CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.1%
The version of qt5-qtimageformats installed on the remote host is prior to 5.9.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1679 advisory.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16().
The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25011)
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25014)
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36328)
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36329)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1679.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(151270);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/07/01");
script_cve_id(
"CVE-2018-25011",
"CVE-2018-25014",
"CVE-2020-36328",
"CVE-2020-36329"
);
script_xref(name:"ALAS", value:"2021-1679");
script_name(english:"Amazon Linux 2 : qt5-qtimageformats (ALAS-2021-1679)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of qt5-qtimageformats installed on the remote host is prior to 5.9.2-1. It is, therefore, affected by
multiple vulnerabilities as referenced in the ALAS2-2021-1679 advisory.
- A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16().
The highest threat from this vulnerability is to data confidentiality and integrity as well as system
availability. (CVE-2018-25011)
- A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function
ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as
system availability. (CVE-2018-25014)
- A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function
WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36328)
- A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being
killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as
well as system availability. (CVE-2020-36329)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2021-1679.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-25011");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-25014");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-36328");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-36329");
script_set_attribute(attribute:"solution", value:
"Run 'yum update qt5-qtimageformats' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-36329");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/21");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qt5-qtimageformats");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qt5-qtimageformats-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qt5-qtimageformats-doc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
pkgs = [
{'reference':'qt5-qtimageformats-5.9.2-1.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'qt5-qtimageformats-5.9.2-1.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'qt5-qtimageformats-5.9.2-1.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'qt5-qtimageformats-debuginfo-5.9.2-1.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'qt5-qtimageformats-debuginfo-5.9.2-1.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'qt5-qtimageformats-debuginfo-5.9.2-1.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'qt5-qtimageformats-doc-5.9.2-1.amzn2.0.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt5-qtimageformats / qt5-qtimageformats-debuginfo / qt5-qtimageformats-doc");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
access.redhat.com/security/cve/CVE-2018-25011
access.redhat.com/security/cve/CVE-2018-25014
access.redhat.com/security/cve/CVE-2020-36328
access.redhat.com/security/cve/CVE-2020-36329
alas.aws.amazon.com/AL2/ALAS-2021-1679.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
81.1%