FreeBSD : optipng -- arbitrary code execution via crafted BMP image (2bc960c4-e665-11dd-afcd-00e0815b8da8)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

A vulnerability has been reported in OptiPNG, which potentially can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the BMP reader
and can be exploited to cause a buffer overflow by tricking a user
into processing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.

See also :

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35426 (freebsd_pkg_2bc960c4e66511ddafcd00e0815b8da8.nasl)

Bugtraq ID:

CVE ID: CVE-2008-5101

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now