[oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)

96595

RHSA-2018:3253

RHSA-2018:3505

GLSA-201908-03

USN-3693-1

According to the versions of the jasper package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - JasPer 2.0.12 is vulnerable to a NULL pointer exception     in the function jp2_encode which failed to check to see     if the image contained at least one component resulting     in a denial-of-service.(CVE-2017-1000050)

  - The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in     JasPer through 2.0.12 allows remote attackers to cause     a denial of service (JPC_COX_RFT assertion failure) via     unspecified vectors.(CVE-2016-9396)

  - An issue was discovered in JasPer 2.0.14. There is a     heap-based buffer over-read of size 8 in the function     jas_image_depalettize in     libjasper/base/jas_image.c.(CVE-2018-19541)

  - An issue was discovered in JasPer 2.0.14. There is a     heap-based buffer overflow of size 1 in the function     jas_icctxtdesc_input in     libjasper/base/jas_icc.c.(CVE-2018-19540)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201908-03 (JasPer: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in JasPer. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has jasper packages installed that are affected by multiple vulnerabilities:

  - The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in     JasPer through 2.0.12 allows remote attackers to cause a     denial of service (JPC_COX_RFT assertion failure) via     unspecified vectors. (CVE-2016-9396)

  - JasPer 2.0.12 is vulnerable to a NULL pointer exception     in the function jp2_encode which failed to check to see     if the image contained at least one component resulting     in a denial-of-service. (CVE-2017-1000050)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.(CVE-2016-9396)

JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.(CVE-2017-1000050)

According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - jasper: reachable assertion in JPC_NOMINALGAIN()     (CVE-2016-9396)

  - jasper: NULL pointer exception in jp2_encode()     (CVE-2017-1000050)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security Fix(es) :

  - jasper: reachable assertion in JPC_NOMINALGAIN()     (CVE-2016-9396)

  - jasper: NULL pointer exception in jp2_encode()     (CVE-2017-1000050)

An update for jasper is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Security Fix(es) :

* jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396)

* jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

From Red Hat Security Advisory 2018:3253 :

An update for jasper is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard.

Security Fix(es) :

* jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396)

* jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for jasper fixes the following issues: Security issues fixed :

  - CVE-2016-9262: Multiple integer overflows in the     jas_realloc function in base/jas_malloc.c and mem_resize     function in base/jas_stream.c allow remote attackers to     cause a denial of service via a crafted image, which     triggers use after free vulnerabilities. (bsc#1009994)

  - CVE-2016-9388: The ras_getcmap function in ras_dec.c     allows remote attackers to cause a denial of service     (assertion failure) via a crafted image file.
    (bsc#1010975)

  - CVE-2016-9389: The jpc_irct and jpc_iict functions in     jpc_mct.c allow remote attackers to cause a denial of     service (assertion failure). (bsc#1010968)

  - CVE-2016-9390: The jas_seq2d_create function in     jas_seq.c allows remote attackers to cause a denial of     service (assertion failure) via a crafted image file.
    (bsc#1010774)

  - CVE-2016-9391: The jpc_bitstream_getbits function in     jpc_bs.c allows remote attackers to cause a denial of     service (assertion failure) via a very large integer.
    (bsc#1010782)

  - CVE-2017-1000050: The jp2_encode function in jp2_enc.c     allows remote attackers to cause a denial of service.
    (bsc#1047958) CVEs already fixed with previous update :

  - CVE-2016-9392: The calcstepsizes function in jpc_dec.c     allows remote attackers to cause a denial of service     (assertion failure) via a crafted file. (bsc#1010757)

  - CVE-2016-9393: The jpc_pi_nextrpcl function in     jpc_t2cod.c allows remote attackers to cause a denial of     service (assertion failure) via a crafted file.
    (bsc#1010766)

  - CVE-2016-9394: The jas_seq2d_create function in     jas_seq.c allows remote attackers to cause a denial of     service (assertion failure) via a crafted file.
    (bsc#1010756)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Rebase to the latest upstream version 2.0.14. This update contains security fix for CVS -2017-1000050.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for jasper fixes the following issues :

Security issues fixed :

