Description
The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
Related
{"id": "RH:CVE-2017-5505", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2017-5505", "description": "The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.\n", "published": "2017-01-24T14:18:08", "modified": "2020-12-11T21:57:38", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/cve-2017-5505", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1416068"], "cvelist": ["CVE-2017-5505"], "immutableFields": [], "lastseen": "2021-09-02T22:52:26", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-5505"]}, {"type": "freebsd", "idList": ["6842AC7E-D250-11EA-B9B7-08002728F74C"]}, {"type": "gentoo", "idList": ["GLSA-201908-03"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1804.NASL", "EULEROS_SA-2021-2387.NASL", "FREEBSD_PKG_6842AC7ED25011EAB9B708002728F74C.NASL", "GENTOO_GLSA-201908-03.NASL", "OPENSUSE-2020-1517.NASL", "OPENSUSE-2020-1523.NASL", "SUSE_SU-2020-2689-1.NASL", "SUSE_SU-2020-2690-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1517-1", "OPENSUSE-SU-2020:1523-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5505"]}], "rev": 4}, "score": {"value": 4.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-5505"]}, {"type": "freebsd", "idList": ["6842AC7E-D250-11EA-B9B7-08002728F74C"]}, {"type": "gentoo", "idList": ["GLSA-201908-03"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201908-03.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1517-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5505"]}]}, "exploitation": null, "vulnersScore": 4.1}, "vendorCvss": {"score": "4.4", "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}, "_state": {"dependencies": 1645887066}}
{"ubuntucve": [{"lastseen": "2021-11-22T21:43:27", "description": "The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote\nattackers to cause a denial of service (invalid memory read and crash) via\na crafted image.\n\n#### Bugs\n\n * <https://github.com/mdadams/jasper/issues/88>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | introduced in 1.900.25\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-16T00:00:00", "type": "ubuntucve", "title": "CVE-2017-5505", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5505"], "modified": "2017-03-16T00:00:00", "id": "UB:CVE-2017-5505", "href": "https://ubuntu.com/security/CVE-2017-5505", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T17:49:27", "description": "The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-03-16T15:59:00", "type": "cve", "title": "CVE-2017-5505", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5505"], "modified": "2020-09-25T12:15:00", "cpe": ["cpe:/a:jasper_project:jasper:1.900.27"], "id": "CVE-2017-5505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5505", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:jasper_project:jasper:1.900.27:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T12:03:06", "description": "According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.(CVE-2021-26926)\n\n - A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder.\n A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.(CVE-2021-3467)\n\n - A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.(CVE-2021-3443)\n\n - The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-5503)\n\n - The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.(CVE-2017-5505)\n\n - The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.(CVE-2017-5504)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : jasper (EulerOS-SA-2021-1804)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2021-26926", "CVE-2021-3443", "CVE-2021-3467"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:jasper-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1804.NASL", "href": "https://www.tenable.com/plugins/nessus/149183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149183);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2017-5503\",\n \"CVE-2017-5504\",\n \"CVE-2017-5505\",\n \"CVE-2021-26926\",\n \"CVE-2021-3443\",\n \"CVE-2021-3467\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : jasper (EulerOS-SA-2021-1804)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the jasper package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in jasper before 2.0.25. An out of\n bounds read issue was found in jp2_decode function whic\n may lead to disclosure of information or program\n crash.(CVE-2021-26926)\n\n - A NULL pointer dereference flaw was found in the way\n Jasper versions before 2.0.26 handled component\n references in CDEF box in the JP2 image format decoder.\n A specially crafted JP2 image file could cause an\n application using the Jasper library to crash when\n opened.(CVE-2021-3467)\n\n - A NULL pointer dereference flaw was found in the way\n Jasper versions before 2.0.27 handled component\n references in the JP2 image format decoder. A specially\n crafted JP2 image file could cause an application using\n the Jasper library to crash when opened.(CVE-2021-3443)\n\n - The dec_clnpass function in libjasper/jpc/jpc_t1dec.c\n in JasPer 1.900.27 allows remote attackers to cause a\n denial of service (invalid memory write and crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-5503)\n\n - The jas_matrix_asl function in jas_seq.c in JasPer\n 1.900.27 allows remote attackers to cause a denial of\n service (invalid memory read and crash) via a crafted\n image.(CVE-2017-5505)\n\n - The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in\n JasPer 1.900.27 allows remote attackers to cause a\n denial of service (invalid memory read and crash) via a\n crafted image.