FreeBSD : openjpeg -- multiple vulnerabilities (b7d56d0b-7a11-11e6-af78-589cfc0654e1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Tencent's Xuanwu LAB reports :

A Heap Buffer Overflow (Out-of-Bounds Write) issue was found in
function opj_dwt_interleave_v of dwt.c. This vulnerability allows
remote attackers to execute arbitrary code on vulnerable installations
of OpenJPEG.

An integer overflow issue exists in function opj_pi_create_decode of
pi.c. It can lead to Out-Of-Bounds Read and Out-Of-Bounds Write in
function opj_pi_next_cprl of pi.c (function opj_pi_next_lrcp,
opj_pi_next_rlcp, opj_pi_next_rpcl, opj_pi_next_pcrl may also be
vulnerable). This vulnerability allows remote attackers to execute
arbitrary code on vulnerable installations of OpenJPEG.

See also :

http://www.openwall.com/lists/oss-security/2016/09/08/2
http://www.openwall.com/lists/oss-security/2016/09/08/3
http://www.nessus.org/u?e8906ec5

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 93989 ()

Bugtraq ID:

CVE ID: CVE-2016-5157
CVE-2016-7163

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now