openSUSE-SU-2019:1315

[oss-security] 20161117 Re: jasper: multiple assertion failures

94379

RHSA-2018:3253

RHSA-2018:3505

https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure

https://bugzilla.redhat.com/show_bug.cgi?id=1396978

https://bugzilla.redhat.com/show_bug.cgi?id=1485272

FEDORA-2021-0a6290f865

FEDORA-2021-2b151590d9

USN-3693-1

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-0a6290f865 advisory.

  - The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause     a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. (CVE-2016-9396)

  - The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of     service (assertion failure) via unspecified vectors. (CVE-2016-9397)

  - The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a     denial of service (assertion failure) via unspecified vectors. (CVE-2016-9398)

  - The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of     service (assertion failure) via unspecified vectors. (CVE-2016-9399)

  - There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer     2.0.12 that will lead to a remote denial of service attack by triggering an unexpected     jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. (CVE-2017-13745)

  - There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer     2.0.12 that will lead to a remote denial of service attack. (CVE-2017-13746)

  - There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12     that will lead to a remote denial of service attack. (CVE-2017-13747)

  - There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in     base/jas_string.c, that will lead to a remote denial of service attack. (CVE-2017-13748)

  - There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12     that will lead to a remote denial of service attack. (CVE-2017-13749)

  - There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer     2.0.12 that will lead to a remote denial of service attack. (CVE-2017-13750)

  - There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12     that will lead to a remote denial of service attack. (CVE-2017-13751)

  - There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12     that will lead to a remote denial of service attack. (CVE-2017-13752)

  - JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17,     1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27,     1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8,     2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of     service (heap-based buffer over-read and application crash) via a crafted image, related to the     jas_image_ishomosamp function in libjasper/base/jas_image.c. (CVE-2017-14132)

  - JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check     to see if the image contained at least one component resulting in a denial-of-service. (CVE-2017-1000050)

  - There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an     attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality,     integrity, or application availability. (CVE-2020-27828)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-2b151590d9 advisory.

  - The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause     a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. (CVE-2016-9396)

  - The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of     service (assertion failure) via unspecified vectors. (CVE-2016-9397)

  - The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a     denial of service (assertion failure) via unspecified vectors. (CVE-2016-9398)

  - The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of     service (assertion failure) via unspecified vectors. (CVE-2016-9399)

  - There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer     2.0.12 that will lead to a remote denial of service attack by triggering an unexpected     jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. (CVE-2017-13745)

  - There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer     2.0.12 that will lead to a remote denial of service attack. (CVE-2017-13746)

  - There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12     that will lead to a remote denial of service attack. (CVE-2017-13747)

  - There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in     base/jas_string.c, that will lead to a remote denial of service attack. (CVE-2017-13748)

  - There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12     that will lead to a remote denial of service attack. (CVE-2017-13749)

  - There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer     2.0.12 that will lead to a remote denial of service attack. (CVE-2017-13750)

  - There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12     that will lead to a remote denial of service attack. (CVE-2017-13751)

  - There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12     that will lead to a remote denial of service attack. (CVE-2017-13752)

  - JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17,     1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27,     1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8,     2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of     service (heap-based buffer over-read and application crash) via a crafted image, related to the     jas_image_ishomosamp function in libjasper/base/jas_image.c. (CVE-2017-14132)

  - JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check     to see if the image contained at least one component resulting in a denial-of-service. (CVE-2017-1000050)

  - There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an     attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality,     integrity, or application availability. (CVE-2020-27828)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the jasper package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - JasPer 2.0.12 is vulnerable to a NULL pointer exception     in the function jp2_encode which failed to check to see     if the image contained at least one component resulting     in a denial-of-service.(CVE-2017-1000050)

  - The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in     JasPer through 2.0.12 allows remote attackers to cause     a denial of service (JPC_COX_RFT assertion failure) via     unspecified vectors.(CVE-2016-9396)

  - An issue was discovered in JasPer 2.0.14. There is a     heap-based buffer over-read of size 8 in the function     jas_image_depalettize in     libjasper/base/jas_image.c.(CVE-2018-19541)

  - An issue was discovered in JasPer 2.0.14. There is a     heap-based buffer overflow of size 1 in the function     jas_icctxtdesc_input in     libjasper/base/jas_icc.c.(CVE-2018-19540)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for jasper fixes the following issues :

Security issues fixed :

CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508).

CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507).

CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505).

CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511).

CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has jasper packages installed that are affected by multiple vulnerabilities:

  - The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in     JasPer through 2.0.12 allows remote attackers to cause a     denial of service (JPC_COX_RFT assertion failure) via     unspecified vectors. (CVE-2016-9396)

  - JasPer 2.0.12 is vulnerable to a NULL pointer exception     in the function jp2_encode which failed to check to see     if the image contained at least one component resulting     in a denial-of-service. (CVE-2017-1000050)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for jasper fixes the following issues :

Security issues fixed :

  - CVE-2018-19542: Fixed a denial of service in jp2_decode     (bsc#1117505).

  - CVE-2018-19539: Fixed a denial of service in     jas_image_readcmpt (bsc#1117511).

  - CVE-2016-9396: Fixed a denial of service in     jpc_cox_getcompparms (bsc#1010783).

This update was imported from the SUSE:SLE-15:Update update project.

This update for jasper fixes the following issues :

Security issues fixed :

CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505).

CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511).

CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.(CVE-2016-9396)

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.(CVE-2017-1000050)

CVE-2016-9396

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - jasper: reachable assertion in JPC_NOMINALGAIN()     (CVE-2016-9396)

  - jasper: NULL pointer exception in jp2_encode()     (CVE-2017-1000050)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security Fix(es) :

  - jasper: reachable assertion in JPC_NOMINALGAIN()     (CVE-2016-9396)

  - jasper: NULL pointer exception in jp2_encode()     (CVE-2017-1000050)

An update for jasper is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Security Fix(es) :

* jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396)

* jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

From Red Hat Security Advisory 2018:3253 :

An update for jasper is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Security Fix(es) :

* jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396)

* jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
146125	Fedora 32 : jasper (2021-0a6290f865)	Nessus	Fedora Local Security Checks	high
145784	Fedora 33 : jasper (2021-2b151590d9)	Nessus	Fedora Local Security Checks	high
131497	EulerOS Virtualization for ARM 64 3.0.3.0 : jasper (EulerOS-SA-2019-2332)	Nessus	Huawei Local Security Checks	high
129553	SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2019:2513-1)	Nessus	SuSE Local Security Checks	high
127270	NewStart CGSL CORE 5.04 / MAIN 5.04 : jasper Multiple Vulnerabilities (NS-SA-2019-0069)	Nessus	NewStart CGSL Local Security Checks	high
124584	openSUSE Security Update : jasper (openSUSE-2019-1315)	Nessus	SuSE Local Security Checks	high
124295	SUSE SLED15 / SLES15 Security Update : jasper (SUSE-SU-2019:1018-1)	Nessus	SuSE Local Security Checks	high
121363	Amazon Linux 2 : jasper (ALAS-2019-1150)	Nessus	Amazon Linux Local Security Checks	high
120882	Fedora 28 : jasper (2018-ec39fe2c9c)	Nessus	Fedora Local Security Checks	high
119906	EulerOS 2.0 SP2 : jasper (EulerOS-SA-2018-1417)	Nessus	Huawei Local Security Checks	high
119517	EulerOS 2.0 SP3 : jasper (EulerOS-SA-2018-1389)	Nessus	Huawei Local Security Checks	high
119185	Scientific Linux Security Update : jasper on SL7.x x86_64 (20181030)	Nessus	Scientific Linux Local Security Checks	high
119002	CentOS 7 : jasper (CESA-2018:3253)	Nessus	CentOS Local Security Checks	high
118782	Oracle Linux 7 : jasper (ELSA-2018-3253)	Nessus	Oracle Linux Local Security Checks	high
118539	RHEL 7 : jasper (RHSA-2018:3253)	Nessus	Red Hat Local Security Checks	high
110765	Ubuntu 14.04 LTS / 16.04 LTS : JasPer vulnerabilities (USN-3693-1)	Nessus	Ubuntu Local Security Checks	high
110303	Fedora 27 : jasper (2018-e6df7fcf75)	Nessus	Fedora Local Security Checks	high

CVE-2016-9396

HIGH

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high