English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2020.0337
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2020-0337)
Resumen:The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2020-0337 advisory.
Descripción:Summary:
The remote host is missing an update for the 'jasper' package(s) announced via the MGASA-2020-0337 advisory.

Vulnerability Insight:
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote
attackers to cause a denial of service (invalid read) via a crafted image
(CVE-2017-6851).

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in
JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted
image (CVE-2017-6852).

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via a crafted image, related to the
jp2_decode function in libjasper/jp2/jp2_dec.c (CVE-2017-9782).

There is a reachable assertion abort in the function jpc_dec_process_sot() in
jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service
attack by triggering an unexpected jpc_ppmstabtostreams return value (CVE-2017-13745).

There is a reachable assertion abort in the function jpc_dec_process_siz() in
jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of
service attack (CVE-2017-13746).

There are lots of memory leaks in JasPer 2.0.12, triggered in the function
jas_strdup() in base/jas_string.c, that will lead to a remote denial of
service attack (CVE-2017-13748).

There is a reachable assertion abort in the function jpc_pi_nextrpcl() in
jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service
attack (CVE-2017-13749).

There is a reachable assertion abort in the function jpc_dec_process_siz() in
jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of
service attack (CVE-2017-13750).

There is a reachable assertion abort in the function calcstepsizes() in
jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service
attack (CVE-2017-13751).

JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via a crafted image, related to the
jas_image_ishomosamp function in libjasper/base/jas_image.c (CVE-2017-14132).

JasPer 2.0.14 allows denial of service via a reachable assertion in the
function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c (CVE-2018-9252).

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference
in the function ras_putdatastd in ras/ras_enc.c (CVE-2018-18873).

An issue has been found in JasPer 2.0.14. There is a memory leak in
jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c (CVE-2018-19139).

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer
over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c
(CVE-2018-19543).

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read
(CVE-2018-20570).

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when
'--output-format jp2' is used (CVE-2018-20622).

Affected Software/OS:
'jasper' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-13745
BugTraq ID: 100514
http://www.securityfocus.com/bid/100514
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
https://security.gentoo.org/glsa/201908-03
https://bugzilla.redhat.com/show_bug.cgi?id=1485274
https://www.oracle.com/security-alerts/cpuapr2020.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-13746
https://bugzilla.redhat.com/show_bug.cgi?id=1485286
Common Vulnerability Exposure (CVE) ID: CVE-2017-13748
https://bugzilla.redhat.com/show_bug.cgi?id=1485287
https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-13749
https://bugzilla.redhat.com/show_bug.cgi?id=1485285
Common Vulnerability Exposure (CVE) ID: CVE-2017-13750
https://bugzilla.redhat.com/show_bug.cgi?id=1485280
Common Vulnerability Exposure (CVE) ID: CVE-2017-13751
https://bugzilla.redhat.com/show_bug.cgi?id=1485283
Common Vulnerability Exposure (CVE) ID: CVE-2017-14132
https://github.com/mdadams/jasper/issues/147
SuSE Security Announcement: openSUSE-SU-2020:1517 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html
SuSE Security Announcement: openSUSE-SU-2020:1523 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-6851
https://blogs.gentoo.org/ago/2017/01/25/jasper-invalid-memory-read-in-jas_matrix_bindsub-jas_seq-c/
https://github.com/mdadams/jasper/issues/113
Common Vulnerability Exposure (CVE) ID: CVE-2017-6852
https://blogs.gentoo.org/ago/2017/01/25/jasper-heap-based-buffer-overflow-in-jpc_dec_decodepkt-jpc_t2dec-c/
https://github.com/mdadams/jasper/issues/114
Common Vulnerability Exposure (CVE) ID: CVE-2017-9782
https://github.com/mdadams/jasper/issues/140
Common Vulnerability Exposure (CVE) ID: CVE-2018-18873
https://github.com/mdadams/jasper/issues/184
https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-19139
BugTraq ID: 105956
http://www.securityfocus.com/bid/105956
https://github.com/mdadams/jasper/issues/188
Common Vulnerability Exposure (CVE) ID: CVE-2018-19543
https://github.com/mdadams/jasper/issues/182
Common Vulnerability Exposure (CVE) ID: CVE-2018-20570
https://github.com/mdadams/jasper/issues/191
Common Vulnerability Exposure (CVE) ID: CVE-2018-20622
BugTraq ID: 106373
http://www.securityfocus.com/bid/106373
https://github.com/mdadams/jasper/issues/193
Common Vulnerability Exposure (CVE) ID: CVE-2018-9252
https://github.com/mdadams/jasper/issues/173
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.