CVE-2016-2000
published 2016-04-05CVE-2016-2000: HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted…
PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.46%
90.2th percentile
HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | asset_manager | — | — |
| hp | asset_manager | — | — |
| hp | asset_manager | — | — |
| hp | asset_manager_cloudsystem_chargeback | — | — |
| jasper_project | jasper | >= 0 < 1.900.1-14ubuntu3.3 | 1.900.1-14ubuntu3.3 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.6HIGH
vendor_redhat9.8CRITICAL
vendor_cisco6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47j5-g4fh-w4j8: HPE Asset Manager 9
ghsa_unreviewed·2022-05-17
CVE-2016-2000 [CRITICAL] GHSA-47j5-g4fh-w4j8: HPE Asset Manager 9
HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
OSV
jasper vulnerabilities
osv·2016-03-03·CVSS 7.6
CVE-2016-1577 jasper vulnerabilities
jasper vulnerabilities
Jacob Baines discovered that JasPer incorrectly handled ICC color profiles
in JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to
crash or possibly execute arbitrary code with user privileges.
(CVE-2016-1577)
Tyler Hicks discovered that JasPer incorrectly handled memory when
processing JPEG-2000 image files. If a user were tricked into opening a
specially crafted JPEG-2000 image file, a remote attacker could cause
JasPer to consume memory, resulting in a denial of service.
(CVE-2016-2116)
Red Hat
jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)
vendor_redhat·2016-10-17·CVSS 6.8
CVE-2016-8880 [MEDIUM] CWE-122 jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)
jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)
[REJECTED CVE] A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code.
Statement: This flaw was found to be a duplicate of CVE-2011-4516. Please see https://access.redhat.com/security/cve/CVE-2011-4516 for information about affected products and security errata.
Package: netpbm (Red Hat Enterprise Linux 5) - Not affected
Package: jasper (Red Hat Enterprise Linux 6) - Not affected
Package: jasper (Red Hat Enterprise Linux 7) - Not affected
Package: mi
Red Hat
chromium-browser: heap overflow in pdfium
vendor_redhat·2016-08-31·CVSS 8.8
CVE-2016-5157 [HIGH] chromium-browser: heap overflow in pdfium
chromium-browser: heap overflow in pdfium
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
Red Hat
chromium-browser: heap overflow in pdfium
vendor_redhat·2016-08-31·CVSS 8.8
CVE-2016-5152 [HIGH] chromium-browser: heap overflow in pdfium
chromium-browser: heap overflow in pdfium
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Package: openjpeg (Red Hat Enterprise Linux 5) - Not affected
Package: openjpeg (Red Hat Enterprise Linux 6) - Not affected
Package: openjpeg (Red Hat Enterprise Linux 7) - Not affected
Red Hat
openjpeg: Heap overflow in parsing of JPEG2000 precincts
vendor_redhat·2016-08-03·CVSS 7.6
CVE-2016-5139 [HIGH] CWE-190 openjpeg: Heap overflow in parsing of JPEG2000 precincts
openjpeg: Heap overflow in parsing of JPEG2000 precincts
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating precinct data structures, which could lead to a crash, or potentially, code execution.
Red Hat
chromium-browser: Heap overflow in pdfium
vendor_redhat·2016-08-03·CVSS 9.8
CVE-2016-5140 [CRITICAL] chromium-browser: Heap overflow in pdfium
chromium-browser: Heap overflow in pdfium
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.
Red Hat
openjpeg: Heap corruption in opj_free function
vendor_redhat·2016-03-14·CVSS 5.5
CVE-2016-3182 [MEDIUM] CWE-416 openjpeg: Heap corruption in opj_free function
openjpeg: Heap corruption in opj_free function
The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.
Package: openjpeg (Red Hat Enterprise Linux 6) - Not affected
Package: openjpeg (Red Hat Enterprise Linux 7) - Not affected
Cisco
Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability
vendor_cisco·2016-02-15·CVSS 6.1
CVE-2016-1330 [MEDIUM] CWE-399 Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability
Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability
A vulnerability in the processing of Cisco Discovery Protocol (CDP) packets by Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload.
