This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Solaris system is missing a security patch for third-party
The remote Solaris system is missing necessary patches to address
security updates :
- Integer signedness error in the TIFFReadDirectory
function in tif_dirread.c in libtiff 3.9.4 and earlier
allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code
via a negative tile depth in a tiff image, which
triggers an improper conversion between signed and
unsigned types, leading to a heap-based buffer overflow.
- Multiple integer overflows in tiff2pdf in libtiff before
4.0.2 allow remote attackers to cause a denial of
service (application crash) or possibly execute
arbitrary code via a crafted tiff image, which triggers
a heap-based buffer overflow. (CVE-2012-2113)
See also :
Upgrade to Solaris 11/11 SRU 10.5.
Risk factor :
High / CVSS Base Score : 7.5