ID OPENVAS:870524 Type openvas Reporter Copyright (c) 2011 Greenbone Networks GmbH Modified 2017-07-12T00:00:00
Description
Check for the Version of netpbm
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for netpbm RHSA-2011:1811-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The netpbm packages contain a library of functions which support programs
for handling various graphics file formats, including .pbm (Portable Bit
Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable
Pixel Map), and others.
Two heap-based buffer overflow flaws were found in the embedded JasPer
library, which is used to provide support for Part 1 of the JPEG 2000 image
compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker
could create a malicious JPEG 2000 compressed image file that could cause
jpeg2ktopam to crash or, potentially, execute arbitrary code with the
privileges of the user running jpeg2ktopam. These flaws do not affect
pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)
A stack-based buffer overflow flaw was found in the way the xpmtoppm tool
processed X PixMap (XPM) image files. An attacker could create a malicious
XPM file that would cause xpmtoppm to crash or, potentially, execute
arbitrary code with the privileges of the user running xpmtoppm.
(CVE-2009-4274)
Red Hat would like to thank Jonathan Foote of the CERT Coordination Center
for reporting the CVE-2011-4516 and CVE-2011-4517 issues.
All users of netpbm are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.";
tag_affected = "netpbm on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2011-December/msg00034.html");
script_id(870524);
script_version("$Revision: 6685 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $");
script_tag(name:"creation_date", value:"2011-12-16 11:08:49 +0530 (Fri, 16 Dec 2011)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "RHSA", value: "2011:1811-01");
script_cve_id("CVE-2009-4274", "CVE-2011-4516", "CVE-2011-4517");
script_name("RedHat Update for netpbm RHSA-2011:1811-01");
script_summary("Check for the Version of netpbm");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"netpbm", rpm:"netpbm~10.35.58~8.el5_7.3", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"netpbm-debuginfo", rpm:"netpbm-debuginfo~10.35.58~8.el5_7.3", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"netpbm-devel", rpm:"netpbm-devel~10.35.58~8.el5_7.3", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"netpbm-progs", rpm:"netpbm-progs~10.35.58~8.el5_7.3", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "RHENT_4")
{
if ((res = isrpmvuln(pkg:"netpbm", rpm:"netpbm~10.35.58~8.el4", rls:"RHENT_4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"netpbm-debuginfo", rpm:"netpbm-debuginfo~10.35.58~8.el4", rls:"RHENT_4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"netpbm-devel", rpm:"netpbm-devel~10.35.58~8.el4", rls:"RHENT_4")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"netpbm-progs", rpm:"netpbm-progs~10.35.58~8.el4", rls:"RHENT_4")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:870524", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for netpbm RHSA-2011:1811-01", "description": "Check for the Version of netpbm", "published": "2011-12-16T00:00:00", "modified": "2017-07-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870524", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["https://www.redhat.com/archives/rhsa-announce/2011-December/msg00034.html", "2011:1811-01"], "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "lastseen": "2017-07-27T10:55:34", "viewCount": 0, "enchantments": {"score": {"value": 7.9, "vector": "NONE", "modified": "2017-07-27T10:55:34", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4517", "CVE-2009-4274", "CVE-2011-4516"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1315-1.NASL", "ORACLELINUX_ELSA-2011-1811.NASL", "SL_20111212_NETPBM_ON_SL4_X.NASL", "REDHAT-RHSA-2011-1811.NASL", "GENTOO_GLSA-201201-10.NASL", "CENTOS_RHSA-2011-1807.NASL", "CENTOS_RHSA-2011-1811.NASL", "SUSE_11_4_JASPER-111214.NASL", "MANDRIVA_MDVSA-2011-189.NASL", "FEDORA_2011-16966.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881332", "OPENVAS:1361412562310122045", "OPENVAS:881332", "OPENVAS:881359", "OPENVAS:1361412562310881057", "OPENVAS:881054", "OPENVAS:1361412562310870524", "OPENVAS:881057", "OPENVAS:1361412562310881054", "OPENVAS:1361412562310881359"]}, {"type": "centos", "idList": ["CESA-2011:1807", "CESA-2011:1811"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1807", "ELSA-2011-1811"]}, {"type": "redhat", "idList": ["RHSA-2011:1807", "RHSA-2011:1811"]}, {"type": "fedora", "idList": ["FEDORA:868E920D5C", "FEDORA:56ECD605E7E0", "FEDORA:DAF26608A21E", "FEDORA:7F98920C39", "FEDORA:266F0605DFF9"]}, {"type": "suse", "idList": ["SUSE-SU-2011:1317-1", "OPENSUSE-SU-2011:1328-1", "SUSE-SU-2011:1317-2"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12100"]}, {"type": "gentoo", "idList": ["GLSA-201311-08", "GLSA-201201-10"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2026-1:4CAB8", "DEBIAN:DSA-2371-1:30F91"]}, {"type": "cert", "idList": ["VU:887409"]}, {"type": "ubuntu", "idList": ["USN-934-1", "USN-1315-1"]}, {"type": "freebsd", "idList": ["8FF84335-A7DA-11E2-B3F5-003067C2616F"]}, {"type": "archlinux", "idList": ["ASA-201412-22"]}], "modified": "2017-07-27T10:55:34", "rev": 2}, "vulnersScore": 7.9}, "pluginID": "870524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for netpbm RHSA-2011:1811-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n\n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\";\n\ntag_affected = \"netpbm on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00034.html\");\n script_id(870524);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:08:49 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1811-01\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_name(\"RedHat Update for netpbm RHSA-2011:1811-01\");\n\n script_summary(\"Check for the Version of netpbm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-debuginfo\", rpm:\"netpbm-debuginfo~10.35.58~8.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-debuginfo\", rpm:\"netpbm-debuginfo~10.35.58~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:39:33", "description": "Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.", "edition": 3, "cvss3": {}, "published": "2011-12-15T03:57:00", "title": "CVE-2011-4516", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4516"], "modified": "2016-12-07T03:00:00", "cpe": ["cpe:/a:jasper_project:jasper:1.900.1"], "id": "CVE-2011-4516", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4516", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:19", "description": "Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.", "edition": 3, "cvss3": {}, "published": "2010-02-12T21:30:00", "title": "CVE-2009-4274", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4274"], "modified": "2017-08-17T01:31:00", "cpe": ["cpe:/a:netpbm:netpbm:10.35.34", "cpe:/a:netpbm:netpbm:10.35.43", "cpe:/a:netpbm:netpbm:10.35.04", "cpe:/a:netpbm:netpbm:10.35.14", "cpe:/a:netpbm:netpbm:10.47.01", "cpe:/a:netpbm:netpbm:10.9", "cpe:/a:netpbm:netpbm:10.20", "cpe:/a:netpbm:netpbm:10.35.11", "cpe:/a:netpbm:netpbm:10.35.18", "cpe:/a:netpbm:netpbm:10.35.22", "cpe:/a:netpbm:netpbm:10.35.44", "cpe:/a:netpbm:netpbm:10.47.05", "cpe:/a:netpbm:netpbm:10.35.40", "cpe:/a:netpbm:netpbm:10.35.03", "cpe:/a:netpbm:netpbm:10.35.42", "cpe:/a:netpbm:netpbm:10.35.29", "cpe:/a:netpbm:netpbm:10.13", "cpe:/a:netpbm:netpbm:10.25", "cpe:/a:netpbm:netpbm:10.35.02", "cpe:/a:netpbm:netpbm:10.35.38", "cpe:/a:netpbm:netpbm:10.35.06", "cpe:/a:netpbm:netpbm:10.40.00", "cpe:/a:netpbm:netpbm:10.35.39", "cpe:/a:netpbm:netpbm:10.43.00", "cpe:/a:netpbm:netpbm:10.35.17", "cpe:/a:netpbm:netpbm:10.35.05", "cpe:/a:netpbm:netpbm:10.18", "cpe:/a:netpbm:netpbm:10.47.06", "cpe:/a:netpbm:netpbm:10.35.28", "cpe:/a:netpbm:netpbm:10.38.00", "cpe:/a:netpbm:netpbm:10.46.00", "cpe:/a:netpbm:netpbm:10.35.20", "cpe:/a:netpbm:netpbm:10.35.32", "cpe:/a:netpbm:netpbm:10.35.07", "cpe:/a:netpbm:netpbm:10.19", "cpe:/a:netpbm:netpbm:10.35.25", "cpe:/a:netpbm:netpbm:10.35.16", "cpe:/a:netpbm:netpbm:10.35.23", "cpe:/a:netpbm:netpbm:10.35.08", "cpe:/a:netpbm:netpbm:10.4", "cpe:/a:netpbm:netpbm:10.28", "cpe:/a:netpbm:netpbm:10.47.02", "cpe:/a:netpbm:netpbm:10.35.12", "cpe:/a:netpbm:netpbm:10.29", "cpe:/a:netpbm:netpbm:10.35.35", "cpe:/a:netpbm:netpbm:10.35.19", "cpe:/a:netpbm:netpbm:10.23", "cpe:/a:netpbm:netpbm:10.2", "cpe:/a:netpbm:netpbm:10.0", "cpe:/a:netpbm:netpbm:10.27", "cpe:/a:netpbm:netpbm:10.17", "cpe:/a:netpbm:netpbm:10.36.00", "cpe:/a:netpbm:netpbm:10.35.13", "cpe:/a:netpbm:netpbm:10.35.33", "cpe:/a:netpbm:netpbm:10.47.00", "cpe:/a:netpbm:netpbm:10.6", "cpe:/a:netpbm:netpbm:10.10", "cpe:/a:netpbm:netpbm:10.21", "cpe:/a:netpbm:netpbm:10.26", "cpe:/a:netpbm:netpbm:10.47.04", "cpe:/a:netpbm:netpbm:10.16", "cpe:/a:netpbm:netpbm:10.33", "cpe:/a:netpbm:netpbm:10.1", "cpe:/a:netpbm:netpbm:10.35.46", "cpe:/a:netpbm:netpbm:10.8", "cpe:/a:netpbm:netpbm:10.35.26", "cpe:/a:netpbm:netpbm:10.35.21", "cpe:/a:netpbm:netpbm:10.24", "cpe:/a:netpbm:netpbm:10.35.36", "cpe:/a:netpbm:netpbm:10.31", "cpe:/a:netpbm:netpbm:10.42.00", "cpe:/a:netpbm:netpbm:10.22", "cpe:/a:netpbm:netpbm:10.35.15", "cpe:/a:netpbm:netpbm:10.5", "cpe:/a:netpbm:netpbm:10.35.09", "cpe:/a:netpbm:netpbm:10.35.01", "cpe:/a:netpbm:netpbm:10.35.47", "cpe:/a:netpbm:netpbm:10.3", "cpe:/a:netpbm:netpbm:10.15", "cpe:/a:netpbm:netpbm:10.14", "cpe:/a:netpbm:netpbm:10.7", "cpe:/a:netpbm:netpbm:10.11", "cpe:/a:netpbm:netpbm:10.35.31", "cpe:/a:netpbm:netpbm:10.39.00", "cpe:/a:netpbm:netpbm:10.35.41", "cpe:/a:netpbm:netpbm:10.44.00", "cpe:/a:netpbm:netpbm:10.37.00", "cpe:/a:netpbm:netpbm:10.35.24", "cpe:/a:netpbm:netpbm:10.30", "cpe:/a:netpbm:netpbm:10.32", "cpe:/a:netpbm:netpbm:10.35.45", "cpe:/a:netpbm:netpbm:10.12", "cpe:/a:netpbm:netpbm:10.41.00", "cpe:/a:netpbm:netpbm:10.35.30", "cpe:/a:netpbm:netpbm:10.45.00", "cpe:/a:netpbm:netpbm:10.35.00", "cpe:/a:netpbm:netpbm:10.35.37", "cpe:/a:netpbm:netpbm:10.47.03", "cpe:/a:netpbm:netpbm:10.34", "cpe:/a:netpbm:netpbm:10.35.27", "cpe:/a:netpbm:netpbm:10.35.10"], "id": "CVE-2009-4274", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4274", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netpbm:netpbm:10.35.29:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.12:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.26:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.44.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.20:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.41:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.39:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.14:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.19:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.17:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.28:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.40.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.23:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.12:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.47.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.07:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.05:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.15:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.5:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.24:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.32:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.11:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.44:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.47.02:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.31:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.37:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.01:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.27:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.18:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.31:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.41.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.11:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.38.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.40:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.36.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.16:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.21:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.25:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.25:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.47.03:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.47:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.43:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.7:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.43.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.35:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.38:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.03:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.47.06:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.45.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.13:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.47.01:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.39.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.36:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.28:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.22:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.37.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.34:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.30:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.06:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.02:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.17:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.8:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.33:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.42.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.30:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.29:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.21:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.20:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.9:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.46.00:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.16:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.23:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.08:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.6:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.26:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.22:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.34:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.46:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.15:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.33:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.04:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.14:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.10:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.24:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.13:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.09:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.47.05:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.10:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.45:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.32:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.19:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.47.04:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.18:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.35.42:*:*:*:*:*:*:*", "cpe:2.3:a:netpbm:netpbm:10.27:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:39:33", "description": "The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.", "edition": 3, "cvss3": {}, "published": "2011-12-15T03:57:00", "title": "CVE-2011-4517", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4517"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:jasper_project:jasper:1.900.1"], "id": "CVE-2011-4517", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4517", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jasper_project:jasper:1.900.1:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-06T09:27:22", "description": "Updated netpbm packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe netpbm packages contain a library of functions which support\nprograms for handling various graphics file formats, including .pbm\n(Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map),\n.ppm (Portable Pixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000\nimage compression standard in the jpeg2ktopam and pamtojpeg2k tools.\nAn attacker could create a malicious JPEG 2000 compressed image file\nthat could cause jpeg2ktopam to crash or, potentially, execute\narbitrary code with the privileges of the user running jpeg2ktopam.\nThese flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm\ntool processed X PixMap (XPM) image files. An attacker could create a\nmalicious XPM file that would cause xpmtoppm to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nxpmtoppm. (CVE-2009-4274)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 33, "published": "2011-12-13T00:00:00", "title": "CentOS 4 / 5 : netpbm (CESA-2011:1811)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "modified": "2011-12-13T00:00:00", "cpe": ["p-cpe:/a:centos:centos:netpbm-devel", "p-cpe:/a:centos:centos:netpbm-progs", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:netpbm", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/57140", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1811 and \n# CentOS Errata and Security Advisory 2011:1811 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57140);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_bugtraq_id(38164, 50992);\n script_xref(name:\"RHSA\", value:\"2011:1811\");\n\n script_name(english:\"CentOS 4 / 5 : netpbm (CESA-2011:1811)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated netpbm packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe netpbm packages contain a library of functions which support\nprograms for handling various graphics file formats, including .pbm\n(Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map),\n.ppm (Portable Pixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000\nimage compression standard in the jpeg2ktopam and pamtojpeg2k tools.\nAn attacker could create a malicious JPEG 2000 compressed image file\nthat could cause jpeg2ktopam to crash or, potentially, execute\narbitrary code with the privileges of the user running jpeg2ktopam.\nThese flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm\ntool processed X PixMap (XPM) image files. An attacker could create a\nmalicious XPM file that would cause xpmtoppm to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nxpmtoppm. (CVE-2009-4274)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018319.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f19815f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018320.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5dfe54de\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018321.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75088498\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018322.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81a9fe4f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected netpbm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netpbm-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"netpbm-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"netpbm-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"netpbm-devel-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"netpbm-devel-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"netpbm-progs-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"netpbm-progs-10.35.58-8.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"netpbm-10.35.58-8.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"netpbm-devel-10.35.58-8.el5_7.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"netpbm-progs-10.35.58-8.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netpbm / netpbm-devel / netpbm-progs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:10:09", "description": "Updated netpbm packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe netpbm packages contain a library of functions which support\nprograms for handling various graphics file formats, including .pbm\n(Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map),\n.ppm (Portable Pixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000\nimage compression standard in the jpeg2ktopam and pamtojpeg2k tools.\nAn attacker could create a malicious JPEG 2000 compressed image file\nthat could cause jpeg2ktopam to crash or, potentially, execute\narbitrary code with the privileges of the user running jpeg2ktopam.\nThese flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm\ntool processed X PixMap (XPM) image files. An attacker could create a\nmalicious XPM file that would cause xpmtoppm to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nxpmtoppm. (CVE-2009-4274)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 35, "published": "2011-12-13T00:00:00", "title": "RHEL 4 / 5 : netpbm (RHSA-2011:1811)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "modified": "2011-12-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:netpbm", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:netpbm-devel", "p-cpe:/a:redhat:enterprise_linux:netpbm-progs"], "id": "REDHAT-RHSA-2011-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/57081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1811. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57081);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_bugtraq_id(38164, 50992);\n script_xref(name:\"RHSA\", value:\"2011:1811\");\n\n script_name(english:\"RHEL 4 / 5 : netpbm (RHSA-2011:1811)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated netpbm packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe netpbm packages contain a library of functions which support\nprograms for handling various graphics file formats, including .pbm\n(Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map),\n.ppm (Portable Pixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000\nimage compression standard in the jpeg2ktopam and pamtojpeg2k tools.\nAn attacker could create a malicious JPEG 2000 compressed image file\nthat could cause jpeg2ktopam to crash or, potentially, execute\narbitrary code with the privileges of the user running jpeg2ktopam.\nThese flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm\ntool processed X PixMap (XPM) image files. An attacker could create a\nmalicious XPM file that would cause xpmtoppm to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nxpmtoppm. (CVE-2009-4274)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4274\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected netpbm, netpbm-devel and / or netpbm-progs\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netpbm-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1811\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"netpbm-10.35.58-8.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"netpbm-devel-10.35.58-8.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"netpbm-progs-10.35.58-8.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"netpbm-10.35.58-8.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"netpbm-devel-10.35.58-8.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"netpbm-progs-10.35.58-8.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"netpbm-progs-10.35.58-8.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"netpbm-progs-10.35.58-8.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netpbm / netpbm-devel / netpbm-progs\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:23", "description": "From Red Hat Security Advisory 2011:1811 :\n\nUpdated netpbm packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe netpbm packages contain a library of functions which support\nprograms for handling various graphics file formats, including .pbm\n(Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map),\n.ppm (Portable Pixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000\nimage compression standard in the jpeg2ktopam and pamtojpeg2k tools.\nAn attacker could create a malicious JPEG 2000 compressed image file\nthat could cause jpeg2ktopam to crash or, potentially, execute\narbitrary code with the privileges of the user running jpeg2ktopam.\nThese flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm\ntool processed X PixMap (XPM) image files. An attacker could create a\nmalicious XPM file that would cause xpmtoppm to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nxpmtoppm. (CVE-2009-4274)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 31, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : netpbm (ELSA-2011-1811)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:netpbm", "p-cpe:/a:oracle:linux:netpbm-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:netpbm-progs"], "id": "ORACLELINUX_ELSA-2011-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/68404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1811 and \n# Oracle Linux Security Advisory ELSA-2011-1811 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68404);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_bugtraq_id(38164, 50992);\n script_xref(name:\"RHSA\", value:\"2011:1811\");\n\n script_name(english:\"Oracle Linux 4 / 5 : netpbm (ELSA-2011-1811)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1811 :\n\nUpdated netpbm packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe netpbm packages contain a library of functions which support\nprograms for handling various graphics file formats, including .pbm\n(Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map),\n.ppm (Portable Pixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000\nimage compression standard in the jpeg2ktopam and pamtojpeg2k tools.\nAn attacker could create a malicious JPEG 2000 compressed image file\nthat could cause jpeg2ktopam to crash or, potentially, execute\narbitrary code with the privileges of the user running jpeg2ktopam.\nThese flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm\ntool processed X PixMap (XPM) image files. An attacker could create a\nmalicious XPM file that would cause xpmtoppm to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nxpmtoppm. (CVE-2009-4274)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002501.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002502.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected netpbm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netpbm-progs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"netpbm-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"netpbm-devel-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"netpbm-progs-10.35.58-8.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"netpbm-10.35.58-8.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"netpbm-devel-10.35.58-8.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"netpbm-progs-10.35.58-8.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"netpbm / netpbm-devel / netpbm-progs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:46:13", "description": "The netpbm packages contain a library of functions which support\nprograms for handling various graphics file formats, including .pbm\n(Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map),\n.ppm (Portable Pixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000\nimage compression standard in the jpeg2ktopam and pamtojpeg2k tools.\nAn attacker could create a malicious JPEG 2000 compressed image file\nthat could cause jpeg2ktopam to crash or, potentially, execute\narbitrary code with the privileges of the user running jpeg2ktopam.\nThese flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm\ntool processed X PixMap (XPM) image files. An attacker could create a\nmalicious XPM file that would cause xpmtoppm to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nxpmtoppm. (CVE-2009-4274)\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111212_NETPBM_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61204);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\");\n\n script_name(english:\"Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The netpbm packages contain a library of functions which support\nprograms for handling various graphics file formats, including .pbm\n(Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map),\n.ppm (Portable Pixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000\nimage compression standard in the jpeg2ktopam and pamtojpeg2k tools.\nAn attacker could create a malicious JPEG 2000 compressed image file\nthat could cause jpeg2ktopam to crash or, potentially, execute\narbitrary code with the privileges of the user running jpeg2ktopam.\nThese flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm\ntool processed X PixMap (XPM) image files. An attacker could create a\nmalicious XPM file that would cause xpmtoppm to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nxpmtoppm. (CVE-2009-4274)\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=2752\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?167cc1bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"netpbm-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"netpbm-debuginfo-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"netpbm-devel-10.35.58-8.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"netpbm-progs-10.35.58-8.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"netpbm-10.35.58-8.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"netpbm-debuginfo-10.35.58-8.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"netpbm-devel-10.35.58-8.el5_7.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"netpbm-progs-10.35.58-8.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:00:57", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Heap-based buffer overflow in the jpc_cox_getcompparms\n function in libjasper/ jpc/jpc_cs.c in JasPer 1.900.1\n allows remote attackers to execute arbitrary code or\n cause a denial of service (memory corruption) via a\n crafted numrlvls value in a coding style default (COD)\n marker segment in a JPEG2000 file. (CVE-2011-4516)\n\n - The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c\n in JasPer 1.900.1 uses an incorrect data type during a\n certain size calculation, which allows remote attackers\n to trigger a heap-based buffer overflow and execute\n arbitrary code, or cause a denial of service (heap\n memory corruption), via a crafted component registration\n (CRG) marker segment in a JPEG2000 file. (CVE-2011-4517)", "edition": 26, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : ghostscript (multiple_denial_of_service_vulnerabilities7)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:ghostscript", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_GHOSTSCRIPT_20120710.NASL", "href": "https://www.tenable.com/plugins/nessus/80618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80618);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4516\", \"CVE-2011-4517\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : ghostscript (multiple_denial_of_service_vulnerabilities7)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Heap-based buffer overflow in the jpc_cox_getcompparms\n function in libjasper/ jpc/jpc_cs.c in JasPer 1.900.1\n allows remote attackers to execute arbitrary code or\n cause a denial of service (memory corruption) via a\n crafted numrlvls value in a coding style default (COD)\n marker segment in a JPEG2000 file. (CVE-2011-4516)\n\n - The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c\n in JasPer 1.900.1 uses an incorrect data type during a\n certain size calculation, which allows remote attackers\n to trigger a heap-based buffer overflow and execute\n arbitrary code, or cause a denial of service (heap\n memory corruption), via a crafted component registration\n (CRG) marker segment in a JPEG2000 file. (CVE-2011-4517)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-vulnerabilities-in-ghostscript\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01245c03\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 6.6.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:ghostscript\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^ghostscript$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ghostscript\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.6.0.6.0\", sru:\"SRU 6.6\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : ghostscript\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"ghostscript\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:23", "description": "CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to\narbitrary code execution (CERT VU#887409)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2012-01-03T00:00:00", "title": "Fedora 16 : jasper-1.900.1-18.fc16 (2011-16966)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "modified": "2012-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jasper", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-16966.NASL", "href": "https://www.tenable.com/plugins/nessus/57417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-16966.