Amazon Linux AMI : openjpeg (ALAS-2012-125)

Medium Nessus Plugin ID 69615


The remote Amazon Linux AMI host is missing a security update.


It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code.


Run 'yum update openjpeg' to update your system.

See Also

Plugin Details

Severity: Medium

ID: 69615

File Name: ala_ALAS-2012-125.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2013/09/04

Updated: 2018/04/18

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:openjpeg, p-cpe:/a:amazon:linux:openjpeg-debuginfo, p-cpe:/a:amazon:linux:openjpeg-devel, p-cpe:/a:amazon:linux:openjpeg-libs, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 2012/09/22

Reference Information

CVE: CVE-2012-3535

ALAS: 2012-125

RHSA: 2012:1283