Executive Summary
Summary | |
---|---|
Title | Updated ghostscript packages fix vulnerability |
Informations | |||
---|---|---|---|
Name | MDKSA-2007:208 | First vendor Publication | 2007-11-05 |
Vendor | Mandriva | Last vendor Modification | 2007-11-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. Newer versions of ghostscript contain an embedded copy of libjasper and as such is vulnerable to this issue. Updated packages have been patched to prevent this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:208 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17675 | |||
Oval ID: | oval:org.mitre.oval:def:17675 | ||
Title: | USN-501-2 -- ghostscript, gs-gpl vulnerability | ||
Description: | USN-501-1 fixed vulnerabilities in Jasper. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-501-2 CVE-2007-2721 | Version: | 7 |
Platform(s): | Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | ghostscript gs-gpl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9397 | |||
Oval ID: | oval:org.mitre.oval:def:9397 | ||
Title: | The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | ||
Description: | The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2721 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for netpbm CESA-2009:0012 centos4 i386 File : nvt/gb_CESA-2009_0012_netpbm_centos4_i386.nasl |
2010-04-21 | Name : Debian Security Advisory DSA 2036-1 (jasper) File : nvt/deb_2036_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:142-1 (jasper) File : nvt/mdksa_2009_142_1.nasl |
2009-10-13 | Name : SLES10: Security update for netpbm File : nvt/sles10_libnetpbm.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:164 (jasper) File : nvt/mdksa_2009_164.nasl |
2009-07-06 | Name : Mandrake Security Advisory MDVSA-2009:142 (jasper) File : nvt/mdksa_2009_142.nasl |
2009-04-09 | Name : Mandriva Update for jasper MDKSA-2007:129 (jasper) File : nvt/gb_mandriva_MDKSA_2007_129.nasl |
2009-04-09 | Name : Mandriva Update for ghostscript MDKSA-2007:208 (ghostscript) File : nvt/gb_mandriva_MDKSA_2007_208.nasl |
2009-04-09 | Name : Mandriva Update for netpbm MDKSA-2007:209 (netpbm) File : nvt/gb_mandriva_MDKSA_2007_209.nasl |
2009-03-23 | Name : Ubuntu Update for jasper vulnerability USN-501-1 File : nvt/gb_ubuntu_USN_501_1.nasl |
2009-03-23 | Name : Ubuntu Update for ghostscript, gs-gpl vulnerability USN-501-2 File : nvt/gb_ubuntu_USN_501_2.nasl |
2009-02-27 | Name : Fedora Update for jasper FEDORA-2007-0001 File : nvt/gb_fedora_2007_0001_jasper_fc7.nasl |
2009-02-13 | Name : RedHat Security Advisory RHSA-2009:0012 File : nvt/RHSA_2009_0012.nasl |
2009-02-13 | Name : CentOS Security Advisory CESA-2009:0012 (netpbm) File : nvt/ovcesa2009_0012.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36137 | JasPer jpc/jpc_cs.c jpc_qcx_getcompparms Function Imagine Handling DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0012.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0005.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090211_netpbm_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2036.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-142.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-208.nasl - Type : ACT_GATHER_INFO |
2009-02-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0012.nasl - Type : ACT_GATHER_INFO |
2009-02-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0012.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libnetpbm-4688.nasl - Type : ACT_GATHER_INFO |
2007-12-12 | Name : The remote openSUSE host is missing a security update. File : suse_libnetpbm-4694.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-501-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-501-2.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-209.nasl - Type : ACT_GATHER_INFO |
2007-06-21 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-129.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:58 |
|