(CVE-2017-5504)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1804\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c33051eb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jasper packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:jasper-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"jasper-libs-1.900.1-33.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-09-18T00:08:11", "description": "According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.(CVE-2021-26926)\n\n - The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.(CVE-2017-5503)\n\n - The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.(CVE-2017-5504)\n\n - The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.(CVE-2017-5505)\n\n - A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.(CVE-2021-3443)\n\n - A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder.\n A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.(CVE-2021-3467)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : jasper (EulerOS-SA-2021-2387)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2021-26926", "CVE-2021-3443", "CVE-2021-3467"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:jasper-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2387.NASL", "href": "https://www.tenable.com/plugins/nessus/153268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153268);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2017-5503\",\n \"CVE-2017-5504\",\n \"CVE-2017-5505\",\n \"CVE-2021-26926\",\n \"CVE-2021-3443\",\n \"CVE-2021-3467\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : jasper (EulerOS-SA-2021-2387)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the jasper package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in jasper before 2.0.25. An out of\n bounds read issue was found in jp2_decode function whic\n may lead to disclosure of information or program\n crash.(CVE-2021-26926)\n\n - The dec_clnpass function in libjasper/jpc/jpc_t1dec.c\n in JasPer 1.900.27 allows remote attackers to cause a\n denial of service (invalid memory write and crash) or\n possibly have unspecified other impact via a crafted\n image.(CVE-2017-5503)\n\n - The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in\n JasPer 1.900.27 allows remote attackers to cause a\n denial of service (invalid memory read and crash) via a\n crafted image.(CVE-2017-5504)\n\n - The jas_matrix_asl function in jas_seq.c in JasPer\n 1.900.27 allows remote attackers to cause a denial of\n service (invalid memory read and crash) via a crafted\n image.(CVE-2017-5505)\n\n - A NULL pointer dereference flaw was found in the way\n Jasper versions before 2.0.27 handled component\n references in the JP2 image format decoder. A specially\n crafted JP2 image file could cause an application using\n the Jasper library to crash when opened.(CVE-2021-3443)\n\n - A NULL pointer dereference flaw was found in the way\n Jasper versions before 2.0.26 handled component\n references in CDEF box in the JP2 image format decoder.\n A specially crafted JP2 image file could cause an\n application using the Jasper library to crash when\n opened.(CVE-2021-3467)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2387\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a65819c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jasper packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26926\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:jasper-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"jasper-libs-1.900.1-33.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-02-19T12:16:56", "description": "This update for jasper fixes the following issues :\n\n - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).\n\n - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).\n\n - CVE-2017-5499: Validate component depth bit (bsc#1020451).\n\n - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).\n\n - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).\n\n - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).\n\n - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).\n\n - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).\n\n - CVE-2018-18873: Fix NULL pointer deref in ras_putdatastd (bsc#1114498).\n\n - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).\n\n - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).\n\n - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807).\n\n - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : jasper (openSUSE-2020-1523)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9398", "CVE-2016-9399", "CVE-2017-14132", "CVE-2017-5499", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19543", "CVE-2018-20570", "CVE-2018-20622", "CVE-2018-9252"], "modified": "2020-10-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jasper", "p-cpe:/a:novell:opensuse:jasper-debuginfo", "p-cpe:/a:novell:opensuse:jasper-debugsource", "p-cpe:/a:novell:opensuse:libjasper-devel", "p-cpe:/a:novell:opensuse:libjasper4", "p-cpe:/a:novell:opensuse:libjasper4-32bit", "p-cpe:/a:novell:opensuse:libjasper4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjasper4-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1523.NASL", "href": "https://www.tenable.com/plugins/nessus/141070", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1523.