "CVE-2017-7376", "CVE-2017-8233", "CVE-2017-8234", "CVE-2017-8235", "CVE-2017-8236", "CVE-2017-8237", "CVE-2017-8239", "CVE-2017-8240", "CVE-2017-8241", "CVE-2017-8242"], "modified": "2017-08-17T00:00:00", "id": "ANDROID:2017-06-01", "href": "https://source.android.com/security/bulletin/2017-06-01", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2021-10-22T15:44:19", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 444 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2684313.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7501", "CVE-2015-8607", "CVE-2015-8608", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3183", "CVE-2016-4000", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5017", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8332", "CVE-2016-8610", "CVE-2016-9112", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-0861", "CVE-2017-10140", "CVE-2017-12610", "CVE-2017-12626", "CVE-2017-12814", "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-15265", "CVE-2017-15708", "CVE-2017-5637", "CVE-2017-5645", "CVE-2018-1000004", "CVE-2018-1000632", "CVE-2018-10237", "CVE-2018-10675", "CVE-2018-10872", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11776", "CVE-2018-1199", "CVE-2018-12015", "CVE-2018-12023", "CVE-2018-12207", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1288", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17190", "CVE-2018-17196", "CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-3693", "CVE-2018-5390", "CVE-2018-6616", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913", "CVE-2018-7566", "CVE-2018-8012", "CVE-2018-8013", "CVE-2018-8032", "CVE-2018-8088", "CVE-2019-0188", "CVE-2019-0201", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10192", "CVE-2019-10193", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12973", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14862", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1551", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-16056", "CVE-2019-16335", "CVE-2019-16935", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17560", "CVE-2019-17561", "CVE-2019-17563", "CVE-2019-17569", "CVE-2019-17571", "CVE-2019-17573", "CVE-2019-19956", "CVE-2019-20330", "CVE-2019-20388", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5427", "CVE-2019-5489", "CVE-2019-8457", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14527", "CVE-2020-14528", "CVE-2020-14529", "CVE-2020-14530", "CVE-2020-14531", "CVE-2020-14532", "CVE-2020-14533", "CVE-2020-14534", "CVE-2020-14535", "CVE-2020-14536", "CVE-2020-14537", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14541", "CVE-2020-14542", "CVE-2020-14543", "CVE-2020-14544", "CVE-2020-14545", "CVE-2020-14546", "CVE-2020-14547", "CVE-2020-14548", "CVE-2020-14549", "CVE-2020-14550", "CVE-2020-14551", "CVE-2020-14552", "CVE-2020-14553", "CVE-2020-14554", "CVE-2020-14555", "CVE-2020-14556", "CVE-2020-14557", "CVE-2020-14558", "CVE-2020-14559", "CVE-2020-14560", "CVE-2020-14561", "CVE-2020-14562", "CVE-2020-14563", "CVE-2020-14564", "CVE-2020-14565", "CVE-2020-14566", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14569", "CVE-2020-14570", "CVE-2020-14571", "CVE-2020-14572", "CVE-2020-14573", "CVE-2020-14574", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14580", "CVE-2020-14581", "CVE-2020-14582", "CVE-2020-14583", "CVE-2020-14584", "CVE-2020-14585", "CVE-2020-14586", "CVE-2020-14587", "CVE-2020-14588", "CVE-2020-14589", "CVE-2020-14590", "CVE-2020-14591", "CVE-2020-14592", "CVE-2020-14593", "CVE-2020-14594", "CVE-2020-14595", "CVE-2020-14596", "CVE-2020-14597", "CVE-2020-14598", "CVE-2020-14599", "CVE-2020-14600", "CVE-2020-14601", "CVE-2020-14602", "CVE-2020-14603", "CVE-2020-14604", "CVE-2020-14605", "CVE-2020-14606", "CVE-2020-14607", "CVE-2020-14608", "CVE-2020-14609", "CVE-2020-14610", "CVE-2020-14611", "CVE-2020-14612", "CVE-2020-14613", "CVE-2020-14614", "CVE-