This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Solaris system is missing a security patch for third-party
The remote Solaris system is missing necessary patches to address
security updates :
- The t2p_read_tiff_init function in tiff2pdf
(tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not
properly initialize the T2P context struct pointer in
certain error conditions, which allows context-dependent
attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted TIFF image
that triggers a heap-based buffer overflow.
See also :
Upgrade to Solaris 11/11 SRU 12.4.
Risk factor :
Medium / CVSS Base Score : 6.8