Detections
Analytics
GLSA-201908-03 : JasPer: Multiple vulnerabilities
high Nessus Plugin ID 127561
Language:
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-201908-03 (JasPer: Multiple vulnerabilities)Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details.
Impact :
Please review the referenced CVE identifiers for details.
Workaround :
There is no known workaround at this time.
Solution
JasPer is no longer maintained upstream and contains many vulnerabilities which remain unaddressed. Gentoo users are advised to unmerge this package.# emerge --unmerge media-libs/jasper
See Also
Plugin Details
Severity: High
ID: 127561
File Name: gentoo_GLSA-201908-03.nasl
Version: 1.4
Type: local
Family: Gentoo Local Security Checks
Published: 8/12/2019
Updated: 5/7/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-6852
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:gentoo:linux:jasper, cpe:/o:gentoo:linux
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/9/2019
Vulnerability Publication Date: 3/1/2017
Reference Information
CVE: CVE-2017-1000050, CVE-2017-13745, CVE-2017-13746, CVE-2017-13747, CVE-2017-13748, CVE-2017-13749, CVE-2017-13750, CVE-2017-13751, CVE-2017-13752, CVE-2017-13753, CVE-2017-14132, CVE-2017-14229, CVE-2017-5503, CVE-2017-5504, CVE-2017-5505, CVE-2017-6851, CVE-2017-6852, CVE-2017-9782, CVE-2018-18873, CVE-2018-20584, CVE-2018-9055, CVE-2018-9154
GLSA: 201908-03