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141070);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/05\");\n\n script_cve_id(\"CVE-2016-9398\", \"CVE-2016-9399\", \"CVE-2017-14132\", \"CVE-2017-5499\", \"CVE-2017-5503\", \"CVE-2017-5504\", \"CVE-2017-5505\", \"CVE-2017-9782\", \"CVE-2018-18873\", \"CVE-2018-19139\", \"CVE-2018-19543\", \"CVE-2018-20570\", \"CVE-2018-20622\", \"CVE-2018-9252\");\n\n script_name(english:\"openSUSE Security Update : jasper (openSUSE-2020-1523)\");\n script_summary(english:\"Check for the openSUSE-2020-1523 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for jasper fixes the following issues :\n\n - CVE-2016-9398: Improved patch for already fixed issue\n (bsc#1010979).\n\n - CVE-2016-9399: Fix assert in calcstepsizes\n (bsc#1010980).\n\n - CVE-2017-5499: Validate component depth bit\n (bsc#1020451).\n\n - CVE-2017-5503: Check bounds in jas_seq2d_bindsub()\n (bsc#1020456).\n\n - CVE-2017-5504: Check bounds in jas_seq2d_bindsub()\n (bsc#1020458).\n\n - CVE-2017-5505: Check bounds in jas_seq2d_bindsub()\n (bsc#1020460).\n\n - CVE-2017-14132: Fix heap base overflow in by checking\n components (bsc#1057152).\n\n - CVE-2018-9252: Fix reachable assertion in\n jpc_abstorelstepsize (bsc#1088278).\n\n - CVE-2018-18873: Fix NULL pointer deref in ras_putdatastd\n (bsc#1114498).\n\n - CVE-2018-19139: Fix mem leaks by registering\n jpc_unk_destroyparms (bsc#1115637).\n\n - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans\n mixup (bsc#1117328).\n\n - CVE-2018-20570: Fix heap based buffer over-read in\n jp2_encode (bsc#1120807).\n\n - CVE-2018-20622: Fix memory leak in jas_malloc.c\n (bsc#1120805).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120807\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"jasper-2.0.14-lp152.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"jasper-debuginfo-2.0.14-lp152.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"jasper-debugsource-2.0.14-lp152.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjasper-devel-2.0.14-lp152.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjasper4-2.0.14-lp152.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjasper4-debuginfo-2.0.14-lp152.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjasper4-32bit-2.0.14-lp152.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjasper4-32bit-debuginfo-2.0.14-lp152.7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / jasper-debuginfo / jasper-debugsource / libjasper-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:47:21", "description": "This update for jasper fixes the following issues :\n\nCVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).\n\nCVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).\n\nCVE-2017-5499: Validate component depth bit (bsc#1020451).\n\nCVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).\n\nCVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).\n\nCVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).\n\nCVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).\n\nCVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).\n\nCVE-2018-18873: Fix NULL pointer deref in ras_putdatastd (bsc#1114498).\n\nCVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).\n\nCVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).\n\nCVE-2018-20570: Fix heap-based buffer over-read in jp2_encode (bsc#1120807).\n\nCVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : jasper (SUSE-SU-2020:2689-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9398", "CVE-2016-9399", "CVE-2017-14132", "CVE-2017-5499", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19543", "CVE-2018-20570", "CVE-2018-20622", "CVE-2018-9252"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:jasper", "p-cpe:/a:novell:suse_linux:jasper-debuginfo", "p-cpe:/a:novell:suse_linux:jasper-debugsource", "p-cpe:/a:novell:suse_linux:libjasper-devel", "p-cpe:/a:novell:suse_linux:libjasper4", "p-cpe:/a:novell:suse_linux:libjasper4-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2689-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143883", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2689-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143883);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2016-9398\", \"CVE-2016-9399\", \"CVE-2017-14132\", \"CVE-2017-5499\", \"CVE-2017-5503\", \"CVE-2017-5504\", \"CVE-2017-5505\", \"CVE-2017-9782\", \"CVE-2018-18873\", \"CVE-2018-19139\", \"CVE-2018-19543\", \"CVE-2018-20570\", \"CVE-2018-20622\", \"CVE-2018-9252\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : jasper (SUSE-SU-2020:2689-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for jasper fixes the following issues :\n\nCVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).\n\nCVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).\n\nCVE-2017-5499: Validate component depth bit (bsc#1020451).\n\nCVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).\n\nCVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).\n\nCVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).\n\nCVE-2017-14132: Fix heap base overflow in by checking components\n(bsc#1057152).\n\nCVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize\n(bsc#1088278).\n\nCVE-2018-18873: Fix NULL pointer deref in ras_putdatastd\n(bsc#1114498).\n\nCVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms\n(bsc#1115637).\n\nCVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup\n(bsc#1117328).\n\nCVE-2018-20570: Fix heap-based buffer over-read in jp2_encode\n(bsc#1120807).