The vulnerability is due to improper processing of crafted CDP packets. An attacker could exploit this vulnerability by sending a crafted CDP packet to an affected device. An exploit could allow the attacker to cause the affected device to reload.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link: https://sec.cloudapps.cisco
Red Hat
jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
vendor_redhat·2016-01-27·CVSS 6.5
CVE-2016-2089 [MEDIUM] CWE-476 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
Package: netpbm (Red Hat Enterprise Linux 5) - Will not fix
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix
Red Hat
openjpeg: out of bounds read in opj_j2k_update_image_data
vendor_redhat·2016-01-18·CVSS 6.5
CVE-2016-1923 [MEDIUM] CWE-122 openjpeg: out of bounds read in opj_j2k_update_image_data
openjpeg: out of bounds read in opj_j2k_update_image_data
Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
Package: openjpeg (Red Hat Enterprise Linux 6) - Not affected
Package: openjpeg (Red Hat Enterprise Linux 7) - Not affected
Red Hat
jasper: out-of-bounds read in jpc_pi_nextcprl()
vendor_redhat·2016-01-13·CVSS 6.5
CVE-2016-1867 [MEDIUM] CWE-125 jasper: out-of-bounds read in jpc_pi_nextcprl()
jasper: out-of-bounds read in jpc_pi_nextcprl()
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix
Cisco
Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability
vendor_cisco
CVE-2016-1330 Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability
CVE-2016-1330: Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability
A vulnerability in the processing of Cisco Discovery Protocol (CDP) packets by Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to improper processing of crafted CDP packets. An attacker could exploit this vulnerability by sending a crafted CDP packet to an affected device. An exploit could allow the attacker to cause the affected device to reload. Cisco has not released software updates that address this vulnerability. There are no
CWE: CWE-399, CWE-399
Bug IDs: CSCuy27746
No detection rules found.
Bugzilla
CVE-2016-9600 jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
bugzilla·2017-01-04·CVSS 6.5
CVE-2016-9600 [MEDIUM] CVE-2016-9600 jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
CVE-2016-9600 jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
A null pointer dereference was found in the way JasPer decoded certaion JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
Upstream bug:
https://github.com/mdadams/jasper/issues/109
Upstream fix:
https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846
Discussion:
Acknowledgments:
Name: Liu Bingchang (IIE)
---
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1406407]
Affects: epel-7 [bug 1406409]
---
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1406408]
Affects: epel-5 [bug 1406406]
---
The fix was applied upstream in version 2.0.10.
The impact of this flaw is limi
Bugzilla
CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
bugzilla·2016-01-28·CVSS 6.5
CVE-2016-2089 [MEDIUM] CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip()
A vulnerability was found in the way the JasPer's jas_matrix_clip() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
Original bug report (with reproducer attached):
http://seclists.org/oss-sec/2016/q1/233
CVE assignment:
http://seclists.org/oss-sec/2016/q1/235
Discussion:
Created mingw-jasper tracking bugs for this issue:
Affects: epel-7 [bug 1302638]
Affects: fedora-all [bug 1302640]
---
Created jasper tracking bugs for this issue:
Affects: epel-5 [bug 1302637]
Affects: fedora-all [bug 1302639]
---
Created attachment 1119177
Proposed patch to fix unchecked pointer dereferencing and reading of first elements of empty arrays
Bugzilla
CVE-2016-1924 openjpeg: out of bounds read in opj_tgt_reset
bugzilla·2016-01-19·CVSS 6.5
CVE-2016-1924 [MEDIUM] CVE-2016-1924 openjpeg: out of bounds read in opj_tgt_reset
CVE-2016-1924 openjpeg: out of bounds read in opj_tgt_reset
A vulnerability was found in a way OpenJpeg parses certain JPEG 2000 image files. While parsing a specially crafted file, function opj_tgt_reset can cause a segmentation fault.
Original source with reproducer attached:
http://seclists.org/oss-sec/2016/q1/128
Discussion:
Created openjpeg tracking bugs for this issue:
Affects: fedora-all [bug 1299775]
Affects: epel-6 [bug 1299777]
Affects: epel-7 [bug 1299778]
---
Created mingw-openjpeg tracking bugs for this issue:
Affects: fedora-all [bug 1299776]
---
The functions affected by the vulnerability do not exist in openjpeg 1.x, so this is actually NOTABUG. What is the correct way to close this bug and dependent bugs?
---
Closing since this vulnerability does not affect op
Bugzilla
CVE-2015-8751 jasper: integer overflow in the jas_matrix_create() function
bugzilla·2016-01-08·CVSS 9.3
CVE-2015-8751 [CRITICAL] CVE-2015-8751 jasper: integer overflow in the jas_matrix_create() function
CVE-2015-8751 jasper: integer overflow in the jas_matrix_create() function
An integer overflow flaw was found in the way the JasPer's library jas_matrix_create() function parsed certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
This was originally filed against Fedora as bug 1294039, which includes a PoC for this issue.
CVE assignment:
http://seclists.org/oss-sec/2016/q1/44
Discussion:
Created mingw-jasper tracking bugs for this issue:
Affects: fedora-all [bug 1296951]
Affects: epel-7 [bug 1296953]
---
Created jasper tracking bugs for this issue:
Affects: fedora-all [bug 1294039]
Affects: epel-5 [bug 1296952]
---
This was fixed upstream in 1.900.4, see bug 461476 comment 23.
---
Statement:
This issue did not affect the
2016-04-05
Published