ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0481
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0481)
Resumen:	The remote host is missing an update for the 'openjpeg2' package(s) announced via the MGASA-2017-0481 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openjpeg2' package(s) announced via the MGASA-2017-0481 advisory. Vulnerability Insight: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (CVE-2017-14039). An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (CVE-2017-14040). A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (CVE-2017-14041). A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (CVE-2017-14164). Affected Software/OS: 'openjpeg2' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14039 BugTraq ID: 100550 http://www.securityfocus.com/bid/100550 Debian Security Information: DSA-4013 (Google Search) http://www.debian.org/security/2017/dsa-4013 https://security.gentoo.org/glsa/201710-26 https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/ https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e https://github.com/uclouvain/openjpeg/issues/992 Common Vulnerability Exposure (CVE) ID: CVE-2017-14040 BugTraq ID: 100553 http://www.securityfocus.com/bid/100553 https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/ https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281 https://github.com/uclouvain/openjpeg/issues/995 Common Vulnerability Exposure (CVE) ID: CVE-2017-14041 BugTraq ID: 100555 http://www.securityfocus.com/bid/100555 https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/ https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 https://github.com/uclouvain/openjpeg/issues/997 Common Vulnerability Exposure (CVE) ID: CVE-2017-14164 BugTraq ID: 100677 http://www.securityfocus.com/bid/100677 https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/ https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a https://github.com/uclouvain/openjpeg/issues/991
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.