\n\nCVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9398/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14132/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5499/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5504/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18873/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20570/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20622/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9252/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202689-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a79158b1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2689=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2689=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2689=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2689=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2689=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjasper4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjasper4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"jasper-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"jasper-debuginfo-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"jasper-debugsource-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjasper-devel-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjasper4-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjasper4-debuginfo-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"jasper-debuginfo-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"jasper-debugsource-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjasper-devel-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjasper4-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjasper4-debuginfo-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"jasper-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"jasper-debuginfo-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"jasper-debugsource-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjasper-devel-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjasper4-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjasper4-debuginfo-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"jasper-debuginfo-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"jasper-debugsource-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjasper-devel-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjasper4-2.0.14-3.16.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjasper4-debuginfo-2.0.14-3.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T12:16:26", "description": "This update for jasper fixes the following issues :\n\n - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).\n\n - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).\n\n - CVE-2017-5499: Validate component depth bit (bsc#1020451).\n\n - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).\n\n - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).\n\n - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).\n\n - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).\n\n - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).\n\n - CVE-2018-18873: Fix NULL pointer deref in ras_putdatastd (bsc#1114498).\n\n - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).\n\n - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).\n\n - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807).\n\n - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : jasper (openSUSE-2020-1517)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9398", "CVE-2016-9399", "CVE-2017-14132", "CVE-2017-5499", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19543", "CVE-2018-20570", "CVE-2018-20622", "CVE-2018-9252"], "modified": "2020-10-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jasper", "p-cpe:/a:novell:opensuse:jasper-debuginfo", "p-cpe:/a:novell:opensuse:jasper-debugsource", "p-cpe:/a:novell:opensuse:libjasper-devel", "p-cpe:/a:novell:opensuse:libjasper4", "p-cpe:/a:novell:opensuse:libjasper4-32bit", "p-cpe:/a:novell:opensuse:libjasper4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjasper4-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1517.NASL", "href": "https://www.tenable.com/plugins/nessus/141151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1517.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141151);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/07\");\n\n script_cve_id(\"CVE-2016-9398\", \"CVE-2016-9399\", \"CVE-2017-14132\", \"CVE-2017-5499\", \"CVE-2017-5503\", \"CVE-2017-5504\", \"CVE-2017-5505\", \"CVE-2017-9782\", \"CVE-2018-18873\", \"CVE-2018-19139\", \"CVE-2018-19543\", \"CVE-2018-20570\", \"CVE-2018-20622\", \"CVE-2018-9252\");\n\n script_name(english:\"openSUSE Security Update : jasper (openSUSE-2020-1517)\");\n script_summary(english:\"Check for the openSUSE-2020-1517 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for jasper fixes the following issues :\n\n - CVE-2016-9398: Improved patch for already fixed issue\n (bsc#1010979).\n\n - CVE-2016-9399: Fix assert in calcstepsizes\n (bsc#1010980).\n\n - CVE-2017-5499: Validate component depth bit\n (bsc#1020451).\n\n - CVE-2017-5503: Check bounds in jas_seq2d_bindsub()\n (bsc#1020456).\n\n - CVE-2017-5504: Check bounds in jas_seq2d_bindsub()\n (bsc#1020458).\n\n - CVE-2017-5505: Check bounds in jas_seq2d_bindsub()\n (bsc#1020460).\n\n - CVE-2017-14132: Fix heap base overflow in by checking\n components (bsc#1057152).\n\n - CVE-2018-9252: Fix reachable assertion in\n jpc_abstorelstepsize (bsc#1088278).\n\n - CVE-2018-18873: Fix NULL pointer deref in ras_putdatastd\n (bsc#1114498).\n\n - CVE-2018-19139: Fix mem leaks by registering\n jpc_unk_destroyparms (bsc#1115637).