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57417);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4516\", \"CVE-2011-4517\");\n script_bugtraq_id(50992);\n script_xref(name:\"CERT\", value:\"887409\");\n script_xref(name:\"FEDORA\", value:\"2011-16966\");\n\n script_name(english:\"Fedora 16 : jasper-1.900.1-18.fc16 (2011-16966)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to\narbitrary code execution (CERT VU#887409)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=747726\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071458.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cee69b94\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"jasper-1.900.1-18.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:08:40", "description": "Specially crafted JPEG2000 files could cause a heap buffer overflow in\njasper (CVE-2011-4516, CVE-2011-4517)", "edition": 26, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : jasper (openSUSE-SU-2011:1328-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjasper-devel", "p-cpe:/a:novell:opensuse:jasper-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:jasper", "p-cpe:/a:novell:opensuse:libjasper1", "p-cpe:/a:novell:opensuse:libjasper1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libjasper1-32bit", "p-cpe:/a:novell:opensuse:jasper-debugsource", "p-cpe:/a:novell:opensuse:libjasper1-debuginfo"], "id": "SUSE_11_4_JASPER-111214.NASL", "href": "https://www.tenable.com/plugins/nessus/75869", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update jasper-5543.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75869);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4516\", \"CVE-2011-4517\");\n\n script_name(english:\"openSUSE Security Update : jasper (openSUSE-SU-2011:1328-1)\");\n script_summary(english:\"Check for the jasper-5543 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted JPEG2000 files could cause a heap buffer overflow in\njasper (CVE-2011-4516, CVE-2011-4517)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-12/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"jasper-1.900.1-146.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"jasper-debuginfo-1.900.1-146.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"jasper-debugsource-1.900.1-146.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libjasper-devel-1.900.1-146.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libjasper1-1.900.1-146.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libjasper1-debuginfo-1.900.1-146.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libjasper1-32bit-1.900.1-146.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libjasper1-debuginfo-32bit-1.900.1-146.147.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / libjasper-devel / libjasper1 / libjasper1-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:53:32", "description": "Multiple vulnerabilities has been discovered and corrected in jasper :\n\nHeap-based buffer overflow in the jpc_cox_getcompparms function in\nlibjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory\ncorruption) via a crafted numrlvls value in a JPEG2000 file\n(CVE-2011-4516).\n\nThe jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer\n1.900.1 uses an incorrect data type during a certain size calculation,\nwhich allows remote attackers to trigger a heap-based buffer overflow\nand execute arbitrary code, or cause a denial of service (heap memory\ncorruption), via a malformed JPEG2000 file (CVE-2011-4517).\n\nThe updated packages have been patched to correct these issues.", "edition": 26, "published": "2011-12-19T00:00:00", "title": "Mandriva Linux Security Advisory : jasper (MDVSA-2011:189)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "modified": "2011-12-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libjasper1", "p-cpe:/a:mandriva:linux:lib64jasper-static-devel", "p-cpe:/a:mandriva:linux:lib64jasper1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libjasper-static-devel", "p-cpe:/a:mandriva:linux:jasper", "p-cpe:/a:mandriva:linux:lib64jasper-devel", "p-cpe:/a:mandriva:linux:libjasper-devel"], "id": "MANDRIVA_MDVSA-2011-189.NASL", "href": "https://www.tenable.com/plugins/nessus/57331", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:189. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57331);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4516\", \"CVE-2011-4517\");\n script_bugtraq_id(50992);\n script_xref(name:\"MDVSA\", value:\"2011:189\");\n\n script_name(english:\"Mandriva Linux Security Advisory : jasper (MDVSA-2011:189)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in jasper :\n\nHeap-based buffer overflow in the jpc_cox_getcompparms function in\nlibjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory\ncorruption) via a crafted numrlvls value in a JPEG2000 file\n(CVE-2011-4516).\n\nThe jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer\n1.900.1 uses an incorrect data type during a certain size calculation,\nwhich allows remote attackers to trigger a heap-based buffer overflow\nand execute arbitrary code, or cause a denial of service (heap memory\ncorruption), via a malformed JPEG2000 file (CVE-2011-4517).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64jasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"jasper-1.900.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64jasper-devel-1.900.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64jasper-static-devel-1.900.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64jasper1-1.900.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libjasper-devel-1.900.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libjasper-static-devel-1.900.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libjasper1-1.900.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"jasper-1.900.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64jasper-devel-1.900.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64jasper-static-devel-1.900.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64jasper1-1.900.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libjasper-devel-1.900.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libjasper-static-devel-1.900.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libjasper1-1.900.1-12.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:27:22", "description": "Updated jasper packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJasPer is an implementation of Part 1 of the JPEG 2000 image\ncompression standard.\n\nTwo heap-based buffer overflow flaws were found in the way JasPer\ndecoded JPEG 2000 compressed image files. An attacker could create a\nmalicious JPEG 2000 compressed image file that, when opened, would\ncause applications that use JasPer (such as Nautilus) to crash or,\npotentially, execute arbitrary code. (CVE-2011-4516, CVE-2011-4517)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. All applications using the\nJasPer libraries (such as Nautilus) must be restarted for the update\nto take effect.", "edition": 34, "published": "2011-12-23T00:00:00", "title": "CentOS 6 : jasper (CESA-2011:1807)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "modified": "2011-12-23T00:00:00", "cpe": ["p-cpe:/a:centos:centos:jasper-devel", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:jasper-utils", "p-cpe:/a:centos:centos:jasper-libs", "p-cpe:/a:centos:centos:jasper"], "id": "CENTOS_RHSA-2011-1807.NASL", "href": "https://www.tenable.com/plugins/nessus/57378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1807 and \n# CentOS Errata and Security Advisory 2011:1807 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57378);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4516\", \"CVE-2011-4517\");\n script_bugtraq_id(50992);\n script_xref(name:\"RHSA\", value:\"2011:1807\");\n\n script_name(english:\"CentOS 6 : jasper (CESA-2011:1807)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated jasper packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJasPer is an implementation of Part 1 of the JPEG 2000 image\ncompression standard.\n\nTwo heap-based buffer overflow flaws were found in the way JasPer\ndecoded JPEG 2000 compressed image files. An attacker could create a\nmalicious JPEG 2000 compressed image file that, when opened, would\ncause applications that use JasPer (such as Nautilus) to crash or,\npotentially, execute arbitrary code. (CVE-2011-4516, CVE-2011-4517)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. All applications using the\nJasPer libraries (such as Nautilus) must be restarted for the update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018342.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d07c296\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:jasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:jasper-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:jasper-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"jasper-1.900.1-15.el6_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"jasper-devel-1.900.1-15.el6_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"jasper-libs-1.900.1-15.el6_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"jasper-utils-1.900.1-15.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / jasper-devel / jasper-libs / jasper-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:10:09", "description": "Updated jasper packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJasPer is an implementation of Part 1 of the JPEG 2000 image\ncompression standard.\n\nTwo heap-based buffer overflow flaws were found in the way JasPer\ndecoded JPEG 2000 compressed image files. An attacker could create a\nmalicious JPEG 2000 compressed image file that, when opened, would\ncause applications that use JasPer (such as Nautilus) to crash or,\npotentially, execute arbitrary code. (CVE-2011-4516, CVE-2011-4517)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. All applications using the\nJasPer libraries (such as Nautilus) must be restarted for the update\nto take effect.", "edition": 34, "published": "2011-12-09T00:00:00", "title": "RHEL 6 : jasper (RHSA-2011:1807)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "modified": "2011-12-09T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jasper-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jasper-libs", "p-cpe:/a:redhat:enterprise_linux:jasper-utils", "p-cpe:/a:redhat:enterprise_linux:jasper-devel", "p-cpe:/a:redhat:enterprise_linux:jasper", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-1807.NASL", "href": "https://www.tenable.com/plugins/nessus/57054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1807. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57054);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4516\", \"CVE-2011-4517\");\n script_bugtraq_id(50992);\n script_xref(name:\"RHSA\", value:\"2011:1807\");\n\n script_name(english:\"RHEL 6 : jasper (RHSA-2011:1807)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated jasper packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJasPer is an implementation of Part 1 of the JPEG 2000 image\ncompression standard.\n\nTwo heap-based buffer overflow flaws were found in the way JasPer\ndecoded JPEG 2000 compressed image files. An attacker could create a\nmalicious JPEG 2000 compressed image file that, when opened, would\ncause applications that use JasPer (such as Nautilus) to crash or,\npotentially, execute arbitrary code. (CVE-2011-4516, CVE-2011-4517)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination\nCenter for reporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain\na backported patch to correct these issues. All applications using the\nJasPer libraries (such as Nautilus) must be restarted for the update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4516\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jasper-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jasper-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1807\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jasper-1.900.1-15.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"jasper-1.900.1-15.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jasper-1.900.1-15.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jasper-debuginfo-1.900.1-15.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jasper-devel-1.900.1-15.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jasper-libs-1.900.1-15.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jasper-utils-1.900.1-15.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"jasper-utils-1.900.1-15.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jasper-utils-1.900.1-15.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / jasper-debuginfo / jasper-devel / jasper-libs / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881332", "type": "openvas", "title": "CentOS Update for netpbm CESA-2011:1811 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2011:1811 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018320.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881332\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:25:43 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1811\");\n script_name(\"CentOS Update for netpbm CESA-2011:1811 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'netpbm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"netpbm on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n\n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "Oracle Linux Local Security Checks ELSA-2011-1811", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122045", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1811.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122045\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:09 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1811\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1811 - netpbm security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1811\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1811.html\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:1361412562310881054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881054", "type": "openvas", "title": "CentOS Update for netpbm CESA-2011:1811 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2011:1811 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018321.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881054\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:09:57 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1811\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_name(\"CentOS Update for netpbm CESA-2011:1811 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'netpbm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"netpbm on CentOS 4\");\n script_tag(name:\"insight\", value:\"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n\n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "Check for the Version of netpbm", "modified": "2018-01-04T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881332", "href": "http://plugins.openvas.org/nasl.php?oid=881332", "type": "openvas", "title": "CentOS Update for netpbm CESA-2011:1811 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2011:1811 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n \n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n \n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n \n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\";\n\ntag_affected = \"netpbm on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018320.html\");\n script_id(881332);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:25:43 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1811\");\n script_name(\"CentOS Update for netpbm CESA-2011:1811 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of netpbm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "Check for the Version of netpbm", "modified": "2018-01-04T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881359", "href": "http://plugins.openvas.org/nasl.php?oid=881359", "type": "openvas", "title": "CentOS Update for netpbm CESA-2011:1811 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2011:1811 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n \n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n \n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n \n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\";\n\ntag_affected = \"netpbm on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018322.html\");\n script_id(881359);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:35:20 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1811\");\n script_name(\"CentOS Update for netpbm CESA-2011:1811 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of netpbm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "Check for the Version of netpbm", "modified": "2017-07-10T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:881057", "href": "http://plugins.openvas.org/nasl.php?oid=881057", "type": "openvas", "title": "CentOS Update for netpbm CESA-2011:1811 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2011:1811 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n\n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"netpbm on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018319.html\");\n script_id(881057);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:10:37 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1811\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_name(\"CentOS Update for netpbm CESA-2011:1811 centos5 i386\");\n\n script_summary(\"Check for the Version of netpbm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881359", "type": "openvas", "title": "CentOS Update for netpbm CESA-2011:1811 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2011:1811 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018322.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881359\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:35:20 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1811\");\n script_name(\"CentOS Update for netpbm CESA-2011:1811 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'netpbm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"netpbm on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n\n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:1361412562310881057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881057", "type": "openvas", "title": "CentOS Update for netpbm CESA-2011:1811 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2011:1811 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018319.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881057\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:10:37 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1811\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_name(\"CentOS Update for netpbm CESA-2011:1811 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'netpbm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"netpbm on CentOS 5\");\n script_tag(name:\"insight\", value:\"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n\n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el5_7.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "Check for the Version of netpbm", "modified": "2017-07-10T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:881054", "href": "http://plugins.openvas.org/nasl.php?oid=881054", "type": "openvas", "title": "CentOS Update for netpbm CESA-2011:1811 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for netpbm CESA-2011:1811 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n\n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"netpbm on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018321.html\");\n script_id(881054);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:09:57 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1811\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_name(\"CentOS Update for netpbm CESA-2011:1811 centos4 i386\");\n\n script_summary(\"Check for the Version of netpbm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:1361412562310870524", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870524", "type": "openvas", "title": "RedHat Update for netpbm RHSA-2011:1811-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for netpbm RHSA-2011:1811-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00034.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870524\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:08:49 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1811-01\");\n script_cve_id(\"CVE-2009-4274\", \"CVE-2011-4516\", \"CVE-2011-4517\");\n script_name(\"RedHat Update for netpbm RHSA-2011:1811-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'netpbm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"netpbm on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The netpbm packages contain a library of functions which support programs\n for handling various graphics file formats, including .pbm (Portable Bit\n Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\n Pixel Map), and others.\n\n Two heap-based buffer overflow flaws were found in the embedded JasPer\n library, which is used to provide support for Part 1 of the JPEG 2000 image\n compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\n could create a malicious JPEG 2000 compressed image file that could cause\n jpeg2ktopam to crash or, potentially, execute arbitrary code with the\n privileges of the user running jpeg2ktopam. These flaws do not affect\n pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\n A stack-based buffer overflow flaw was found in the way the xpmtoppm tool\n processed X PixMap (XPM) image files. An attacker could create a malicious\n XPM file that would cause xpmtoppm to crash or, potentially, execute\n arbitrary code with the privileges of the user running xpmtoppm.