This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote OracleVM host is missing a security update.
The remote OracleVM system is missing necessary patches to address
critical security updates :
CVE-2009-0946 Multiple integer overflows in FreeType 2.3.9 and earlier
allow remote attackers to execute arbitrary code via vectors related
to large values in certain inputs in (1) smooth/ftsmooth.c, (2)
sfnt/ttcmap.c, and (3) cff/cffload.c.
CVE-2008-1806 Integer overflow in FreeType2 before 2.3.6 allows
context-dependent attackers to execute arbitrary code via a crafted
set of 16-bit length values within the Private dictionary table in a
Printer Font Binary (PFB) file, which triggers a heap-based buffer
CVE-2008-1807 FreeType2 before 2.3.6 allow context-dependent attackers
to execute arbitrary code via an invalid 'number of axes' field in a
Printer Font Binary (PFB) file, which triggers a free of arbitrary
memory locations, leading to memory corruption.
CVE-2008-1808 Multiple off-by-one errors in FreeType2 before 2.3.6
allow context-dependent attackers to execute arbitrary code via (1) a
crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC
instruction in a TrueType Font (TTF) file, which triggers a heap-based
- Add freetype-2009-CVEs.patch
- Resolves: #496111
- Add freetype-2.3.5-CVEs.patch
- Resolves: #450910
See also :
Update the affected freetype package.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false
Family: OracleVM Local Security Checks
Nessus Plugin ID: 79459 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now