FreeBSD : tiff -- buffer overflow vulnerability (313da7dc-763b-11df-bcce-0018f3e2eb82)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Kevin Finisterre reports :

Multiple integer overflows in the handling of TIFF files may result in
a heap buffer overflow. Opening a maliciously crafted TIFF file may
lead to an unexpected application termination or arbitrary code
execution. The issues are addressed through improved bounds checking.
Credit to Kevin Finisterre of digitalmunition.com for reporting these
issues.

See also :

http://www.remotesensing.org/libtiff/v3.9.3.html
http://support.apple.com/kb/HT4196
http://www.nessus.org/u?0d3ea735

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 46876 (freebsd_pkg_313da7dc763b11dfbcce0018f3e2eb82.nasl)

Bugtraq ID:

CVE ID: CVE-2010-1411

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now