pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2019-1582/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

415 lines
21 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191582",
"Version": "oval:org.altlinux.errata:def:20191582",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1582: package `libopenjpeg2.0` update to version 2.3.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1582",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1582",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-01566",
"RefURL": "https://bdu.fstec.ru/vul/2019-01566",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01567",
"RefURL": "https://bdu.fstec.ru/vul/2019-01567",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01575",
"RefURL": "https://bdu.fstec.ru/vul/2019-01575",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01576",
"RefURL": "https://bdu.fstec.ru/vul/2019-01576",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01577",
"RefURL": "https://bdu.fstec.ru/vul/2019-01577",
"Source": "BDU"
},
{
"RefID": "BDU:2019-02734",
"RefURL": "https://bdu.fstec.ru/vul/2019-02734",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01282",
"RefURL": "https://bdu.fstec.ru/vul/2021-01282",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01307",
"RefURL": "https://bdu.fstec.ru/vul/2021-01307",
"Source": "BDU"
},
{
"RefID": "CVE-2017-14041",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14041",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17479",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17479",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17480",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17480",
"Source": "CVE"
},
{
"RefID": "CVE-2018-14423",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14423",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16375",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16375",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16376",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16376",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18088",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18088",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20845",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20845",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20846",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20846",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20847",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20847",
"Source": "CVE"
},
{
"RefID": "CVE-2018-21010",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-21010",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5727",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5727",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5785",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5785",
"Source": "CVE"
},
{
"RefID": "CVE-2018-6616",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6616",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7648",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7648",
"Source": "CVE"
},
{
"RefID": "CVE-2019-6988",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-6988",
"Source": "CVE"
}
],
"Description": "This update upgrades libopenjpeg2.0 to version 2.3.1-alt1. \nSecurity Fix(es):\n\n * BDU:2019-01566: Уязвимость функции pgxtovolume библиотеки для кодирования/декодирования изображений OpenJPEG, связанная с записью за границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании и выполнить произвольный код\n\n * BDU:2019-01567: Уязвимость функций pi_next_pcrl, pi_next_cprl, и pi_next_rpcl библиотеки для кодирования/декодирования изображений OpenJPEG, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01575: Уязвимость функции imagetopnm библиотеки для кодирования и декодирования изображений OpenJPEG, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызывать отказ в обслуживании\n\n * BDU:2019-01576: Уязвимость функции opj_j2k_setup_encoder библиотеки для кодирования и декодирования изображений OpenJPEG, связанная с целочисленным переполнением, вызванным левым сдвигом, позволяющая нарушителю вызывать отказ в обслуживании\n\n * BDU:2019-01577: Уязвимость функции opj_t1_encode_cblks библиотеки для кодирования и декодирования изображений OpenJPEG, связанная с ошибкой, приводящей к организации бесконечного цикла, позволяющая нарушителю вызывать отказ в обслуживании\n\n * BDU:2019-02734: Уязвимость функции opj_t1_encode_cblks библиотеки для кодирования и декодирования изображений OpenJPEG операционных систем Oracle Solaris, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01282: Уязвимость функции color_apply_icc_profile (bin/common/color.c) библиотеки для кодирования и декодирования OpenJPEG, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01307: Уязвимость функции opj_get_encoding_parameters (openjp2/pi.c) библиотеки для кодирования и декодирования OpenJPEG, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.\n\n * CVE-2017-17479: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.\n\n * CVE-2017-17480: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.\n\n * CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).\n\n * CVE-2018-16375: An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.\n\n * CVE-2018-16376: An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.\n\n * CVE-2018-18088: OpenJPEG 2.3.0 has a NULL pointer dereference for \"red\" in the imagetopnm function of jp2/convert.c\n\n * CVE-2018-20845: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).\n\n * CVE-2018-20846: Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).\n\n * CVE-2018-20847: An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.\n\n * CVE-2018-21010: OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.\n\n * CVE-2018-5727: In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n\n * CVE-2018-5785: In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n\n * CVE-2018-6616: In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.\n\n * CVE-2018-7648: An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.\n\n * CVE-2019-6988: An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-04-03"
},
"Updated": {
"Date": "2019-04-03"
},
"BDUs": [
{
"ID": "BDU:2019-01566",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-01566",
"Impact": "Critical",
"Public": "20170818"
},
{
"ID": "BDU:2019-01567",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2019-01567",
"Impact": "High",
"Public": "20180717"
},
{
"ID": "BDU:2019-01575",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-01575",
"Impact": "Low",
"Public": "20181009"
},
{
"ID": "BDU:2019-01576",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-01576",
"Impact": "Low",
"Public": "20180119"
},
{
"ID": "BDU:2019-01577",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2019-01577",
"Impact": "Low",
"Public": "20180204"
},
{
"ID": "BDU:2019-02734",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-02734",
"Impact": "Low",
"Public": "20180113"
},
{
"ID": "BDU:2021-01282",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01282",
"Impact": "High",
"Public": "20190906"
},
{
"ID": "BDU:2021-01307",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-01307",
"Impact": "High",
"Public": "20190630"
}
],
"CVEs": [
{
"ID": "CVE-2017-14041",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14041",
"Impact": "High",
"Public": "20170830"
},
{
"ID": "CVE-2017-17479",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17479",
"Impact": "Critical",
"Public": "20171208"
},
{
"ID": "CVE-2017-17480",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17480",
"Impact": "Critical",
"Public": "20171208"
},
{
"ID": "CVE-2018-14423",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14423",
"Impact": "High",
"Public": "20180719"
},
{
"ID": "CVE-2018-16375",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16375",
"Impact": "High",
"Public": "20180903"
},
{
"ID": "CVE-2018-16376",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16376",
"Impact": "High",
"Public": "20180903"
},
{
"ID": "CVE-2018-18088",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18088",
"Impact": "Low",
"Public": "20181009"
},
{
"ID": "CVE-2018-20845",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20845",
"Impact": "Low",
"Public": "20190626"
},
{
"ID": "CVE-2018-20846",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20846",
"Impact": "Low",
"Public": "20190626"
},
{
"ID": "CVE-2018-20847",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20847",
"Impact": "High",
"Public": "20190626"
},
{
"ID": "CVE-2018-21010",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-21010",
"Impact": "High",
"Public": "20190905"
},
{
"ID": "CVE-2018-5727",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5727",
"Impact": "Low",
"Public": "20180116"
},
{
"ID": "CVE-2018-5785",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5785",
"Impact": "Low",
"Public": "20180119"
},
{
"ID": "CVE-2018-6616",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6616",
"Impact": "Low",
"Public": "20180204"
},
{
"ID": "CVE-2018-7648",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7648",
"Impact": "Critical",
"Public": "20180302"
},
{
"ID": "CVE-2019-6988",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-6988",
"Impact": "Low",
"Public": "20190128"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191582001",
"Comment": "libopenjpeg2.0 is earlier than 0:2.3.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191582002",
"Comment": "libopenjpeg2.0-devel is earlier than 0:2.3.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191582003",
"Comment": "openjpeg-tools2.0 is earlier than 0:2.3.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink