Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0051)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0051

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0051)

Resumen: The remote host is missing an update for the 'openjpeg2' package(s) announced via the MGASA-2017-0051 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openjpeg2' package(s) announced via the MGASA-2017-0051 advisory.

Vulnerability Insight:
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl
function in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112)

There is a NULL pointer dereference in function imagetobmp of
convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned
a value after initialization(NULL). Impact is Denial of Service.
(CVE-2016-9113)

There is a NULL Pointer Access in function imagetopnm of
convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not
assigned a value after initialization(NULL). Impact is Denial of
Service. (CVE-2016-9114)

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in
OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted
j2k file. (CVE-2016-9115)

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in
OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted
j2k file. (CVE-2016-9116)

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in
OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted
j2k file. (CVE-2016-9117)

Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of
convert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118)

Affected Software/OS:
'openjpeg2' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-9112
BugTraq ID: 93978
http://www.securityfocus.com/bid/93978
https://security.gentoo.org/glsa/201710-26
https://github.com/uclouvain/openjpeg/issues/855
https://www.oracle.com/security-alerts/cpujul2020.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9113
BugTraq ID: 93980
http://www.securityfocus.com/bid/93980
https://github.com/uclouvain/openjpeg/issues/856
Common Vulnerability Exposure (CVE) ID: CVE-2016-9114
BugTraq ID: 93979
http://www.securityfocus.com/bid/93979
https://github.com/uclouvain/openjpeg/issues/857
Common Vulnerability Exposure (CVE) ID: CVE-2016-9115
BugTraq ID: 93977
http://www.securityfocus.com/bid/93977
https://github.com/uclouvain/openjpeg/issues/858
Common Vulnerability Exposure (CVE) ID: CVE-2016-9116
BugTraq ID: 93975
http://www.securityfocus.com/bid/93975
https://github.com/uclouvain/openjpeg/issues/859
Common Vulnerability Exposure (CVE) ID: CVE-2016-9117
BugTraq ID: 93783
http://www.securityfocus.com/bid/93783
https://github.com/uclouvain/openjpeg/issues/860
Common Vulnerability Exposure (CVE) ID: CVE-2016-9118
BugTraq ID: 93976
http://www.securityfocus.com/bid/93976
Debian Security Information: DSA-4013 (Google Search)
http://www.debian.org/security/2017/dsa-4013
https://github.com/uclouvain/openjpeg/issues/861

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0051
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0051)
Resumen:	The remote host is missing an update for the 'openjpeg2' package(s) announced via the MGASA-2017-0051 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openjpeg2' package(s) announced via the MGASA-2017-0051 advisory. Vulnerability Insight: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112) There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9113) There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9114) Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9115) NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9116) NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9117) Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118) Affected Software/OS: 'openjpeg2' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9112 BugTraq ID: 93978 http://www.securityfocus.com/bid/93978 https://security.gentoo.org/glsa/201710-26 https://github.com/uclouvain/openjpeg/issues/855 https://www.oracle.com/security-alerts/cpujul2020.html https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9113 BugTraq ID: 93980 http://www.securityfocus.com/bid/93980 https://github.com/uclouvain/openjpeg/issues/856 Common Vulnerability Exposure (CVE) ID: CVE-2016-9114 BugTraq ID: 93979 http://www.securityfocus.com/bid/93979 https://github.com/uclouvain/openjpeg/issues/857 Common Vulnerability Exposure (CVE) ID: CVE-2016-9115 BugTraq ID: 93977 http://www.securityfocus.com/bid/93977 https://github.com/uclouvain/openjpeg/issues/858 Common Vulnerability Exposure (CVE) ID: CVE-2016-9116 BugTraq ID: 93975 http://www.securityfocus.com/bid/93975 https://github.com/uclouvain/openjpeg/issues/859 Common Vulnerability Exposure (CVE) ID: CVE-2016-9117 BugTraq ID: 93783 http://www.securityfocus.com/bid/93783 https://github.com/uclouvain/openjpeg/issues/860 Common Vulnerability Exposure (CVE) ID: CVE-2016-9118 BugTraq ID: 93976 http://www.securityfocus.com/bid/93976 Debian Security Information: DSA-4013 (Google Search) http://www.debian.org/security/2017/dsa-4013 https://github.com/uclouvain/openjpeg/issues/861
Copyright	Copyright (C) 2022 Greenbone AG