  - CVE-2016-9262: Multiple integer overflows in the     jas_realloc function in base/jas_malloc.c and mem_resize     function in base/jas_stream.c allow remote attackers to     cause a denial of service via a crafted image, which     triggers use after free vulnerabilities. (bsc#1009994)

  - CVE-2016-9388: The ras_getcmap function in ras_dec.c     allows remote attackers to cause a denial of service     (assertion failure) via a crafted image file.
    (bsc#1010975)

  - CVE-2016-9389: The jpc_irct and jpc_iict functions in     jpc_mct.c allow remote attackers to cause a denial of     service (assertion failure). (bsc#1010968)

  - CVE-2016-9390: The jas_seq2d_create function in     jas_seq.c allows remote attackers to cause a denial of     service (assertion failure) via a crafted image file.
    (bsc#1010774)

  - CVE-2016-9391: The jpc_bitstream_getbits function in     jpc_bs.c allows remote attackers to cause a denial of     service (assertion failure) via a very large integer.
    (bsc#1010782)

  - CVE-2017-1000050: The jp2_encode function in jp2_enc.c     allows remote attackers to cause a denial of service.
    (bsc#1047958)

CVEs already fixed with previous update :

  - CVE-2016-9392: The calcstepsizes function in jpc_dec.c     allows remote attackers to cause a denial of service     (assertion failure) via a crafted file. (bsc#1010757)

  - CVE-2016-9393: The jpc_pi_nextrpcl function in     jpc_t2cod.c allows remote attackers to cause a denial of     service (assertion failure) via a crafted file.
    (bsc#1010766)

  - CVE-2016-9394: The jas_seq2d_create function in     jas_seq.c allows remote attackers to cause a denial of     service (assertion failure) via a crafted file.
    (bsc#1010756)

This update was imported from the SUSE:SLE-12:Update update project.

ID	Name	Product	Family	Severity
131497	EulerOS Virtualization for ARM 64 3.0.3.0 : jasper (EulerOS-SA-2019-2332)	Nessus	Huawei Local Security Checks	medium
127561	GLSA-201908-03 : JasPer: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
127270	NewStart CGSL CORE 5.04 / MAIN 5.04 : jasper Multiple Vulnerabilities (NS-SA-2019-0069)	Nessus	NewStart CGSL Local Security Checks	medium
121363	Amazon Linux 2 : jasper (ALAS-2019-1150)	Nessus	Amazon Linux Local Security Checks	medium
119906	EulerOS 2.0 SP2 : jasper (EulerOS-SA-2018-1417)	Nessus	Huawei Local Security Checks	medium
119517	EulerOS 2.0 SP3 : jasper (EulerOS-SA-2018-1389)	Nessus	Huawei Local Security Checks	medium
119185	Scientific Linux Security Update : jasper on SL7.x x86_64 (20181030)	Nessus	Scientific Linux Local Security Checks	medium
119002	CentOS 7 : jasper (CESA-2018:3253)	Nessus	CentOS Local Security Checks	medium
118782	Oracle Linux 7 : jasper (ELSA-2018-3253)	Nessus	Oracle Linux Local Security Checks	medium
118539	RHEL 7 : jasper (RHSA-2018:3253)	Nessus	Red Hat Local Security Checks	medium
110765	Ubuntu 14.04 LTS / 16.04 LTS : JasPer vulnerabilities (USN-3693-1)	Nessus	Ubuntu Local Security Checks	medium
106580	SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2018:0339-1)	Nessus	SuSE Local Security Checks	medium
105820	Fedora 27 : jasper (2017-15819d2c37)	Nessus	Fedora Local Security Checks	medium
103336	Fedora 26 : jasper (2017-769793738f)	Nessus	Fedora Local Security Checks	medium
101972	openSUSE Security Update : jasper (openSUSE-2017-844)	Nessus	SuSE Local Security Checks	medium
101891	SUSE SLED12 / SLES12 Security Update : jasper (SUSE-SU-2017:1916-1)	Nessus	SuSE Local Security Checks	medium
101832	SUSE SLES11 Security Update : jasper (SUSE-SU-2017:1901-1)	Nessus	SuSE Local Security Checks	medium

CVE-2017-1000050

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins