Mandriva Linux Security Advisory : SDL_image (MDVSA-2008:040)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain
a boundary error that could be triggered to cause a static buffer
overflow and a heap-based buffer overflow. If a user using an
application linked against the SDL_image library were to open a
carefully crafted GIF or IFF ILBM file, the application could crash or
possibly allow for the execution of arbitrary code.

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36980 (mandriva_MDVSA-2008-040.nasl)

Bugtraq ID: 27417
27435

CVE ID: CVE-2007-6697
CVE-2008-0544

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now