Mandriva Linux Security Advisory : openjpeg (MDVSA-2012:157)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A security issue was identified and fixed in openjpeg :

A heap-based buffer overflow was found in the way OpenJPEG, an open
source JPEG 2000 codec written in C language, performed parsing of
JPEG2000 image files. A remote attacker could provide a specially
crafted JPEG 2000 file, which when opened in an application linked
against openjpeg would lead to that application crash, or, potentially
arbitrary code execution with the privileges of the user running the
application (CVE-2012-3535).

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 62423 ()

Bugtraq ID: 55214

CVE ID: CVE-2012-3535

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now