7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.3%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.871090");
script_version("2024-03-21T05:06:54+0000");
script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
script_tag(name:"creation_date", value:"2013-12-17 11:52:33 +0530 (Tue, 17 Dec 2013)");
script_cve_id("CVE-2013-6629");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("RedHat Update for libjpeg RHSA-2013:1804-01");
script_tag(name:"affected", value:"libjpeg on Red Hat Enterprise Linux (v. 5 server)");
script_tag(name:"insight", value:"The libjpeg package contains a library of functions for manipulating JPEG
images. It also contains simple client programs for accessing the
libjpeg functions.
An uninitialized memory read issue was found in the way libjpeg decoded
images with missing Start Of Scan (SOS) JPEG markers. A remote attacker
could create a specially crafted JPEG image that, when decoded, could
possibly lead to a disclosure of potentially sensitive information.
(CVE-2013-6629)
All libjpeg users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"RHSA", value:"2013:1804-01");
script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2013-December/msg00012.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'libjpeg'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_5");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"libjpeg", rpm:"libjpeg~6b~38", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libjpeg-debuginfo", rpm:"libjpeg-debuginfo~6b~38", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libjpeg-devel", rpm:"libjpeg-devel~6b~38", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}