FreeBSD : freetype -- LWFN Files Buffer Overflow Vulnerability (b975763f-5210-11db-8f1a-000a48049292)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

SecurityTracker reports :

A vulnerability was reported in FreeType. A remote user can cause
arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted font file that, when
loaded by the target user's system, will trigger an integer underflow
or integer overflow and crash the application or execute arbitrary
code on the target system.

Chris Evans reported these vulnerabilities.

Impact: A remote user can create a file that, when loaded by the
target user, will execute arbitrary code on the target user's system.

See also :

http://securitytracker.com/alerts/2006/Jul/1016522.html
http://www.nessus.org/u?b3b5550c

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22503 (freebsd_pkg_b975763f521011db8f1a000a48049292.nasl)

Bugtraq ID: 18034

CVE ID: CVE-2006-0747
CVE-2006-1861
CVE-2006-3467

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now