\n\n - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans\n mixup (bsc#1117328).\n\n - CVE-2018-20570: Fix heap based buffer over-read in\n jp2_encode (bsc#1120807).\n\n - CVE-2018-20622: Fix memory leak in jas_malloc.c\n (bsc#1120805).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120807\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected jasper packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjasper4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"jasper-2.0.14-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"jasper-debuginfo-2.0.14-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"jasper-debugsource-2.0.14-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjasper-devel-2.0.14-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjasper4-2.0.14-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjasper4-debuginfo-2.0.14-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjasper4-32bit-2.0.14-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjasper4-32bit-debuginfo-2.0.14-lp151.4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper / jasper-debuginfo / jasper-debugsource / libjasper-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:48:12", "description": "This update for jasper fixes the following issues :\n\nCVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).\n\nCVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).\n\nCVE-2016-9397: Fix assert in jpc_dequantize (bsc#1010786).\n\nCVE-2016-9557: Fix signed integer overflow (bsc#1011829).\n\nCVE-2017-5499: Validate component depth bit (bsc#1020451).\n\nCVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).\n\nCVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).\n\nCVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).\n\nCVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).\n\nCVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115).\n\nCVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).\n\nCVE-2018-18873: Fix NULL pointer deref in ras_putdatastd (bsc#1114498).\n\nCVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).\n\nCVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).\n\nCVE-2018-20570: Fix heap-based buffer over-read in jp2_encode (bsc#1120807).\n\nCVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : jasper (SUSE-SU-2020:2690-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9397", "CVE-2016-9398", "CVE-2016-9399", "CVE-2016-9557", "CVE-2017-14132", "CVE-2017-5499", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19543", "CVE-2018-20570", "CVE-2018-20622", "CVE-2018-9154", "CVE-2018-9252"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:jasper-debuginfo", "p-cpe:/a:novell:suse_linux:jasper-debugsource", "p-cpe:/a:novell:suse_linux:libjasper1", "p-cpe:/a:novell:suse_linux:libjasper1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2690-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2690-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143645);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2016-9397\", \"CVE-2016-9398\", \"CVE-2016-9399\", \"CVE-2016-9557\", \"CVE-2017-14132\", \"CVE-2017-5499\", \"CVE-2017-5503\", \"CVE-2017-5504\", \"CVE-2017-5505\", \"CVE-2017-9782\", \"CVE-2018-18873\", \"CVE-2018-19139\", \"CVE-2018-19543\", \"CVE-2018-20570\", \"CVE-2018-20622\", \"CVE-2018-9154\", \"CVE-2018-9252\");\n\n script_name(english:\"SUSE SLES12 Security Update : jasper (SUSE-SU-2020:2690-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for jasper fixes the following issues :\n\nCVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).\n\nCVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).\n\nCVE-2016-9397: Fix assert in jpc_dequantize (bsc#1010786).\n\nCVE-2016-9557: Fix signed integer overflow (bsc#1011829).\n\nCVE-2017-5499: Validate component depth bit (bsc#1020451).\n\nCVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).\n\nCVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).\n\nCVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).\n\nCVE-2017-14132: Fix heap base overflow in by checking components\n(bsc#1057152).\n\nCVE-2018-9154: Fixed a potential denial of service in\njpc_dec_process_sot() (bsc#1092115).\n\nCVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize\n(bsc#1088278).\n\nCVE-2018-18873: Fix NULL pointer deref in ras_putdatastd\n(bsc#1114498).\n\nCVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms\n(bsc#1115637).\n\nCVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup\n(bsc#1117328).\n\nCVE-2018-20570: Fix heap-based buffer over-read in jp2_encode\n(bsc#1120807).\n\nCVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9398/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9557/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14132/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5499/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5504/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18873/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20570/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20622/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9252/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202690-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c86658e1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2690=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2690=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jasper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jasper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjasper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjasper1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"jasper-debuginfo-1.900.14-195.22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"jasper-debugsource-1.900.14-195.22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjasper1-1.900.14-195.22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjasper1-32bit-1.900.14-195.22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjasper1-debuginfo-1.900.14-195.22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjasper1-debuginfo-32bit-1.900.14-195.