Test ID:	1.3.6.1.4.1.25623.1.1.10.2017.0481
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2017-0481)
Summary:	The remote host is missing an update for the 'openjpeg2' package(s) announced via the MGASA-2017-0481 advisory.
Description:	Summary: The remote host is missing an update for the 'openjpeg2' package(s) announced via the MGASA-2017-0481 advisory. Vulnerability Insight: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (CVE-2017-14039). An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (CVE-2017-14040). A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (CVE-2017-14041). A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (CVE-2017-14164). Affected Software/OS: 'openjpeg2' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14039 BugTraq ID: 100550 http://www.securityfocus.com/bid/100550 Debian Security Information: DSA-4013 (Google Search) http://www.debian.org/security/2017/dsa-4013 https://security.gentoo.org/glsa/201710-26 https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/ https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e https://github.com/uclouvain/openjpeg/issues/992 Common Vulnerability Exposure (CVE) ID: CVE-2017-14040 BugTraq ID: 100553 http://www.securityfocus.com/bid/100553 https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/ https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281 https://github.com/uclouvain/openjpeg/issues/995 Common Vulnerability Exposure (CVE) ID: CVE-2017-14041 BugTraq ID: 100555 http://www.securityfocus.com/bid/100555 https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/ https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 https://github.com/uclouvain/openjpeg/issues/997 Common Vulnerability Exposure (CVE) ID: CVE-2017-14164 BugTraq ID: 100677 http://www.securityfocus.com/bid/100677 https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/ https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a https://github.com/uclouvain/openjpeg/issues/991
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.