\n (CVE-2009-4274)\n\n Red Hat would like to thank Jonathan Foote of the CERT Coordination Center\n for reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\n All users of netpbm are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-debuginfo\", rpm:\"netpbm-debuginfo~10.35.58~8.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"netpbm\", rpm:\"netpbm~10.35.58~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-debuginfo\", rpm:\"netpbm-debuginfo~10.35.58~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-devel\", rpm:\"netpbm-devel~10.35.58~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netpbm-progs\", rpm:\"netpbm-progs~10.35.58~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:22", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1811\n\n\nThe netpbm packages contain a library of functions which support programs\nfor handling various graphics file formats, including .pbm (Portable Bit\nMap), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\nPixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000 image\ncompression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\ncould create a malicious JPEG 2000 compressed image file that could cause\njpeg2ktopam to crash or, potentially, execute arbitrary code with the\nprivileges of the user running jpeg2ktopam. These flaws do not affect\npamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm tool\nprocessed X PixMap (XPM) image files. An attacker could create a malicious\nXPM file that would cause xpmtoppm to crash or, potentially, execute\narbitrary code with the privileges of the user running xpmtoppm.\n(CVE-2009-4274)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination Center\nfor reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-December/030357.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-December/030358.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-December/030359.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-December/030360.html\n\n**Affected packages:**\nnetpbm\nnetpbm-devel\nnetpbm-progs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1811.html", "edition": 3, "modified": "2011-12-12T22:32:20", "published": "2011-12-12T22:16:22", "href": "http://lists.centos.org/pipermail/centos-announce/2011-December/030357.html", "id": "CESA-2011:1811", "title": "netpbm security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:25", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1807\n\n\nJasPer is an implementation of Part 1 of the JPEG 2000 image compression\nstandard.\n\nTwo heap-based buffer overflow flaws were found in the way JasPer decoded\nJPEG 2000 compressed image files. An attacker could create a malicious JPEG\n2000 compressed image file that, when opened, would cause applications that\nuse JasPer (such as Nautilus) to crash or, potentially, execute arbitrary\ncode. (CVE-2011-4516, CVE-2011-4517)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination Center\nfor reporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. All applications using the JasPer\nlibraries (such as Nautilus) must be restarted for the update to take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-December/030380.html\n\n**Affected packages:**\njasper\njasper-devel\njasper-libs\njasper-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1807.html", "edition": 3, "modified": "2011-12-22T15:46:17", "published": "2011-12-22T15:46:17", "href": "http://lists.centos.org/pipermail/centos-announce/2011-December/030380.html", "id": "CESA-2011:1807", "title": "jasper security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:22", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2009-4274", "CVE-2011-4517"], "description": "[10.35.58-8.el5.3]\r\n- Actually apply the patch for - CVE-2009-4274 #760849\r\n \n[10.35.58-8.el5.2]\r\n- fix xpmtoppm overfow - CVE-2009-4274 (#760849)\r\n \n[10.35.58-8.el5.1]\r\n- fix libjasper heap buffer overflow CVE-2011-4516 CVE-2011-4517 (#760849)", "edition": 4, "modified": "2011-12-12T00:00:00", "published": "2011-12-12T00:00:00", "id": "ELSA-2011-1811", "href": "http://linux.oracle.com/errata/ELSA-2011-1811.html", "title": "netpbm security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:02", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "[1.900.1-15.1]\n- CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution\n (#749149)", "edition": 4, "modified": "2011-12-14T00:00:00", "published": "2011-12-14T00:00:00", "id": "ELSA-2011-1807", "href": "http://linux.oracle.com/errata/ELSA-2011-1807.html", "title": "jasper security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4274", "CVE-2011-4516", "CVE-2011-4517"], "description": "The netpbm packages contain a library of functions which support programs\nfor handling various graphics file formats, including .pbm (Portable Bit\nMap), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable\nPixel Map), and others.\n\nTwo heap-based buffer overflow flaws were found in the embedded JasPer\nlibrary, which is used to provide support for Part 1 of the JPEG 2000 image\ncompression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker\ncould create a malicious JPEG 2000 compressed image file that could cause\njpeg2ktopam to crash or, potentially, execute arbitrary code with the\nprivileges of the user running jpeg2ktopam. These flaws do not affect\npamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)\n\nA stack-based buffer overflow flaw was found in the way the xpmtoppm tool\nprocessed X PixMap (XPM) image files. An attacker could create a malicious\nXPM file that would cause xpmtoppm to crash or, potentially, execute\narbitrary code with the privileges of the user running xpmtoppm.\n(CVE-2009-4274)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination Center\nfor reporting the CVE-2011-4516 and CVE-2011-4517 issues.\n\nAll users of netpbm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\n", "modified": "2017-09-08T12:14:58", "published": "2011-12-12T05:00:00", "id": "RHSA-2011:1811", "href": "https://access.redhat.com/errata/RHSA-2011:1811", "type": "redhat", "title": "(RHSA-2011:1811) Important: netpbm security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "JasPer is an implementation of Part 1 of the JPEG 2000 image compression\nstandard.\n\nTwo heap-based buffer overflow flaws were found in the way JasPer decoded\nJPEG 2000 compressed image files. An attacker could create a malicious JPEG\n2000 compressed image file that, when opened, would cause applications that\nuse JasPer (such as Nautilus) to crash or, potentially, execute arbitrary\ncode. (CVE-2011-4516, CVE-2011-4517)\n\nRed Hat would like to thank Jonathan Foote of the CERT Coordination Center\nfor reporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. All applications using the JasPer\nlibraries (such as Nautilus) must be restarted for the update to take\neffect.\n", "modified": "2018-06-06T20:24:23", "published": "2011-12-09T05:00:00", "id": "RHSA-2011:1807", "href": "https://access.redhat.com/errata/RHSA-2011:1807", "type": "redhat", "title": "(RHSA-2011:1807) Important: jasper security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats. ", "modified": "2012-01-02T21:52:41", "published": "2012-01-02T21:52:41", "id": "FEDORA:7F98920C39", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: jasper-1.900.1-18.fc15", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats. ", "modified": "2011-12-30T22:53:37", "published": "2011-12-30T22:53:37", "id": "FEDORA:868E920D5C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: jasper-1.900.1-18.fc16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517", "CVE-2014-9029"], "description": "MinGW Windows Jasper library. ", "modified": "2014-12-17T04:47:06", "published": "2014-12-17T04:47:06", "id": "FEDORA:56ECD605E7E0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: mingw-jasper-1.900.1-24.fc21", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517", "CVE-2014-9029"], "description": "MinGW Windows Jasper library. ", "modified": "2014-12-17T04:41:35", "published": "2014-12-17T04:41:35", "id": "FEDORA:266F0605DFF9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mingw-jasper-1.900.1-24.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517", "CVE-2014-9029"], "description": "MinGW Windows Jasper library. ", "modified": "2014-12-17T04:41:07", "published": "2014-12-17T04:41:07", "id": "FEDORA:DAF26608A21E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mingw-jasper-1.900.1-24.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:05:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "The following bug has been fixed:\n\n * Specially crafted JPEG2000 files could have caused a\n heap buffer overflow in jasper (CVE-2011-4516,\n CVE-2011-4517)\n\n Security Issues:\n\n * CVE-2011-4516\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516</a>\n >\n * CVE-2011-4517\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517</a>\n >\n\n\n", "edition": 1, "modified": "2011-12-14T19:08:30", "published": "2011-12-14T19:08:30", "id": "SUSE-SU-2011:1317-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00014.html", "title": "Security update for jasper (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:22:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "Specially crafted JPEG2000 files could cause a heap buffer\n overflow in jasper (CVE-2011-4516, CVE-2011-4517)\n\n", "edition": 1, "modified": "2011-12-16T13:08:23", "published": "2011-12-16T13:08:23", "id": "OPENSUSE-SU-2011:1328-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00016.html", "type": "suse", "title": "jasper (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:29:41", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "The following issue has been fixed:\n\n * Specially crafted JPEG2000 files could cause a heap\n buffer overflow in jasper (CVE-2011-4516, CVE-2011-4517)\n", "edition": 1, "modified": "2011-12-12T02:08:33", "published": "2011-12-12T02:08:33", "id": "SUSE-SU-2011:1317-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html", "title": "Security update for jasper (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:45", "bulletinFamily": "software", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "Buffer overflow and memory corruption on JPEG2000 parsing.", "edition": 1, "modified": "2011-12-19T00:00:00", "published": "2011-12-19T00:00:00", "id": "SECURITYVULNS:VULN:12100", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12100", "title": "JasPer library security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "### Background\n\nThe JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 (jpeg2k) standard. \n\n### Description\n\nTwo vulnerabilities have been found in JasPer:\n\n * The jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c contains an error that could overwrite certain callback pointers, possibly causing a heap-based buffer overflow (CVE-2011-4516). \n * The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c uses an incorrect data type, possibly causing a heap-based buffer overflow (CVE-2011-4517). \n\n### Impact\n\nA remote attacker could entice a user or automated system to process specially crafted JPEG-2000 files with an application using JasPer, possibly resulting in the execution of arbitrary code with the privileges of the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll JasPer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/jasper-1.900.1-r4\"", "edition": 1, "modified": "2012-01-23T00:00:00", "published": "2012-01-23T00:00:00", "id": "GLSA-201201-10", "href": "https://security.gentoo.org/glsa/201201-10", "type": "gentoo", "title": "JasPer: User-assisted execution of arbitrary code", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4274"], "edition": 1, "description": "### Background\n\nNetpbm is a toolkit for manipulation of graphic images, including conversion of images between a variety of different formats. \n\n### Description\n\nA stack-based buffer overflow exists in converter/ppm/xpmtoppm.c in Netpbm. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted XMP file using Netpbm, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Netpbm users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/netpbm-10.49.00\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "modified": "2013-11-13T00:00:00", "published": "2013-11-13T00:00:00", "id": "GLSA-201311-08", "href": "https://security.gentoo.org/glsa/201311-08", "type": "gentoo", "title": "Netpbm: User-assisted arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:12:20", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2371-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 24, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : jasper\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4516 CVE-2011-4517 \n\nTwo buffer overflows were discovered in JasPer, a library for handling \nJPEG-2000 images, which could lead to the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem will be fixed in\nversion 1.900.1-5.1+lenny2. Due to technical limitations of the Debian\narchive software, the oldstable update cannot be released synchronously\nwith the stable update.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.900.1-7+squeeze1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your jasper packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-12-24T16:06:08", "published": "2011-12-24T16:06:08", "id": "DEBIAN:DSA-2371-1:30F91", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00250.html", "title": "[SECURITY] [DSA 2371-1] jasper security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:13:21", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4274"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2026-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nApril 02, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : netpbm-free\nVulnerability : stack-based buffer overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE Id : CVE-2009-4274\nDebian Bug : 569060\n\n\nMarc Schoenefeld discovered a stack-based buffer overflow in the XPM reader\nimplementation in netpbm-free, a suite of image manipulation utilities.\nAn attacker could cause a denial of service (application crash) or possibly\nexecute arbitrary code via an XPM image file that contains a crafted header\nfield associated with a large color index value.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2:10.0-12+lenny1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 2:10.0-12.1+squeeze1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.\n\nWe recommend that you upgrade your netpbm-free package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.dsc\n Size/MD5 checksum: 1170 fa9aeb6e0fea3225fd5052b0ec0367a1\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz\n Size/MD5 checksum: 1926538 985e9f6d531ac0b2004f5cbebdeea87d\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.diff.gz\n Size/MD5 checksum: 50581 1c11ea48609ce48dd8033e076d5600a4\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_alpha.deb\n Size/MD5 checksum: 85754 ee6a4c6985623b01251b2eea34f3b0ed\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_alpha.deb\n Size/MD5 checksum: 77066 3f446c0ba741db2fa3bcfd23d364dd49\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_alpha.deb\n Size/MD5 checksum: 1418402 ae06867d12399db5347715dc4ec2a7a9\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_alpha.deb\n Size/MD5 checksum: 138666 7a9f884eb231e458af1ecf0f3eccfa95\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_alpha.deb\n Size/MD5 checksum: 139220 815b677ff56f0ca1d565f9d0ae0fd783\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_amd64.deb\n Size/MD5 checksum: 1316736 fcc0ee53a1e98cdd555bf64082dff7de\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_amd64.deb\n Size/MD5 checksum: 121202 7b8458cfacab39974af0455f6cd1d740\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_amd64.deb\n Size/MD5 checksum: 79746 56f418df417d027e2424d57ac6196718\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_amd64.deb\n Size/MD5 checksum: 71600 0f9251a5ac278afd7c9ac0def7f542aa\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_amd64.deb\n Size/MD5 checksum: 121328 efaf769ff3769c8253af36a20facd612\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_arm.deb\n Size/MD5 checksum: 110038 de55f1c7285508902453d36280a3473a\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_arm.deb\n Size/MD5 checksum: 70448 9258f240185bff2f2aeb6e2acf7abe07\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_arm.deb\n Size/MD5 checksum: 1289442 e2155667bdef26b4a56082d1954aede2\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_arm.deb\n Size/MD5 checksum: 62610 88cb6d123e7585524c455f84cf7eee06\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_arm.deb\n Size/MD5 checksum: 109408 cb72adb5662a710cb95884cb7c7c3486\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_armel.deb\n Size/MD5 checksum: 1346838 74780ea09c6a52978e099966c7b082c8\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_armel.deb\n Size/MD5 checksum: 73150 69b0a60700bcfcf7dd2f4ff0fd9d3639\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_armel.deb\n Size/MD5 checksum: 111376 7a1c83e484415ed1612f7dbda0759a4b\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_armel.deb\n Size/MD5 checksum: 111524 26ce44e801847b99eb7ff4182a2ac513\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_armel.deb\n Size/MD5 checksum: 65690 424c79bb258ae1060dc3c162a6a224ff\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_hppa.deb\n Size/MD5 checksum: 128068 e89b255509ae53d3d471b3ea6b61a327\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_hppa.deb\n Size/MD5 checksum: 1353520 91538d1fbce976a3da0fce0686d266d7\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_hppa.deb\n Size/MD5 checksum: 83408 d64f90b2130a88a04ed91743a6b8c80d\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_hppa.deb\n Size/MD5 checksum: 127756 1a0ef4c73e013fc76812421d62b4f725\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_hppa.deb\n Size/MD5 checksum: 73956 2d9790dbc1b51b84c13ee3655a8f9c5f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_i386.deb\n Size/MD5 checksum: 71320 cd5419ceca00a00137544292cc81e65d\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_i386.deb\n Size/MD5 checksum: 112556 415cddd4ba07fa6c2d88728c6aa771ab\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_i386.deb\n Size/MD5 checksum: 65948 2bd2b8060fa1ad585f40c2b523e26ef2\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_i386.deb\n Size/MD5 checksum: 1232756 4cdd10ae0b4fc3c29b8e48b22db4b2ab\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_i386.deb\n Size/MD5 checksum: 112684 0c1eba758b1e845e998ec05dd2a20184\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_ia64.deb\n Size/MD5 checksum: 151460 24ce4061a129d4b7487269b52bd981ad\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_ia64.deb\n Size/MD5 checksum: 102784 a11907eeb23bd601e1fd1fe6f6b5b97d\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_ia64.deb\n Size/MD5 checksum: 1801030 c2d3b4e5df13a19fc37d3eae936f4242\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_ia64.deb\n Size/MD5 checksum: 150852 0e92c75557c5abc011209f997511b529\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_ia64.deb\n Size/MD5 checksum: 93860 74dcc6fe263a10b582a9f3338ac5678f\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_powerpc.deb\n Size/MD5 checksum: 72810 9246b314de363fb063d622c8dda26ad5\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_powerpc.deb\n Size/MD5 checksum: 121484 aec4928130710350d2f27799cfc93199\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_powerpc.deb\n Size/MD5 checksum: 1609076 8b142b29702b3b31772bbad6be09f667\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_powerpc.deb\n Size/MD5 checksum: 121488 32334965bde2c40bb1af211918884e6a\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_powerpc.deb\n Size/MD5 checksum: 85750 6fdf0f2c35f64a7828ac266d3cf32753\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_sparc.deb\n Size/MD5 checksum: 1247660 f7a873f8aec06b1226adfd146ebd7582\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_sparc.deb\n Size/MD5 checksum: 64146 ad097ce36cc8b23357ad249a5faaad72\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_sparc.deb\n Size/MD5 checksum: 70864 407a64c9358e99d5b827828a26b6affe\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_sparc.deb\n Size/MD5 checksum: 112638 b6e9adb2cb989bd992e962608ec58bfe\n http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_sparc.deb\n Size/MD5 checksum: 113266 144e281cbbab19fd283d3f664b3bc2d6\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2010-04-02T15:35:52", "published": "2010-04-02T15:35:52", "id": "DEBIAN:DSA-2026-1:4CAB8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00066.html", "title": "[SECURITY] [DSA 2026-1] New netpbm-free packages fix denial of service", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:42:01", "bulletinFamily": "info", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "### Overview \n\nSome versions of JasPer contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.\n\n### Description \n\nJasPer fails to properly decode marker segments and other sections in malformed JPEG2000 files. Malformed inputs can cause heap buffer overflows which in turn may result in execution of attacker-controlled code.