Vulnerabilities > CVE-2008-3520 - Numeric Errors vulnerability in Jasper Project Jasper 1.900.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-311.NASL description Multiple security vulnerabilities has been identified and fixed in ghostscript : A buffer underflow in Ghostscript last seen 2020-06-01 modified 2020-06-02 plugin id 42997 published 2009-12-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42997 title Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:311) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:311. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(42997); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:52"); script_cve_id( "CVE-2007-6725", "CVE-2008-3520", "CVE-2008-3522", "CVE-2008-6679", "CVE-2009-0196", "CVE-2009-0583", "CVE-2009-0584", "CVE-2009-0792" ); script_bugtraq_id( 31470, 34184, 34337, 34340, 34445 ); script_xref(name:"MDVSA", value:"2009:311"); script_name(english:"Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:311)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple security vulnerabilities has been identified and fixed in ghostscript : A buffer underflow in Ghostscript's CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file (CVE-2007-6725). Buffer overflow in Ghostscript's BaseFont writer module allows remote attackers to cause a denial of service and possibly to execute arbitrary code via a crafted Postscript file (CVE-2008-6679). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code by using either a PostScript or PDF file with crafte embedded images (CVE-2009-0583, CVE-2009-0584). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 (CVE-2009-0792). Heap-based overflow in Ghostscript's JBIG2 decoding library allows attackers to cause denial of service and possibly to execute arbitrary code by using a crafted PDF file (CVE-2009-0196). Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides fixes for that vulnerabilities." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-X"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-dvipdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ghostscript-module-X"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gs8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gs8-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ijs1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ijs1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgs8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgs8-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libijs1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libijs1-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"ghostscript-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"ghostscript-X-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"ghostscript-common-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"ghostscript-doc-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"ghostscript-dvipdf-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"ghostscript-module-X-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64gs8-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64gs8-devel-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ijs1-0.35-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ijs1-devel-0.35-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libgs8-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libgs8-devel-8.60-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libijs1-0.35-55.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libijs1-devel-0.35-55.3mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0012.NASL description Updated netpbm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35652 published 2009-02-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35652 title RHEL 4 / 5 : netpbm (RHSA-2009:0012) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200812-18.NASL description The remote host is affected by the vulnerability described in GLSA-200812-18 (JasPer: User-assisted execution of arbitrary code) Marc Espie and Christian Weisgerber have discovered multiple vulnerabilities in JasPer: Multiple integer overflows might allow for insufficient memory allocation, leading to heap-based buffer overflows (CVE-2008-3520). The jas_stream_printf() function in libjasper/base/jas_stream.c uses vsprintf() to write user-provided data to a static to a buffer, leading to an overflow (CVE-2008-3522). Impact : Remote attackers could entice a user or automated system to process specially crafted jpeg2k files with an application using JasPer, possibly leading to the execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 35189 published 2008-12-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35189 title GLSA-200812-18 : JasPer: User-assisted execution of arbitrary code NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-742-1.NASL description It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 37359 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37359 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : jasper vulnerabilities (USN-742-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-302-02.NASL description New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86663 published 2015-10-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86663 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : jasper (SSA:2015-302-02) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0012.NASL description From Red Hat Security Advisory 2009:0012 : Updated netpbm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67788 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67788 title Oracle Linux 4 / 5 : netpbm (ELSA-2009-0012) NASL family SuSE Local Security Checks NASL id SUSE_JASPER-5771.NASL description Multiple, potentially dangerous integer overflows, buffer overflows and a problem with temporary files have been fixed (CVE-2008-3520, CVE-2008-3521, CVE-2008-3522). last seen 2020-06-01 modified 2020-06-02 plugin id 34982 published 2008-12-01 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34982 title openSUSE 10 Security Update : jasper (jasper-5771) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8FF84335A7DA11E2B3F5003067C2616F.NASL description Fedora reports : JasPer fails to properly decode marker segments and other sections in malformed JPEG2000 files. Malformed inputs can cause heap buffer overflows which in turn may result in execution of attacker-controlled code. last seen 2020-06-01 modified 2020-06-02 plugin id 66012 published 2013-04-18 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66012 title FreeBSD : jasper -- buffer overflow (8ff84335-a7da-11e2-b3f5-003067c2616f) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-144.NASL description Multiple security vulnerabilities has been identified and fixed in ghostscript : Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. last seen 2020-06-01 modified 2020-06-02 plugin id 39562 published 2009-06-28 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39562 title Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:144) NASL family Fedora Local Security Checks NASL id FEDORA_2009-10737.NASL description - Tue Oct 13 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-13 - CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476) - CVE-2008-3522 jasper: possible buffer overflow in jas_stream_printf() (#461478) - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.900.1-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - Sat Jul 18 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-11 - FTBFS jasper-1.900.1-10.fc11 (#511743) - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.900.