This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Solaris system is missing a security patch for third-party
The remote Solaris system is missing necessary patches to address
security updates :
- The RenderV2ToFile function in tag_file.cpp in id3lib
(aka libid3) 3.8.3 allows local users to overwrite
arbitrary files via a symlink attack on a temporary file
whose name is constructed from the name of a file being
- poppler before 0.22.1 allows context-dependent attackers
to cause a denial of service (crash) and possibly
execute arbitrary code via vectors that trigger an
'invalid memory access' in (1) splash/Splash.cc, (2)
poppler/Function.cc, and (3) poppler/Stream.cc.
- splash/Splash.cc in poppler before 0.22.1 allows
context-dependent attackers to cause a denial of service
(NULL pointer dereference and crash) via vectors related
to the (1) Splash::arbitraryTransformMask, (2)
Splash::blitMask, and (3) Splash::scaleMaskYuXu
- poppler/Stream.cc in poppler before 0.22.1 allows
context-dependent attackers to have an unspecified
impact via vectors that trigger a read of uninitialized
memory by the CCITTFaxStream::lookChar function.
See also :
Upgrade to Solaris 18.104.22.168.0.
Risk factor :
High / CVSS Base Score : 7.2