OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4082-1 advisory.

  - Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl,     pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a     denial of service (application crash). (CVE-2018-20846)

  - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
    (CVE-2018-21010)

  - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows     an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest     threat from this vulnerability is to system availability. (CVE-2020-27824)

  - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide     crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of     this flaw is to application availability. (CVE-2020-27842)

  - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially     crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest     threat from this vulnerability is system availability. (CVE-2020-27843)

  - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to     provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds     read. The highest impact of this flaw is to application availability. (CVE-2020-27845)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3801-1 advisory.

  - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
    (CVE-2018-21010)

  - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows     an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest     threat from this vulnerability is to system availability. (CVE-2020-27824)

  - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide     crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of     this flaw is to application availability. (CVE-2020-27842)

  - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially     crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest     threat from this vulnerability is system availability. (CVE-2020-27843)

  - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to     provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds     read. The highest impact of this flaw is to application availability. (CVE-2020-27845)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3802-1 advisory.

  - Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl,     pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a     denial of service (application crash). (CVE-2018-20846)

  - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
    (CVE-2018-21010)

  - A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could     use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of     the user running such an application. (CVE-2020-27814)

  - A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows     an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest     threat from this vulnerability is to system availability. (CVE-2020-27824)

  - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to     provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The     greatest impact from this flaw is to application availability. (CVE-2020-27841)

  - There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide     crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of     this flaw is to application availability. (CVE-2020-27842)

  - A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially     crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest     threat from this vulnerability is system availability. (CVE-2020-27843)

  - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to     provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds     read. The highest impact of this flaw is to application availability. (CVE-2020-27845)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
    (CVE-2018-21010)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
    (CVE-2018-21010)

  - There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to     provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The     greatest impact from this flaw is to application availability. (CVE-2020-27841)

  - There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to     provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds     read. The highest impact of this flaw is to application availability. (CVE-2020-27845)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory.

  - Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions     that are affected are 12.1.0.2 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker     with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require     human interaction from a person other than the attacker and while the vulnerability is in Advanced     Networking Option, attacks may significantly impact additional products. Successful attacks of this     vulnerability can result in takeover of Advanced Networking Option. (CVE-2021-2351)

  - Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected     are 12.1.0.2 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any     Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text.
    Successful   attacks of this vulnerability can result in takeover of Oracle Text. (CVE-2021-2328)

  - Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are     affected   are 12.1.0.2 and 19c. Easily exploitable vulnerability allows high privileged attacker having     Create Any   Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise     Oracle XML DB.   Successful attacks of this vulnerability can result in takeover of Oracle XML DB.
    (CVE-2021-2329)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202101-29 (OpenJPEG: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenJPEG. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4497-1 advisory.

  - Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in     OpenJPEG 2.1.2. (CVE-2016-9112)

  - An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in     openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)

  - OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
    (CVE-2018-21010)

  - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.
    Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
    This issue is similar to CVE-2018-6616. (CVE-2019-12973)

  - OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c     because of lack of opj_j2k_update_image_dimensions validation. (CVE-2020-6851)

  - opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer     overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112)

  - jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a     mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free     may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A heap buffer overflow vulnerability was discovered in openjpeg2, the open-source JPEG 2000 codec. This vulnerability is caused by insufficient validation of width and height of image components in color_apply_icc_profile (src/bin/common/color.c). Remote attackers might leverage this vulnerability via a crafted JP2 file, leading to denial of service (application crash) or any other undefined behavior.

For Debian 8 'Jessie', this problem has been fixed in version 2.1.0-2+deb8u8.

We recommend that you upgrade your openjpeg2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
167936	SUSE SLED15 / SLES15 Security Update : openjpeg (SUSE-SU-2022:4082-1)	Nessus	SuSE Local Security Checks	high
166691	SUSE SLES12 Security Update : openjpeg2 (SUSE-SU-2022:3801-1)	Nessus	SuSE Local Security Checks	high
166688	SUSE SLED15 / SLES15 Security Update : openjpeg2 (SUSE-SU-2022:3802-1)	Nessus	SuSE Local Security Checks	high
166652	EulerOS 2.0 SP3 : openjpeg (EulerOS-SA-2022-2627)	Nessus	Huawei Local Security Checks	high
162347	EulerOS 2.0 SP5 : openjpeg (EulerOS-SA-2022-1907)	Nessus	Huawei Local Security Checks	high
152026	Oracle Database Server Multiple Vulnerabilities (Jul 2021 CPU)	Nessus	Databases	critical
145436	GLSA-202101-29 : OpenJPEG: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
140592	Ubuntu 16.04 LTS : OpenJPEG vulnerabilities (USN-4497-1)	Nessus	Ubuntu Local Security Checks	high
129735	Debian DLA-1950-1 : openjpeg2 security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2018-21010

high

Tenable Plugins

high

high

high

high

high

critical

high

high

high