Scientific Linux Security Update : netpbm on SL4.x, SL5.x i386/x86_64

high Nessus Plugin ID 60534

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)

Solution

Update the affected netpbm, netpbm-devel and / or netpbm-progs packages.

See Also

http://www.nessus.org/u?f647b0a3

Plugin Details

Severity: High

ID: 60534

File Name: sl_20090211_netpbm_on_SL4_x.nasl

Version: 1.5

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2/11/2009

Reference Information

CVE: CVE-2007-2721, CVE-2008-3520

CWE: 189