Mandrake Linux Security Advisory : wxPythonGTK (MDKSA-2005:144)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the 'YCbCr subsampling' value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which can cause a program that uses the TIFF
library to crash.

wxPythonGTK uses an embedded libtiff source tree, and as such has the
same vulnerability.

The updated packages have been rebuilt using the system libraries and
should now incorporate all the updates to libjpeg, libpng, libtiff and
zlib.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 19901 (mandrake_MDKSA-2005-144.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2452

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now