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42274 published 2009-10-28 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42274 title Fedora 10 : jasper-1.900.1-13.fc10 (2009-10737) NASL family Fedora Local Security Checks NASL id FEDORA_2009-10761.NASL description - Tue Oct 13 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-13 - CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476) - CVE-2008-3522 jasper: possible buffer overflow in jas_stream_printf() (#461478) - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.900.1-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - Sat Jul 18 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-11 - FTBFS jasper-1.900.1-10.fc11 (#511743) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42275 published 2009-10-28 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42275 title Fedora 11 : jasper-1.900.1-13.fc11 (2009-10761) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0698.NASL description Updated rhevm-spice-client packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Virtualization Manager 3. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029, CVE-2014-8137, CVE-2011-4516, CVE-2011-4517, CVE-2008-3520, CVE-2008-3522) Red Hat would like to thank oCERT for reporting CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029, CVE-2011-4516, and CVE-2011-4517. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter of CVE-2014-8137 and CVE-2014-8138; and pyddeh as the original reporter of CVE-2014-8157 and CVE-2014-8158. The mingw-openssl and mingw-jasper packages have been upgraded to the latest upstream version, which provides a number of bug fixes and enhancements over the previous version. (BZ#1187585) This update also fixes the following bugs : * Previously, a guest system installed with tools incorrectly always started in full screen mode, even when the last seen 2020-06-01 modified 2020-06-02 plugin id 81969 published 2015-03-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81969 title RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE) NASL family Scientific Linux Local Security Checks NASL id SL_20090211_NETPBM_ON_SL4_X.NASL description An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520) last seen 2020-06-01 modified 2020-06-02 plugin id 60534 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60534 title Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64 NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-317.NASL description Multiple security vulnerabilities has been identified and fixed in netpbm : Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read (CVE-2008-4799). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 43020 published 2009-12-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43020 title Mandriva Linux Security Advisory : netpbm (MDVSA-2009:317) NASL family SuSE Local Security Checks NASL id SUSE_JASPER-5782.NASL description Multiple, potentially dangerous integer overflows, buffer overflows and a problem with temporary files have been fixed. (CVE-2008-3520 / CVE-2008-3521 / CVE-2008-3522) last seen 2020-06-01 modified 2020-06-02 plugin id 34968 published 2008-11-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34968 title SuSE 10 Security Update : jasper (ZYPP Patch Number 5782) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-142.NASL description Multiple security vulnerabilities has been identified and fixed in jasper : The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert (CVE-2007-2721). Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). The jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). The updated packages have been patched to prevent this. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 39552 published 2009-06-28 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39552 title Mandriva Linux Security Advisory : jasper (MDVSA-2009:142-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0012.NASL description Updated netpbm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35650 published 2009-02-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35650 title CentOS 4 : netpbm (CESA-2009:0012) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1317-1.NASL description It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. (CVE-2008-3520) It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. (CVE-2008-3522) It was discovered that Ghostscript incorrectly handled certain malformed TrueType fonts. If a user or automated system were tricked into opening a document containing a specially crafted font, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-3743) It was discovered that Ghostscript incorrectly handled certain malformed Type 2 fonts. If a user or automated system were tricked into opening a document containing a specially crafted font, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-4054) Jonathan Foote discovered that Ghostscript incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system were tricked into opening a specially crafted JPEG-2000 image file, an attacker could cause Ghostscript to crash or possibly execute arbitrary code with user privileges. (CVE-2011-4516, CVE-2011-4517). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57436 published 2012-01-05 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57436 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 : ghostscript vulnerabilities (USN-1317-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_JASPER-081114.NASL description Multiple, potentially dangerous integer overflows, buffer overflows and a problem with temporary files have been fixed (CVE-2008-3520, CVE-2008-3521, CVE-2008-3522). last seen 2020-06-01 modified 2020-06-02 plugin id 39995 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39995 title openSUSE Security Update : jasper (jasper-303) NASL family SuSE Local Security Checks NASL id SUSE9_12295.NASL description Multiple potentially dangerous integer overflows, buffer overflows, and a problem with temporary files have been fixed. CVE-2008-3520, CVE-2008-3521, CVE-2008-3522) last seen 2020-06-01 modified 2020-06-02 plugin id 41255 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41255 title SuSE9 Security Update : jasper (YOU Patch Number 12295)
Oval
| accepted | 2013-04-29T04:02:10.176-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10141 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://bugs.gentoo.org/show_bug.cgi?id=222819
- http://rhn.redhat.com/errata/RHSA-2015-0698.html
- http://secunia.com/advisories/33173
- http://secunia.com/advisories/34391
- http://security.gentoo.org/glsa/glsa-200812-18.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
- http://www.redhat.com/support/errata/RHSA-2009-0012.html
- http://www.securityfocus.com/bid/31470
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606
- http://www.ubuntu.com/usn/USN-742-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45621
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10141