Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2020-1053)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.2.2020.1053

Categoría: Huawei EulerOS Local Security Checks

Título: Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2020-1053)

Resumen: The remote host is missing an update for the Huawei EulerOS 'jasper' package(s) announced via the EulerOS-SA-2020-1053 advisory.

Descripción: Summary:
The remote host is missing an update for the Huawei EulerOS 'jasper' package(s) announced via the EulerOS-SA-2020-1053 advisory.

Vulnerability Insight:
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.(CVE-2018-9055)

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.(CVE-2018-19542)

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.(CVE-2018-19539)

JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.(CVE-2017-14132)

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.(CVE-2017-13748)

Affected Software/OS:
'jasper' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-9055
BugTraq ID: 103577
http://www.securityfocus.com/bid/103577
https://security.gentoo.org/glsa/201908-03
https://github.com/mdadams/jasper/issues/172
https://www.oracle.com/security-alerts/cpuapr2020.html

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2020.1053
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for jasper (EulerOS-SA-2020-1053)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'jasper' package(s) announced via the EulerOS-SA-2020-1053 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'jasper' package(s) announced via the EulerOS-SA-2020-1053 advisory. Vulnerability Insight: JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.(CVE-2018-9055) An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.(CVE-2018-19542) An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.(CVE-2018-19539) JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.(CVE-2017-14132) There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.(CVE-2017-13748) Affected Software/OS: 'jasper' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-9055 BugTraq ID: 103577 http://www.securityfocus.com/bid/103577 https://security.gentoo.org/glsa/201908-03 https://github.com/mdadams/jasper/issues/172 https://www.oracle.com/security-alerts/cpuapr2020.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH