Vulnerabilities > CVE-2019-2201 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 | |
OS | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2530.NASL description This update for libjpeg-turbo fixes the following issues : - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 131158 published 2019-11-20 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131158 title openSUSE Security Update : libjpeg-turbo (openSUSE-2019-2530) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-2530. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(131158); script_version("1.2"); script_cvs_date("Date: 2019/12/09"); script_cve_id("CVE-2019-2201"); script_name(english:"openSUSE Security Update : libjpeg-turbo (openSUSE-2019-2530)"); script_summary(english:"Check for the openSUSE-2019-2530 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libjpeg-turbo fixes the following issues : - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156402" ); script_set_attribute( attribute:"solution", value:"Update the affected libjpeg-turbo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg-turbo-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-turbo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg62-turbo-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjpeg8-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libturbojpeg0-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg-turbo-1.5.3-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg-turbo-debuginfo-1.5.3-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg-turbo-debugsource-1.5.3-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg62-62.2.0-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg62-debuginfo-62.2.0-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg62-devel-62.2.0-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg62-turbo-1.5.3-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg62-turbo-debugsource-1.5.3-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg8-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg8-debuginfo-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libjpeg8-devel-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libturbojpeg0-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libturbojpeg0-debuginfo-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libjpeg62-32bit-62.2.0-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libjpeg62-32bit-debuginfo-62.2.0-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libjpeg62-devel-32bit-62.2.0-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libjpeg8-32bit-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libjpeg8-32bit-debuginfo-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libjpeg8-devel-32bit-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libturbojpeg0-32bit-8.1.2-lp150.4.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libturbojpeg0-32bit-debuginfo-8.1.2-lp150.4.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo / libjpeg-turbo-debuginfo / libjpeg-turbo-debugsource / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-23.NASL description The remote host is affected by the vulnerability described in GLSA-202003-23 (libjpeg-turbo: User-assisted execution of arbitrary code) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. Impact : A remote attacker could entice a user to open a specially crafted JPEG file in an application linked against libjpeg-turbo, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134600 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134600 title GLSA-202003-23 : libjpeg-turbo: User-assisted execution of arbitrary code code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-23. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134600); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18"); script_cve_id("CVE-2019-2201"); script_xref(name:"GLSA", value:"202003-23"); script_name(english:"GLSA-202003-23 : libjpeg-turbo: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-23 (libjpeg-turbo: User-assisted execution of arbitrary code) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. Impact : A remote attacker could entice a user to open a specially crafted JPEG file in an application linked against libjpeg-turbo, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-23" ); script_set_attribute( attribute:"solution", value: "All libjpeg-turbo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libjpeg-turbo-2.0.3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libjpeg-turbo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-libs/libjpeg-turbo", unaffected:make_list("ge 2.0.3"), vulnerable:make_list("lt 2.0.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-EEE0D6C6F8.NASL description Security fix for CVE-2019-2201. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131108 published 2019-11-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131108 title Fedora 31 : libjpeg-turbo (2019-eee0d6c6f8) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-eee0d6c6f8. # include("compat.inc"); if (description) { script_id(131108); script_version("1.2"); script_cvs_date("Date: 2019/12/12"); script_cve_id("CVE-2019-2201"); script_xref(name:"FEDORA", value:"2019-eee0d6c6f8"); script_name(english:"Fedora 31 : libjpeg-turbo (2019-eee0d6c6f8)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2019-2201. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-eee0d6c6f8" ); script_set_attribute( attribute:"solution", value:"Update the affected libjpeg-turbo package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libjpeg-turbo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"libjpeg-turbo-2.0.2-5.fc31")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4190-1.NASL description It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. (CVE-2018-19664) It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2018-20330) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly cause a denial of service or execute arbitrary code. (CVE-2019-2201). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131016 published 2019-11-14 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131016 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libjpeg-turbo vulnerabilities (USN-4190-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4190-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(131016); script_version("1.3"); script_cvs_date("Date: 2019/12/12"); script_cve_id("CVE-2018-14498", "CVE-2018-19664", "CVE-2018-20330", "CVE-2019-2201"); script_xref(name:"USN", value:"4190-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libjpeg-turbo vulnerabilities (USN-4190-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. (CVE-2018-19664) It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2018-20330) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly cause a denial of service or execute arbitrary code. (CVE-2019-2201). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4190-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libjpeg-turbo8 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2201"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libjpeg-turbo8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libjpeg-turbo8", pkgver:"1.4.2-0ubuntu3.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libjpeg-turbo8", pkgver:"1.5.2-0ubuntu5.18.04.3")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"libjpeg-turbo8", pkgver:"2.0.1-0ubuntu2.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo8"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2972-1.NASL description This update for libjpeg-turbo fixes the following issues : CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131069 published 2019-11-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131069 title SUSE SLED12 / SLES12 Security Update : libjpeg-turbo (SUSE-SU-2019:2972-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2529.NASL description This update for libjpeg-turbo fixes the following issues : - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 131157 published 2019-11-20 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131157 title openSUSE Security Update : libjpeg-turbo (openSUSE-2019-2529) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2971-1.NASL description This update for libjpeg-turbo fixes the following issues : CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131068 published 2019-11-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131068 title SUSE SLED15 / SLES15 Security Update : libjpeg-turbo (SUSE-SU-2019:2971-1)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html
- https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E
- https://lists.apache.org/thread.html/rc800763a88775ac9abb83b3402bcd0913d41ac65fdfc759af38f2280%40%3Ccommits.mxnet.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html
- https://lists.debian.org/debian-lts-announce/2022/05/msg00048.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4QPASQPZO644STRFTLOD35RIRGWWRNI/
- https://security.gentoo.org/glsa/202003-23
- https://security.gentoo.org/glsa/202003-23
- https://source.android.com/security/bulletin/2019-11-01
- https://source.android.com/security/bulletin/2019-11-01
- https://usn.ubuntu.com/4190-1/
- https://usn.ubuntu.com/4190-1/