https://blogs.gentoo.org/ago/2017/01/25/jasper-heap-based-buffer-overflow-in-jpc_dec_decodepkt-jpc_t2dec-c/

https://github.com/mdadams/jasper/issues/114

GLSA-201908-03

According to the versions of the jasper package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - Runtime libraries for jasper. Security Fix(es):Race     condition in the jas_stream_tmpfile function in     libjasper/base/jas_stream.c in JasPer 1.900.1 allows     local users to cause a denial of service (program exit)     by creating the appropriate tmp.XXXXXXXXXX temporary     file, which causes Jasper to exit. NOTE: this was     originally reported as a symlink issue, but this was     incorrect. NOTE: some vendors dispute the severity of     this issue, but it satisfies CVE's requirements for     inclusion.(CVE-2008-3521)Heap-based buffer overflow in     the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer     2.0.10 allows remote attackers to have unspecified     impact via a crafted image.(CVE-2017-6852)The     jp2_colr_destroy function in jp2_cod.c in JasPer before     1.900.13 allows remote attackers to cause a denial of     service (NULL pointer dereference) by leveraging     incorrect cleanup of JP2 box data on error. NOTE: this     vulnerability exists because of an incomplete fix for     CVE-2016-8887.(CVE-2016-10250)The jp2_cdef_destroy     function in jp2_cod.c in JasPer before 2.0.13 allows     remote attackers to cause a denial of service (NULL     pointer dereference) via a crafted     image.(CVE-2017-6850)The jp2_colr_destroy function in     libjasper/jp2/jp2_cod.c in JasPer before 1.900.10     allows remote attackers to cause a denial of service     (NULL pointer dereference).(CVE-2016-8887)The     jpc_floorlog2 function in jpc_math.c in JasPer before     1.900.17 allows remote attackers to cause a denial of     service (assertion failure) via unspecified     vectors.(CVE-2016-9398)JasPer 2.0.12 is vulnerable to a     NULL pointer exception in the function jp2_encode which     failed to check to see if the image contained at least     one component resulting in a     denial-of-service.(CVE-2017-1000050)The jpc_pi_nextrpcl     function in jpc_t2cod.c in JasPer before 1.900.17     allows remote attackers to cause a denial of service     (assertion failure) via a crafted     file.(CVE-2016-9393)The bmp_getdata function in     libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote     attackers to cause a denial of service (NULL pointer     dereference) by calling the imginfo command with a     crafted BMP image. NOTE: this vulnerability exists     because of an incomplete fix for     CVE-2016-8690.(CVE-2016-8884)There is a reachable     assertion abort in the function jpc_dequantize() in     jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a     remote denial of service attack.(CVE-2017-13752)The     jpc_dequantize function in jpc_dec.c in JasPer 1.900.13     allows remote attackers to cause a denial of service     (assertion failure) via unspecified     vectors.(CVE-2016-9397)There is a reachable assertion     abort in the function jpc_floorlog2() in jpc/jpc_math.c     in JasPer 2.0.12 that will lead to a remote denial of     service attack.(CVE-2017-13747)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in JasPer 2.0.14. There is a     heap-based buffer overflow of size 1 in the function     jas_icctxtdesc_input in     libjasper/base/jas_icc.c.(CVE-2018-19540)

  - An issue was discovered in JasPer 2.0.14. There is a     heap-based buffer over-read of size 8 in the function     jas_image_depalettize in     libjasper/base/jas_image.c.(CVE-2018-19541)

  - An issue was discovered in JasPer 2.0.14. There is a     NULL pointer dereference in the function jp2_decode in     libjasper/jp2/jp2_dec.c, leading to a denial of     service.(CVE-2018-19542)

  - An issue was discovered in JasPer 2.0.14. There is an     access violation in the function jas_image_readcmpt in     libjasper/base/jas_image.c, leading to a denial of     service.(CVE-2018-19539)

  - Heap-based buffer overflow in the jpc_dec_decodepkt     function in jpc_t2dec.c in JasPer 2.0.10 allows remote     attackers to have unspecified impact via a crafted     image.(CVE-2017-6852)

  - JasPer 2.0.14 allows denial of service via a reachable     assertion in the function jpc_firstone in     libjasper/jpc/jpc_math.c.(CVE-2018-9055)

  - The jpc_floorlog2 function in jpc_math.c in JasPer     before 1.900.17 allows remote attackers to cause a     denial of service (assertion failure) via unspecified     vectors.(CVE-2016-9398)

  - There are lots of memory leaks in JasPer 2.0.12,     triggered in the function jas_strdup() in     base/jas_string.c, that will lead to a remote denial of     service attack.(CVE-2017-13748)

  - There is a reachable assertion abort in the function     calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that     will lead to a remote denial of service     attack.(CVE-2017-13751)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The jpc_floorlog2 function in jpc_math.c in JasPer     before 1.900.17 allows remote attackers to cause a     denial of service (assertion failure) via unspecified     vectors.(CVE-2016-9398)

  - JasPer 2.0.14 allows denial of service via a reachable     assertion in the function jpc_firstone in     libjasper/jpc/jpc_math.c.(CVE-2018-9055)

  - An issue was discovered in JasPer 2.0.14. There is an     access violation in the function jas_image_readcmpt in     libjasper/base/jas_image.c, leading to a denial of     service.(CVE-2018-19539)

  - An issue was discovered in JasPer 2.0.14. There is a     heap-based buffer overflow of size 1 in the function     jas_icctxtdesc_input in     libjasper/base/jas_icc.c.(CVE-2018-19540)

  - An issue was discovered in JasPer 2.0.14. There is a     heap-based buffer over-read of size 8 in the function     jas_image_depalettize in     libjasper/base/jas_image.c.(CVE-2018-19541)

  - An issue was discovered in JasPer 2.0.14. There is a     NULL pointer dereference in the function jp2_decode in     libjasper/jp2/jp2_dec.c, leading to a denial of     service.(CVE-2018-19542)

  - There are lots of memory leaks in JasPer 2.0.12,     triggered in the function jas_strdup() in     base/jas_string.c, that will lead to a remote denial of     service attack.(CVE-2017-13748)

  - There is a reachable assertion abort in the function     calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that     will lead to a remote denial of service     attack.(CVE-2017-13751)

  - Heap-based buffer overflow in the jpc_dec_decodepkt     function in jpc_t2dec.c in JasPer 2.0.10 allows remote     attackers to have unspecified impact via a crafted     image.(CVE-2017-6852)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the jasper package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The jp2_colr_destroy function in     libjasper/jp2/jp2_cod.c in JasPer before 1.900.10     allows remote attackers to cause a denial of service     (NULL pointer dereference).(CVE-2016-8887)

  - The jp2_cdef_destroy function in jp2_cod.c in JasPer     before 2.0.13 allows remote attackers to cause a denial     of service (NULL pointer dereference) via a crafted     image.(CVE-2017-6850)

  - The jp2_colr_destroy function in jp2_cod.c in JasPer     before 1.900.13 allows remote attackers to cause a     denial of service (NULL pointer dereference) by     leveraging incorrect cleanup of JP2 box data on error.
    NOTE: this vulnerability exists because of an     incomplete fix for CVE-2016-8887.(CVE-2016-10250)

  - Heap-based buffer overflow in the jpc_dec_decodepkt     function in jpc_t2dec.c in JasPer 2.0.10 allows remote     attackers to have unspecified impact via a crafted     image.(CVE-2017-6852)

  - Race condition in the jas_stream_tmpfile function in     libjasper/base/jas_stream.c in JasPer 1.900.1 allows     local users to cause a denial of service (program exit)     by creating the appropriate tmp.XXXXXXXXXX temporary     file, which causes Jasper to exit. NOTE: this was     originally reported as a symlink issue, but this was     incorrect. NOTE: some vendors dispute the severity of     this issue, but it satisfies CVE's requirements for     inclusion.(CVE-2008-3521)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201908-03 (JasPer: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in JasPer. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
134477	EulerOS Virtualization for ARM 64 3.0.2.0 : jasper (EulerOS-SA-2020-1188)	Nessus	Huawei Local Security Checks	high
132133	EulerOS 2.0 SP3 : jasper (EulerOS-SA-2019-2598)	Nessus	Huawei Local Security Checks	high
131643	EulerOS 2.0 SP2 : jasper (EulerOS-SA-2019-2490)	Nessus	Huawei Local Security Checks	high
130699	EulerOS 2.0 SP5 : jasper (EulerOS-SA-2019-2237)	Nessus	Huawei Local Security Checks	high
127561	GLSA-201908-03 : JasPer: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high

CVE-2017-6852

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high