2020-14615", "CVE-2020-14616", "CVE-2020-14617", "CVE-2020-14618", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14621", "CVE-2020-14622", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14625", "CVE-2020-14626", "CVE-2020-14627", "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14630", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14635", "CVE-2020-14636", "CVE-2020-14637", "CVE-2020-14638", "CVE-2020-14639", "CVE-2020-14640", "CVE-2020-14641", "CVE-2020-14642", "CVE-2020-14643", "CVE-2020-14644", "CVE-2020-14645", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14651", "CVE-2020-14652", "CVE-2020-14653", "CVE-2020-14654", "CVE-2020-14655", "CVE-2020-14656", "CVE-2020-14657", "CVE-2020-14658", "CVE-2020-14659", "CVE-2020-14660", "CVE-2020-14661", "CVE-2020-14662", "CVE-2020-14663", "CVE-2020-14664", "CVE-2020-14665", "CVE-2020-14666", "CVE-2020-14667", "CVE-2020-14668", "CVE-2020-14669", "CVE-2020-14670", "CVE-2020-14671", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14678", "CVE-2020-14679", "CVE-2020-14680", "CVE-2020-14681", "CVE-2020-14682", "CVE-2020-14684", "CVE-2020-14685", "CVE-2020-14686", "CVE-2020-14687", "CVE-2020-14688", "CVE-2020-14690", "CVE-2020-14691", "CVE-2020-14692", "CVE-2020-14693", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14696", "CVE-2020-14697", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14701", "CVE-2020-14702", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14705", "CVE-2020-14706", "CVE-2020-14707", "CVE-2020-14708", "CVE-2020-14709", "CVE-2020-14710", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715", "CVE-2020-14716", "CVE-2020-14717", "CVE-2020-14718", "CVE-2020-14719", "CVE-2020-14720", "CVE-2020-14721", "CVE-2020-14722", "CVE-2020-14723", "CVE-2020-14724", "CVE-2020-14725", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1967", "CVE-2020-2513", "CVE-2020-2555", "CVE-2020-2562", "CVE-2020-2966", "CVE-2020-2967", "CVE-2020-2968", "CVE-2020-2969", "CVE-2020-2971", "CVE-2020-2972", "CVE-2020-2973", "CVE-2020-2974", "CVE-2020-2975", "CVE-2020-2976", "CVE-2020-2977", "CVE-2020-2978", "CVE-2020-2981", "CVE-2020-2982", "CVE-2020-2983", "CVE-2020-2984", "CVE-2020-5258", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-6851", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7595", "CVE-2020-8112", "CVE-2020-8172", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "modified": "2020-12-01T00:00:00", "id": "ORACLE:CPUJUL2020", "href": "https://www.oracle.com/security-alerts/cpujul2020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T15:44:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: CVE-2019-2725 (April 29, 2019) and CVE-2019-2729 (June 18, 2019). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-07-16T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2019", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2015-0226", "CVE-2015-0227", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-3473", "CVE-2016-5007", "CVE-2016-6306", "CVE-2016-6497", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2016-8735", "CVE-2016-9572", "CVE-2016-9878", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3164", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-7525", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000180", "CVE-2018-1000301", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17197", "CVE-2018-17199", "CVE-2018-17960", "CVE-2018-18311", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-2883", "CVE-2018-3111", "CVE-2018-3315", "CVE-2018-3316", "CVE-2018-5407", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8039", "CVE-2018-9861", "CVE-2019-0190", "CVE-2019-0192", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0232", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12814", "CVE-2019-1543", "CVE-2019-1559", "CVE-2019-2484", "CVE-2019-2561", "CVE-2019-2569", "CVE-2019-2599", "CVE-2019-2666", "CVE-2019-2668", "CVE-2019-2672", "CVE-2019-2725", "CVE-2019-2727", "CVE-2019-2728", "CVE-2019-2729", "CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2732", "CVE-2019-2733", "CVE-2019-2735", "CVE-2019-2736", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2742", "CVE-2019-2743", "CVE-2019-2744", "CVE-2019-2745", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2748", "CVE-2019-2749", "CVE-2019-2750", "CVE-2019-2751", "CVE-2019-2752", "CVE-2019-2753", "CVE-2019-2754", "CVE-2019-2755", "CVE-2019-2756", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2759", "CVE-2019-2760", "CVE-2019-2761", "CVE-2019-2762", "CVE-2019-2763", "CVE-2019-2764", "CVE-2019-2766", "CVE-2019-2767", "CVE-2019-2768", "CVE-2019-2769", "CVE-2019-2770", "CVE-2019-2771", "CVE-2019-2772", "CVE-2019-2773", "CVE-2019-2774", "CVE-2019-2775", "CVE-2019-2776", "CVE-2019-2777", "CVE-2019-2778", "CVE-2019-2779", "CVE-2019-2780", "CVE-2019-2781", "CVE-2019-2782", "CVE-2019-2783", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2786", "CVE-2019-2787", "CVE-2019-2788", "CVE-2019-2789", "CVE-2019-2790", "CVE-2019-2791", "CVE-2019-2792", "CVE-2019-2793", "CVE-2019-2794", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2799", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2804", "CVE-2019-2805", "CVE-2019-2807", "CVE-2019-2808", "CVE-2019-2809", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2813", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2816", "CVE-2019-2817", "CVE-2019-2818", "CVE-2019-2819", "CVE-2019-2820", "CVE-2019-2821", "CVE-2019-2822", "CVE-2019-2823", "CVE-2019-2824", "CVE-2019-2825", "CVE-2019-2826", "CVE-2019-2827", "CVE-2019-2828", "CVE-2019-2829", "CVE-2019-2830", "CVE-2019-2831", "CVE-2019-2832", "CVE-2019-2833", "CVE-2019-2834", "CVE-2019-2835", "CVE-2019-2836", "CVE-2019-2837", "CVE-2019-2838", "CVE-2019-2839", "CVE-2019-2840", "CVE-2019-2841", "CVE-2019-2842", "CVE-2019-2843", "CVE-2019-2844", "CVE-2019-2845", "CVE-2019-2846", "CVE-2019-2847", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2854", "CVE-2019-2855", "CVE-2019-2856", "CVE-2019-2857", "CVE-2019-2858", "CVE-2019-2859", "CVE-2019-2860", "CVE-2019-2861", "CVE-2019-2862", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2868", "CVE-2019-2869", "CVE-2019-2870", "CVE-2019-2871", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877", "CVE-2019-2878", "CVE-2019-2879", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5597", "CVE-2019-5598", "CVE-2019-6129", "CVE-2019-7317"], "modified": "2020-10-12T00:00:00", "id": "ORACLE:CPUJUL2019", "href": "https://www.oracle.com/security-alerts/cpujul2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:48:58", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: [ CVE-2019-2725 (April 29, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html>) and [ CVE-2019-2729 (June 18, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html>). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "cvss3": {}, "published": "2019-07-16T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - July 2019", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-2794", "CVE-2019-2853", "CVE-2019-2820", "CVE-2019-0220", "CVE-2018-19362", "CVE-2015-9251", "CVE-2019-2768", "CVE-2019-5598", "CVE-2019-2839", "CVE-2019-2484", "CVE-2019-2842", "CVE-2019-2793", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2019-2867", "CVE-2019-2824", "CVE-2018-0732", "CVE-2019-2740", "CVE-2019-2818", "CVE-2016-7103", "CVE-2019-2743", "CVE-2018-11055", "CVE-2018-1000180", "CVE-2019-2672", "CVE-2018-1304", "CVE-2019-2855", "CVE-2018-17960", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-11358", "CVE-2019-2788", "CVE-2019-2825", "CVE-2019-0217", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2015-0227", "CVE-2019-2878", "CVE-2019-2807", "CVE-2019-2784", "CVE-2018-1275", "CVE-2019-2856", "CVE-2019-2879", "CVE-2018-7489", "CVE-2018-19361", "CVE-2016-6306", "CVE-2019-2838", "CVE-2019