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasper\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-15T13:59:03", "description": "JasPer NEWS :\n\n- Fix CVE-2018-9154\n\n- Fix CVE-2018-19541\n\n- Fix CVE-2016-9399, CVE-2017-13751\n\n- Fix CVE-2018-19540\n\n- Fix CVE-2018-9055\n\n- Fix CVE-2017-13748\n\n- Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505\n\n- Fix CVE-2018-9252\n\n- Fix CVE-2018-19139\n\n- Fix CVE-2018-19543, CVE-2017-9782\n\n- Fix CVE-2018-20570\n\n- Fix CVE-2018-20622\n\n- Fix CVE-2016-9398\n\n- Fix CVE-2017-14132\n\n- Fix CVE-2017-5499\n\n- Fix CVE-2018-18873\n\n- Fix CVE-2017-13750", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-26T00:00:00", "type": "nessus", "title": "FreeBSD : jasper -- multiple vulnerabilities (6842ac7e-d250-11ea-b9b7-08002728f74c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9398", "CVE-2016-9399", "CVE-2017-13748", "CVE-2017-13750", "CVE-2017-13751", "CVE-2017-14132", "CVE-2017-5499", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19543", "CVE-2018-20570", "CVE-2018-20622", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:jasper", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6842AC7ED25011EAB9B708002728F74C.NASL", "href": "https://www.tenable.com/plugins/nessus/139830", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139830);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2016-9398\",\n \"CVE-2016-9399\",\n \"CVE-2017-5499\",\n \"CVE-2017-5503\",\n \"CVE-2017-5504\",\n \"CVE-2017-5505\",\n \"CVE-2017-9782\",\n \"CVE-2017-13748\",\n \"CVE-2017-13750\",\n \"CVE-2017-13751\",\n \"CVE-2017-14132\",\n \"CVE-2018-9055\",\n \"CVE-2018-9154\",\n \"CVE-2018-9252\",\n \"CVE-2018-18873\",\n \"CVE-2018-19139\",\n \"CVE-2018-19540\",\n \"CVE-2018-19541\",\n \"CVE-2018-19543\",\n \"CVE-2018-20570\",\n \"CVE-2018-20622\"\n );\n\n script_name(english:\"FreeBSD : jasper -- multiple vulnerabilities (6842ac7e-d250-11ea-b9b7-08002728f74c)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"JasPer NEWS :\n\n- Fix CVE-2018-9154\n\n- Fix CVE-2018-19541\n\n- Fix CVE-2016-9399, CVE-2017-13751\n\n- Fix CVE-2018-19540\n\n- Fix CVE-2018-9055\n\n- Fix CVE-2017-13748\n\n- Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505\n\n- Fix CVE-2018-9252\n\n- Fix CVE-2018-19139\n\n- Fix CVE-2018-19543, CVE-2017-9782\n\n- Fix CVE-2018-20570\n\n- Fix CVE-2018-20622\n\n- Fix CVE-2016-9398\n\n- Fix CVE-2017-14132\n\n- Fix CVE-2017-5499\n\n- Fix CVE-2018-18873\n\n- Fix CVE-2017-13750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/jasper-software/jasper/blob/master/NEWS\");\n # https://vuxml.freebsd.org/freebsd/6842ac7e-d250-11ea-b9b7-08002728f74c.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?98df3505\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19543\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-19541\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"jasper<2.0.20\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T12:44:09", "description": "The remote host is affected by the vulnerability described in GLSA-201908-03 (JasPer: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "GLSA-201908-03 : JasPer: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000050", "CVE-2017-13745", "CVE-2017-13746", "CVE-2017-13747", "CVE-2017-13748", "CVE-2017-13749", "CVE-2017-13750", "CVE-2017-13751", "CVE-2017-13752", "CVE-2017-13753", "CVE-2017-14132", "CVE-2017-14229", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-6851", "CVE-2017-6852", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-20584", "CVE-2018-9055", "CVE-2018-9154"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:jasper", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201908-03.NASL", "href": "https://www.tenable.com/plugins/nessus/127561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201908-03.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127561);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2017-1000050\", \"CVE-2017-13745\", \"CVE-2017-13746\", \"CVE-2017-13747\", \"CVE-2017-13748\", \"CVE-2017-13749\", \"CVE-2017-13750\", \"CVE-2017-13751\", \"CVE-2017-13752\", \"CVE-2017-13753\", \"CVE-2017-14132\", \"CVE-2017-14229\", \"CVE-2017-5503\", \"CVE-2017-5504\", \"CVE-2017-5505\", \"CVE-2017-6851\", \"CVE-2017-6852\", \"CVE-2017-9782\", \"CVE-2018-18873\", \"CVE-2018-20584\", \"CVE-2018-9055\", \"CVE-2018-9154\");\n script_xref(name:\"GLSA\", value:\"201908-03\");\n\n script_name(english:\"GLSA-201908-03 : JasPer: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201908-03\n(JasPer: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in JasPer. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201908-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"JasPer is no longer maintained upstream and contains many\n vulnerabilities which remain unaddressed. Gentoo users are advised to\n unmerge this package.