The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5952-1 advisory.

    Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated     system were tricked into opening a specially crafted input file, a remote attacker could possibly use this     issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
    (CVE-2020-6851, CVE-2020-8112)

    It was discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were     tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to     cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
    (CVE-2020-15389, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, CVE-2020-27841, CVE-2020-27845)

    It was discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were     tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to     cause a denial of service. (CVE-2020-27842, CVE-2020-27843)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 ESM / 18.04 LTS : OpenJPEG vulnerabilities (USN-5952-1)

high Nessus Plugin ID 172576

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.5 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.4 Oct 21, 2023, 3:09 AM Detection Plugin Feed: 202310210309
Version 1.3 Aug 30, 2023, 4:14 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202308301614
Version 1.2 Mar 16, 2023, 4:17 PM Regenerated based on advisory update Plugin Feed: 202303161617
Version 1.1 Mar 15, 2023, 10:01 PM CEA reference Plugin Feed: 202303152201
Version 1.0 Mar 15, 2023, 6:09 PM New Plugin Feed: 202303151809