EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2017-1060)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the openjpeg package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- Multiple integer overflow flaws, leading to heap-based
buffer overflows, were found in OpenJPEG. A specially
crafted JPEG2000 image could cause an application using
OpenJPEG to crash or, potentially, execute arbitrary
code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,
CVE-2016-7163)

- An out-of-bounds read vulnerability was found in
OpenJPEG, in the j2k_to_image tool. Converting a
specially crafted JPEG2000 file to another format could
cause the application to crash or, potentially,
disclose some data from the heap. (CVE-2016-9573)

- A heap-based buffer overflow vulnerability was found in
OpenJPEG. A specially crafted JPEG2000 image, when read
by an application using OpenJPEG, could cause the
application to crash or, potentially, execute arbitrary
code. (CVE-2016-9675)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?479fa7cf

Solution :

Update the affected openjpeg packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:ND/RC:UR)
Public Exploit Available : false

Family: Huawei Local Security Checks

Nessus Plugin ID: 99905 ()

Bugtraq ID:

CVE ID: CVE-2016-5139
CVE-2016-5158
CVE-2016-5159
CVE-2016-7163
CVE-2016-9573
CVE-2016-9675

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now