-2770", "CVE-2019-2785", "CVE-2019-2762", "CVE-2016-2183", "CVE-2019-2799", "CVE-2018-0734", "CVE-2019-2817", "CVE-2018-5407", "CVE-2019-0190", "CVE-2019-2736", "CVE-2016-9878", "CVE-2017-3735", "CVE-2019-2781", "CVE-2019-7317", "CVE-2018-15756", "CVE-2018-1271", "CVE-2018-14719", "CVE-2016-3473", "CVE-2019-2599", "CVE-2019-3823", "CVE-2019-6129", "CVE-2019-2764", "CVE-2018-1000121", "CVE-2019-2808", "CVE-2019-2833", "CVE-2019-2749", "CVE-2018-11039", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2845", "CVE-2019-2816", "CVE-2019-2761", "CVE-2019-2850", "CVE-2019-2830", "CVE-2019-2847", "CVE-2018-11307", "CVE-2019-0192", "CVE-2019-0211", "CVE-2018-14720", "CVE-2019-2805", "CVE-2019-2854", "CVE-2019-2782", "CVE-2019-2810", "CVE-2018-18311", "CVE-2019-2748", "CVE-2019-2754", "CVE-2019-2778", "CVE-2019-2852", "CVE-2019-2826", "CVE-2019-2862", "CVE-2019-2789", "CVE-2019-2759", "CVE-2016-0701", "CVE-2019-0232", "CVE-2017-3737", "CVE-2019-2732", "CVE-2019-2745", "CVE-2019-12814", "CVE-2019-2860", "CVE-2019-2737", "CVE-2019-2777", "CVE-2018-12022", "CVE-2019-2877", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2837", "CVE-2019-0199", "CVE-2019-2841", "CVE-2019-2776", "CVE-2018-1000122", "CVE-2019-2730", "CVE-2018-1305", "CVE-2019-2666", "CVE-2019-2763", "CVE-2019-2846", "CVE-2019-2790", "CVE-2019-2848", "CVE-2018-11057", "CVE-2015-0226", "CVE-2018-16890", "CVE-2019-1543", "CVE-2016-8610", "CVE-2019-2733", "CVE-2019-2752", "CVE-2018-1000873", "CVE-2018-11056", "CVE-2018-11775", "CVE-2018-0735", "CVE-2017-5647", "CVE-2019-2829", "CVE-2019-2751", "CVE-2018-1257", "CVE-2017-5715", "CVE-2019-2738", "CVE-2018-14721", "CVE-2019-2803", "CVE-2019-2767", "CVE-2019-2775", "CVE-2019-2727", "CVE-2016-6497", "CVE-2019-2668", "CVE-2018-3111", "CVE-2014-0114", "CVE-2019-2823", "CVE-2018-3315", "CVE-2019-0215", "CVE-2019-2821", "CVE-2019-5597", "CVE-2018-0739", "CVE-2019-2771", "CVE-2019-2843", "CVE-2019-2861", "CVE-2018-8034", "CVE-2018-15769", "CVE-2019-2757", "CVE-2019-2831", "CVE-2019-2865", "CVE-2019-2815", "CVE-2019-2796", "CVE-2018-1000613", "CVE-2016-9572", "CVE-2019-0197", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2018-8013", "CVE-2019-2866", "CVE-2019-2769", "CVE-2019-0196", "CVE-2018-1272", "CVE-2019-2741", "CVE-2017-7525", "CVE-2019-2840", "CVE-2019-2835", "CVE-2019-2783", "CVE-2017-3164", "CVE-2018-1270", "CVE-2019-2809", "CVE-2019-2728", "CVE-2017-5664", "CVE-2019-2772", "CVE-2019-2791", "CVE-2016-5007", "CVE-2019-2875", "CVE-2019-2760", "CVE-2018-19360", "CVE-2018-0733", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2792", "CVE-2019-2774", "CVE-2019-2812", "CVE-2016-8735", "CVE-2019-2836", "CVE-2018-17189", "CVE-2019-2859", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2750", "CVE-2019-0222", "CVE-2019-2779", "CVE-2019-2766", "CVE-2019-2804", "CVE-2019-2871", "CVE-2018-11058", "CVE-2019-2744", "CVE-2019-2725", "CVE-2019-2746", "CVE-2019-2868", "CVE-2019-1559", "CVE-2018-3316", "CVE-2018-17197", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2569", "CVE-2019-2870", "CVE-2019-2873", "CVE-2019-2827", "CVE-2019-2735", "CVE-2017-3736", "CVE-2019-2813", "CVE-2019-2864", "CVE-2019-2828", "CVE-2019-2869", "CVE-2019-2780", "CVE-2019-2834", "CVE-2018-0737", "CVE-2019-2742", "CVE-2019-2844", "CVE-2019-2786", "CVE-2019-2876", "CVE-2019-2822", "CVE-2018-2883", "CVE-2019-2819", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2561", "CVE-2019-2858", "CVE-2019-2755", "CVE-2018-11054", "CVE-2019-2801", "CVE-2016-6814", "CVE-2018-9861", "CVE-2019-2857", "CVE-2016-1000031", "CVE-2018-1000301", "CVE-2019-2874", "CVE-2019-2753", "CVE-2019-2756", "CVE-2018-12023", "CVE-2019-2787", "CVE-2018-8039", "CVE-2019-2773", "CVE-2019-2729", "CVE-2019-2863", "CVE-2019-2832"], "modified": "2019-08-16T00:00:00", "id": "ORACLE:CPUJUL2019-5072835", "href": "https://www.oracle.com/security-alerts/cpujul2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}