FreeBSD : optipng -- arbitrary code execution via crafted BMP image (2bc960c4-e665-11dd-afcd-00e0815b8da8)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

A vulnerability has been reported in OptiPNG, which potentially can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the BMP reader
and can be exploited to cause a buffer overflow by tricking a user
into processing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399
http://optipng.sourceforge.net/
http://www.nessus.org/u?3d8a8de2

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35426 (freebsd_pkg_2bc960c4e66511ddafcd00e0815b8da8.nasl)

Bugtraq ID:

CVE ID: CVE-2008-5101

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now