FreeBSD : xpdf -- multiple vulnerabilities (a21037d5-2c38-11de-ab3b-0017a4cccfc6)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Some vulnerabilities have been reported in Xpdf, which can be
exploited by malicious people to potentially compromise a user's
system.

A boundary error exists when decoding JBIG2 symbol dictionary
segments. This can be exploited to cause a heap-based buffer overflow
and potentially execute arbitrary code.

Multiple integer overflows in the JBIG2 decoder can be exploited to
potentially execute arbitrary code.

Multiple boundary errors in the JBIG2 decoder can be exploited to
cause buffer overflows and potentially execute arbitrary code.

Multiple errors in the JBIG2 decoder can be exploited can be exploited
to free arbitrary memory and potentially execute arbitrary code.

Multiple unspecified input validation errors in the JBIG2 decoder can
be exploited to potentially execute arbitrary code.

See also :

http://www.vupen.com/english/advisories/2009/1065
http://www.nessus.org/u?5f2cd6c4

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36193 (freebsd_pkg_a21037d52c3811deab3b0017a4cccfc6.nasl)

Bugtraq ID:

CVE ID: CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now