Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:13614125623111220233585
HistorySep 26, 2023 - 12:00 a.m.

Debian: Security Advisory (DLA-3585-1)

2023-09-2600:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
debian
security
update
exempi
buffer overflow
out-of-bounds read
memory corruption
improper input validation
arbitrary code execution
disclosure of arbitrary memory
use-after-free

6 Medium

AI Score

Confidence

High

0.733 High

EPSS

Percentile

98.1%

JSON

The remote host is missing an update for the Debian

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.1.2.2023.3585");
  script_cve_id("CVE-2020-18651", "CVE-2020-18652", "CVE-2021-36045", "CVE-2021-36046", "CVE-2021-36047", "CVE-2021-36048", "CVE-2021-36050", "CVE-2021-36051", "CVE-2021-36052", "CVE-2021-36053", "CVE-2021-36054", "CVE-2021-36055", "CVE-2021-36056", "CVE-2021-36057", "CVE-2021-36058", "CVE-2021-36064", "CVE-2021-39847", "CVE-2021-40716", "CVE-2021-40732", "CVE-2021-42528", "CVE-2021-42529", "CVE-2021-42530", "CVE-2021-42531", "CVE-2021-42532");
  script_tag(name:"creation_date", value:"2023-09-26 04:26:05 +0000 (Tue, 26 Sep 2023)");
  script_version("2024-02-02T05:06:10+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-05-11 00:36:37 +0000 (Wed, 11 May 2022)");

  script_name("Debian: Security Advisory (DLA-3585-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB10");

  script_xref(name:"Advisory-ID", value:"DLA-3585-1");
  script_xref(name:"URL", value:"https://www.debian.org/lts/security/2023/DLA-3585-1");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/exempi");
  script_xref(name:"URL", value:"https://wiki.debian.org/LTS");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'exempi' package(s) announced via the DLA-3585-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Multiple vulneratibilities were found in exempi, an implementation of XMP (Extensible Metadata Platform).

CVE-2020-18651

A Buffer Overflow vulnerability was found in function ID3_Support::ID3v2Frame::getFrameValue allows remote attackers to cause a denial of service.

CVE-2020-18652

A Buffer Overflow vulnerability was found in WEBP_Support.cpp allows remote attackers to cause a denial of service.

CVE-2021-36045

An out-of-bounds read vulnerability was found that could lead to disclosure of arbitrary memory.

CVE-2021-36046

A memory corruption vulnerability was found, potentially resulting in arbitrary code execution in the context of the current use

CVE-2021-36047

An Improper Input Validation vulnerability was found, potentially resulting in arbitrary code execution in the context of the current use.

CVE-2021-36048

An Improper Input Validation was found, potentially resulting in arbitrary code execution in the context of the current user.

CVE-2021-36050

A buffer overflow vulnerability was found, potentially resulting in arbitrary code execution in the context of the current user.

CVE-2021-36051

A buffer overflow vulnerability was found, potentially resulting in arbitrary code execution in the context of the current user.

CVE-2021-36052

A memory corruption vulnerability was found, potentially resulting in arbitrary code execution in the context of the current user.

CVE-2021-36053

An out-of-bounds read vulnerability was found, that could lead to disclosure of arbitrary memory.

CVE-2021-36054

A buffer overflow vulnerability was found potentially resulting in local application denial of service.

CVE-2021-36055

A use-after-free vulnerability was found that could result in arbitrary code execution.

CVE-2021-36056

A buffer overflow vulnerability was found, potentially resulting in arbitrary code execution in the context of the current user.

CVE-2021-36057

A write-what-where condition vulnerability was found, caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.

CVE-2021-36058

An Integer Overflow vulnerability was found, potentially resulting in application-level denial of service in the context of the current user.

CVE-2021-36064

A Buffer Underflow vulnerability was found which could result in arbitrary code execution in the context of the current user

CVE-2021-39847

A stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user.