\n # emerge --unmerge media-libs/jasper\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/jasper\", unaffected:make_list(), vulnerable:make_list(\"le 2.0.16\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JasPer\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:41:06", "description": "An update that fixes 14 vulnerabilities is now available.\n\nDescription:\n\n This update for jasper fixes the following issues:\n\n - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).\n - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).\n - CVE-2017-5499: Validate component depth bit (bsc#1020451).\n - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).\n - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).\n - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).\n - CVE-2017-14132: Fix heap base overflow in by checking components\n (bsc#1057152).\n - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize\n (bsc#1088278).\n - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498).\n - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms\n (bsc#1115637).\n - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup\n (bsc#1117328).\n - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode\n (bsc#1120807).\n - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1517=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-24T00:00:00", "type": "suse", "title": "Security update for jasper (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9398", "CVE-2016-9399", "CVE-2017-14132", "CVE-2017-5499", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19543", "CVE-2018-20570", "CVE-2018-20622", "CVE-2018-9252"], "modified": "2020-09-24T00:00:00", "id": "OPENSUSE-SU-2020:1517-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZNYUBLSX2ZSBGFVNDEMDDHDZ2UPLCJR2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:41:06", "description": "An update that fixes 14 vulnerabilities is now available.\n\nDescription:\n\n This update for jasper fixes the following issues:\n\n - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).\n - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).\n - CVE-2017-5499: Validate component depth bit (bsc#1020451).\n - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).\n - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).\n - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).\n - CVE-2017-14132: Fix heap base overflow in by checking components\n (bsc#1057152).\n - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize\n (bsc#1088278).\n - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498).\n - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms\n (bsc#1115637).\n - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup\n (bsc#1117328).\n - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode\n (bsc#1120807).\n - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1523=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-25T00:00:00", "type": "suse", "title": "Security update for jasper (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9398", "CVE-2016-9399", "CVE-2017-14132", "CVE-2017-5499", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19543", "CVE-2018-20570", "CVE-2018-20622", "CVE-2018-9252"], "modified": "2020-09-25T00:00:00", "id": "OPENSUSE-SU-2020:1523-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XELIATUTDCJHZIDKI34SIWLYOQXNSG3Q/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nJasPer NEWS:\n\n- Fix CVE-2018-9154\n- Fix CVE-2018-19541\n- Fix CVE-2016-9399, CVE-2017-13751\n- Fix CVE-2018-19540\n- Fix CVE-2018-9055\n- Fix CVE-2017-13748\n- Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505\n- Fix CVE-2018-9252\n- Fix CVE-2018-19139\n- Fix CVE-2018-19543, CVE-2017-9782\n- Fix CVE-2018-20570\n- Fix CVE-2018-20622\n- Fix CVE-2016-9398\n- Fix CVE-2017-14132\n- Fix CVE-2017-5499\n- Fix CVE-2018-18873\n- Fix CVE-2017-13750\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-28T00:00:00", "type": "freebsd", "title": "jasper -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9398", "CVE-2016-9399", "CVE-2017-13748", "CVE-2017-13750", "CVE-2017-13751", "CVE-2017-14132", "CVE-2017-5499", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19543", "CVE-2018-20570", "CVE-2018-20622", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252"], "modified": "2020-09-05T00:00:00", "id": "6842AC7E-D250-11EA-B9B7-08002728F74C", "href": "https://vuxml.freebsd.org/freebsd/6842ac7e-d250-11ea-b9b7-08002728f74c.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:03:31", "description": "### Background\n\nJasPer is a software-based implementation of the codec specified in the JPEG-2000 Part-1 standard. \n\n### Description\n\nMultiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nJasPer is no longer maintained upstream and contains many vulnerabilities which remain unaddressed. Gentoo users are advised to unmerge this package. \n \n \n # emerge --unmerge media-libs/jasper", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-09T00:00:00", "type": "gentoo", "title": "JasPer: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000050", "CVE-2017-13745", "CVE-2017-13746", "CVE-2017-13747", "CVE-2017-13748", "CVE-2017-13749", "CVE-2017-13750", "CVE-2017-13751", "CVE-2017-13752", "CVE-2017-13753", "CVE-2017-14132", "CVE-2017-14229", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2017-6851", "CVE-2017-6852", "CVE-2017-9782", "CVE-2018-18873", "CVE-2018-20584", "CVE-2018-9055", "CVE-2018-9154"], "modified": "2019-08-28T00:00:00", "id": "GLSA-201908-03", "href": "https://security.gentoo.org/glsa/201908-03", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2017-5505