\n\n**CVE-2011-4516**: `src/libjasper/jpc/jpc_cs.c: jpc_cox_getcompparms` \n \n`jpc_cox_getcomparms` is called as part of the decoding of a coding style default (COD) marker segment. The function populates a parameter struct (`jpc_msparms_t`) that is contained in a marker segment struct (`jpc_ms_t`). `jpc_cox_getcompparms` contains a loop that copies data from the input file to the `jpc_msparms_t` struct. The loop terminates on a value (`numrlvls`) derived from the input file: \n \n`for (i = 0; i < compparms->numrlvls; ++i) {` \n` if (jpc_getuint8(in, &tmp)) {` \n` jpc_cox_destroycompparms(compparms);` \n` return -1;` \n` }` \n` compparms->rlvls[i].parwidthval = tmp & 0xf;` \n` compparms->rlvls[i].parheightval = (tmp >> 4) & 0xf;` \n`}` \n`numrlvls` is read from the input file. The attacker can control `numrlvls` to overflow the `jpc_msparms_t` struct and copy attacker-controlled data from the input file into a struct of callback functions (`jpc_msops_s`) that appears in `jpc_ms_t` (`src/libjasper/jpc/jpc_cs.h`) just after `jpc_msparms_t`: \n \n`typedef struct {` \n \n` /* The type of marker segment. */` \n` uint_fast16_t id;` \n \n` /* The length of the marker segment. */` \n` uint_fast16_t len;` \n \n` /* The starting offset within the stream. */` \n` uint_fast32_t off;` \n \n` /* The parameters of the marker segment. */` \n` jpc_msparms_t parms;` \n \n` /* The marker segment operations. */` \n` struct jpc_msops_s *ops;` \n \n`} jpc_ms_t;` \n \nAny subsequent failures in decoding the marker segment will result in the `destroyparms` member of the callback struct being invoked as part of cleanup. If the attacker has overwritten this callback via the loop above, attacker-controlled values can be loaded into the program counter. \n \n**CVE-2011-4517**: `src/libjasper/jpc/jpc_cs.c: jpc_crg_getparms` \n \n`jpc_crg_getparms` is called as part of the decoding of a component registration (CRG) marker segment. This function populates a heap buffer with data derived from the input file (`in`). \n \nThe function contains an allocation size/type error. The heap buffer size is calculated using `sizeof(uint_fast16_t)` but the rest of the function assumes `sizeof(jpc_crgcomp_t)`. \n \n`jpc_crgcomp_t *comp;` \n`...` \n`if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) {` \n` return -1;` \n`}` \n`...` \n`for (compno = 0, comp = crg->comps; compno < cstate->numcomps;` \n`++compno, ++comp) {` \n` if (jpc_getuint16(in, &comp->hoff) ||` \n` jpc_getuint16(in, &comp->voff)) {` \n` jpc_crg_destroyparms(ms);` \n` return -1;` \n` }` \n`}` \n \nThe attacker can overwrite the bytes after `crg->comp` in memory with arbitrary data. This is a heap buffer overflow, which is generally considered exploitable. \n \nThere are additional security implications here as well, however. The loop above is controlled by `cstate->numcomps` (`cstate` as one member: `numcomps`). `cstate` is allocated in a calling function, and is often allocated just before `crg->comp`. On some platforms the heap chunk allocated for `cstate` is located just after the heap chunk allocated for `crg->comp`, separated by only 4 bytes of heap accounting info. The accounting info + `cstate` (8 bytes after `crg->comp`) can be overwritten with bytes from the input file via the loop above. In these cases, the attacker can place a large number in `cstate->numcomps` to make the loop above iterate past the expected bound of `crg->comps` and copy an arbitrary number of bytes from the input file into heap (a heap buffer overflow). This enables the attacker to perform well-known heap exploitations, as well as allowing the attacker to overwrite other active heap allocations such as the callback pointers referenced in the previous bug description. \n \n--- \n \n### Impact \n\nBy tricking a user into opening or previewing an image file in an application that decodes images with the JasPer library, an attacker can execute arbitrary code or cause a denial-of-service crash. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nUsers who obtain JasPer from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors. \n \n--- \n \nPlease consider the following workarounds: \n \n**Avoid processing malicious image files** \n \nTurn off image preview features in file browsers and other applications that use the JasPer library. Avoid opening image attachments from untrusted or unrecognized sources. \n \n--- \n \n### Vendor Information\n\n887409\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Artifex Software, Inc. Affected\n\nUpdated: June 14, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Debian GNU/Linux Affected\n\nNotified: October 20, 2011 Updated: June 14, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Affected\n\nNotified: October 20, 2011 Updated: December 08, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Affected\n\nNotified: October 20, 2011 Updated: June 14, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oracle Corporation Affected\n\nNotified: October 20, 2011 Updated: March 02, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html>\n\n### Red Hat, Inc. Affected\n\nNotified: October 20, 2011 Updated: December 08, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SUSE Linux Affected\n\nNotified: October 20, 2011 Updated: December 08, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Affected\n\nNotified: October 20, 2011 Updated: December 08, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apple Inc. __ Not Affected\n\nNotified: October 20, 2011 Updated: December 08, 2011 \n\n**Statement Date: October 22, 2011**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`The library in question is not used in any version of OS X or iOS.`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks, Inc. __ Not Affected\n\nNotified: October 20, 2011 Updated: December 08, 2011 \n\n**Statement Date: December 02, 2011**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Juniper Networks products are not susceptible to this vulnerability.`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux __ Not Affected\n\nNotified: October 20, 2011 Updated: December 08, 2011 \n\n**Statement Date: December 05, 2011**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Our products do not use JasPer.`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DragonFly BSD Project Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD Project Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Google Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Infoblox Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mandriva S. A. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Corporation Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SafeNet Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: October 20, 2011 Updated: October 20, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 43 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 9 | AV:N/AC:M/Au:N/C:C/I:C/A:P \nTemporal | 7 | E:POC/RL:OF/RC:C \nEnvironmental | 7.1 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://www.ece.uvic.ca/~frodo/jasper/>\n * <http://cwe.mitre.org/data/definitions/122.html>\n * <http://cwe.mitre.org/data/definitions/843.html>\n\n### Acknowledgements\n\nThese vulnerabilities were discovered by Jonathan Foote of the CERT/CC.\n\nThis document was written by Jonathan Foote.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2011-4516](<http://web.nvd.nist.gov/vuln/detail/CVE-2011-4516>), [CVE-2011-4517](<http://web.nvd.nist.gov/vuln/detail/CVE-2011-4517>) \n---|--- \n**Severity Metric:** | 3.58 \n**Date Public:** | 2011-12-08 \n**Date First Published:** | 2011-12-08 \n**Date Last Updated: ** | 2012-06-14 12:35 UTC \n**Document Revision: ** | 41 \n", "modified": "2012-06-14T12:35:00", "published": "2011-12-08T00:00:00", "id": "VU:887409", "href": "https://www.kb.cert.org/vuls/id/887409", "type": "cert", "title": "JasPer memory corruption vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:34:22", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2011-4517"], "description": "Jonathan Foote discovered that JasPer incorrectly handled certain malformed \nJPEG-2000 image files. If a user were tricked into opening a specially \ncrafted JPEG-2000 image file, a remote attacker could cause JasPer to crash \nor possibly execute arbitrary code with user privileges.", "edition": 5, "modified": "2011-12-20T00:00:00", "published": "2011-12-20T00:00:00", "id": "USN-1315-1", "href": "https://ubuntu.com/security/notices/USN-1315-1", "title": "JasPer vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:31:09", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4274"], "description": "Marc Schoenefeld discovered a buffer overflow in Netpbm when loading \ncertain images. If a user or automated system were tricked into opening a \nspecially crafted XPM image, a remote attacker could crash Netpbm. The \ndefault compiler options for affected releases should reduce the \nvulnerability to a denial of service.", "edition": 5, "modified": "2010-04-29T00:00:00", "published": "2010-04-29T00:00:00", "id": "USN-934-1", "href": "https://ubuntu.com/security/notices/USN-934-1", "title": "Netpbm vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:38", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2008-3522", "CVE-2008-3520", "CVE-2011-4517"], "description": "\nFedora reports:\n\nJasPer fails to properly decode marker segments and other\n\t sections in malformed JPEG2000 files. Malformed inputs can\n\t cause heap buffer overflows which in turn may result in\n\t execution of attacker-controlled code.\n\n", "edition": 4, "modified": "2011-12-09T00:00:00", "published": "2011-12-09T00:00:00", "id": "8FF84335-A7DA-11E2-B3F5-003067C2616F", "href": "https://vuxml.freebsd.org/freebsd/8ff84335-a7da-11e2-b3f5-003067c2616f.html", "title": "jasper -- buffer overflow", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4516", "CVE-2014-8137", "CVE-2014-9029", "CVE-2011-4517"], "description": "- CVE-2014-8137 (arbitrary code execution)\nA double free flaw was found in the way JasPer parsed ICC color profiles\nin JPEG 2000 image files. A specially crafted file could cause an\napplication using JasPer to crash or, possibly, execute arbitrary code.\n\n- CVE-2014-9029 (arbitrary code execution)\nMultiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2)\njpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and\nearlier allow remote attackers to execute arbitrary code via a crafted\njp2 file, which triggers a heap-based buffer overflow.\n\n- CVE-2011-4516 (arbitrary code execution)\nHeap-based buffer overflow in the jpc_cox_getcompparms function in\nlibjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption)\nvia a crafted numrlvls value in a coding style default (COD) marker\nsegment in a JPEG2000 file.\n\n- CVE-2011-4517 (arbitrary code execution)\nThe jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer\n1.900.1 uses an incorrect data type during a certain size calculation,\nwhich allows remote attackers to trigger a heap-based buffer overflow\nand execute arbitrary code, or cause a denial of service (heap memory\ncorruption), via a crafted component registration (CRG) marker segment\nin a JPEG2000 file.", "modified": "2014-12-19T00:00:00", "published": "2014-12-19T00:00:00", "id": "ASA-201412-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html", "type": "archlinux", "title": "jasper: arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}