Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1614.NASL
HistoryDec 24, 2018 - 12:00 a.m.

Debian DLA-1614-1 : openjpeg2 security update

2018-12-2400:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
35

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.3%

JSON

Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec.

CVE-2018-6616

Excessive iteration in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

CVE-2018-14423

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in (lib/openjp3d/pi.c). Remote attackers could leverage this vulnerability to cause a denial of service (application crash).

For Debian 8 ‘Jessie’, these problems have been fixed in version 2.1.0-2+deb8u6.

We recommend that you upgrade your openjpeg2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1614-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(119849);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2018-14423", "CVE-2018-6616");

  script_name(english:"Debian DLA-1614-1 : openjpeg2 security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities have been discovered in openjpeg2, the
open-source JPEG 2000 codec.

CVE-2018-6616

Excessive iteration in the opj_t1_encode_cblks function
(openjp2/t1.c). Remote attackers could leverage this vulnerability to
cause a denial of service via a crafted bmp file.

CVE-2018-14423

Division-by-zero vulnerabilities in the functions pi_next_pcrl,
pi_next_cprl, and pi_next_rpcl in (lib/openjp3d/pi.c). Remote
attackers could leverage this vulnerability to cause a denial of
service (application crash).

For Debian 8 'Jessie', these problems have been fixed in version
2.1.0-2+deb8u6.

We recommend that you upgrade your openjpeg2 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2018/12/msg00013.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/openjpeg2"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp2-7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp2-7-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp2-7-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp3d-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjp3d7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjpip-dec-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjpip-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjpip-viewer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libopenjpip7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libopenjp2-7", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjp2-7-dbg", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjp2-7-dev", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjp2-tools", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjp3d-tools", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjp3d7", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjpip-dec-server", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjpip-server", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjpip-viewer", reference:"2.1.0-2+deb8u6")) flag++;
if (deb_check(release:"8.0", prefix:"libopenjpip7", reference:"2.1.0-2+deb8u6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlibopenjp2-7p-cpe:/a:debian:debian_linux:libopenjp2-7
debiandebian_linuxlibopenjp2-7-dbgp-cpe:/a:debian:debian_linux:libopenjp2-7-dbg
debiandebian_linuxlibopenjp2-7-devp-cpe:/a:debian:debian_linux:libopenjp2-7-dev
debiandebian_linuxlibopenjp2-toolsp-cpe:/a:debian:debian_linux:libopenjp2-tools
debiandebian_linuxlibopenjp3d-toolsp-cpe:/a:debian:debian_linux:libopenjp3d-tools
debiandebian_linuxlibopenjp3d7p-cpe:/a:debian:debian_linux:libopenjp3d7
debiandebian_linuxlibopenjpip-dec-serverp-cpe:/a:debian:debian_linux:libopenjpip-dec-server
debiandebian_linuxlibopenjpip-serverp-cpe:/a:debian:debian_linux:libopenjpip-server
debiandebian_linuxlibopenjpip-viewerp-cpe:/a:debian:debian_linux:libopenjpip-viewer
debiandebian_linuxlibopenjpip7p-cpe:/a:debian:debian_linux:libopenjpip7
Rows per page:
1-10 of 111

Related

openvas 29
debian 4
osv 5
nvd 3
ubuntu 1
nessus 28
cloudfoundry 1
cve 3
mageia 3
redhatcve 3
cvelist 3
ubuntucve 4
debiancve 3
prion 3
alpinelinux 3
veracode 1
fedora 4
freebsd 1
suse 2
archlinux 1
amazon 1
oracle 1
openvas
openvas
Debian: Security Advisory (DLA-1614-1)
2018-12-27 00:00:00
Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2020-1020)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-4109-1)
2019-08-22 00:00:00
debian
debian
[SECURITY] [DLA 1614-1] openjpeg2 security update
2018-12-22 13:57:35
[SECURITY] [DSA 4405-1] openjpeg2 security update
2019-03-10 14:35:51
[SECURITY] [DSA 4405-1] openjpeg2 security update
2019-03-10 14:35:51
osv
osv
openjpeg2 - security update
2018-12-22 00:00:00
CVE-2018-14423
2018-07-19 19:29:00
openjpeg2 - security update
2019-03-10 00:00:00
nvd
nvd
CVE-2018-14423
2018-07-19 19:29:00
CVE-2018-6616
2018-02-04 22:29:00
CVE-2019-12973
2019-06-26 18:15:10
ubuntu
ubuntu
OpenJPEG vulnerabilities
2019-08-21 00:00:00
nessus
nessus
Debian DSA-4405-1 : openjpeg2 - security update
2019-03-11 00:00:00
EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2020-1020)
2020-01-02 00:00:00
Ubuntu 18.04 LTS : OpenJPEG vulnerabilities (USN-4109-1)
2019-08-22 00:00:00
cloudfoundry
cloudfoundry
USN-4109-1: OpenJPEG vulnerabilities | Cloud Foundry
2019-08-29 00:00:00
cve
cve
CVE-2018-14423
2018-07-19 19:29:00
CVE-2018-6616
2018-02-04 22:29:00
CVE-2019-12973
2019-06-26 18:15:10
mageia
mageia
Updated openjpeg2 packages fix security vulnerability
2019-03-29 18:51:06
Updated openjpeg2 packages fix security vulnerability
2019-12-06 17:15:42
Updated openjpeg2 packages fix security vulnerabilities
2019-01-05 21:30:16
redhatcve
redhatcve
CVE-2018-14423
2019-05-14 12:24:33
CVE-2018-6616
2019-04-11 20:50:14
CVE-2019-12973
2020-04-08 05:22:37
cvelist
cvelist
CVE-2018-14423
2018-07-19 19:00:00
CVE-2018-6616
2018-02-04 22:00:00
CVE-2019-12973
2019-06-26 17:07:51
ubuntucve
ubuntucve
CVE-2018-14423
2018-07-19 00:00:00
CVE-2018-6616
2018-02-04 00:00:00
CVE-2018-20845
2019-06-26 00:00:00
debiancve
debiancve
CVE-2018-14423
2018-07-19 19:29:00
CVE-2018-6616
2018-02-04 22:29:00
CVE-2019-12973
2019-06-26 18:15:10
prion
prion
Design/Logic Flaw
2018-07-19 19:29:00
Design/Logic Flaw
2018-02-04 22:29:00
Code injection
2019-06-26 18:15:00
alpinelinux
alpinelinux
CVE-2018-14423
2018-07-19 19:29:00
CVE-2018-6616
2018-02-04 22:29:00
CVE-2019-12973
2019-06-26 18:15:10
veracode
veracode
Denial Of Service (DoS)
2021-02-03 07:31:02
fedora
fedora
[SECURITY] Fedora 29 Update: openjpeg2-2.3.0-10.fc29
2018-12-24 06:08:36
[SECURITY] Fedora 29 Update: mingw-openjpeg2-2.3.0-6.fc29
2018-12-24 06:08:36
[SECURITY] Fedora 28 Update: openjpeg2-2.3.0-10.fc28
2018-12-29 02:26:15
freebsd
freebsd
OpenJPEG -- multiple vulnerabilities
2017-12-08 00:00:00
suse
suse
Security update for openjpeg2 (important)
2022-04-19 00:00:00
Security update for openjpeg (important)
2022-04-21 00:00:00
archlinux
archlinux
[ASA-202012-21] openjpeg2: multiple issues
2020-12-09 00:00:00
amazon
amazon
Medium: openjpeg2
2022-01-18 21:37:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.3%

JSON
Related for DEBIAN_DLA-1614.NASL
openvas29debian4osv5nvd3ubuntu1nessus28cloudfoundry1cve3mageia3redhatcve3cvelist3ubuntucve4debiancve3prion3alpinelinux3veracode1fedora4freebsd1suse2archlinux1amazon1oracle1