CVE-2021-40716

An out-of-bounds read vulnerability was found that could lead to disclosure of sensitive memory

CVE-2021-40732

A null pointer dereference vulnerability was found, that could result in leaking data from certain memory locations and causing a local denial of service

CVE-2021-42528

A ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'exempi' package(s) on Debian 10.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB10") {

  if(!isnull(res = isdpkgvuln(pkg:"exempi", ver:"2.5.0-2+deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libexempi-dev", ver:"2.5.0-2+deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libexempi8", ver:"2.5.0-2+deb10u1", rls:"DEB10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 6
mageia 1
nessus 8
debian 1
osv 25
ubuntu 1
adobe 3
cvelist 23
prion 23
veracode 22
cnvd 18
debiancve 22
cve 22
ubuntucve 21
amazon 1
redhatcve 2
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0236)
2022-06-20 00:00:00
Ubuntu: Security Advisory (USN-5483-1)
2022-06-17 00:00:00
Huawei EulerOS: Security Advisory for exempi (EulerOS-SA-2024-1262)
2024-03-12 00:00:00
mageia
mageia
Updated exempi packages fix security vulnerability
2022-06-19 00:30:41
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Exempi vulnerabilities (USN-5483-1)
2022-06-17 00:00:00
Debian DLA-3585-1 : exempi - LTS security update
2023-09-26 00:00:00
RHEL 7 : exempi (Unpatched Vulnerability)
2024-05-11 00:00:00
debian
debian
[SECURITY] [DLA 3585-1] exempi security update
2023-09-25 22:37:52
osv
osv
exempi - security update
2023-09-25 00:00:00
exempi vulnerabilities
2022-06-16 15:33:59
CVE-2021-36057
2021-09-01 15:15:11
ubuntu
ubuntu
Exempi vulnerabilities
2022-06-16 00:00:00
adobe
adobe
APSB21-65 Security updates available for Adobe XMP Toolkit SDK
2021-08-17 00:00:00
APSB21-85 Security update available for Adobe XMP Toolkit SDK
2021-09-14 00:00:00
APSB21-108: Security update available for Adobe XMP Toolkit SDK
2021-10-26 00:00:00
cvelist
cvelist
CVE-2020-18652
2023-08-22 00:00:00
CVE-2021-42531 XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution
2022-05-02 00:00:00
CVE-2021-36064 XMP Toolkit SDK SVG_Adapter ParseFullNS Buffer Underflow
2021-09-01 00:00:00
prion
prion
Design/Logic Flaw
2021-09-01 15:15:00
Null pointer dereference
2021-10-13 17:15:00
Buffer overflow
2023-08-22 19:15:00
veracode
veracode
Denial Of Service (DoS)
2022-05-12 11:22:26
Arbitrary Code Execution
2022-05-13 07:11:54
Buffer Overflow
2023-10-11 04:27:56
cnvd
cnvd
Adobe XMP Toolkit SDK null pointer dereference vulnerability
2021-10-27 00:00:00
Adobe XMP Toolkit SDK Stack Buffer Overflow Vulnerability (CNVD-2021-91982)
2021-10-27 00:00:00
Adobe XMP Toolkit SDK buffer underflow vulnerability
2021-08-18 00:00:00
debiancve
debiancve
CVE-2021-42530
2022-05-02 23:15:00
CVE-2020-18651
2023-08-22 19:15:00
CVE-2021-36048
2021-09-01 15:15:00
cve
cve
CVE-2021-36057
2021-09-01 15:15:00
CVE-2021-40732
2021-10-13 17:15:00
CVE-2021-42532
2022-05-02 23:15:00
ubuntucve
ubuntucve
CVE-2021-42532
2022-05-02 00:00:00
CVE-2021-36057
2021-09-01 00:00:00
CVE-2020-18651
2023-08-22 00:00:00
amazon
amazon
Medium: exempi
2023-09-13 23:44:00
redhatcve
redhatcve
CVE-2020-18651
2023-08-29 13:15:26
CVE-2020-18652
2023-08-29 13:15:32

6 Medium

AI Score

Confidence

High

0.733 High

EPSS

Percentile

98.1%

JSON
Related for OPENVAS:13614125623111220233585
openvas6mageia1nessus8debian1osv25ubuntu1adobe3cvelist23prion23veracode22cnvd18debiancve22cve22ubuntucve21amazon1redhatcve2