FreeBSD : qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling (5713bfda-e27d-11e4-b2ce-5453ed2e2b49)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Richard J. Moore reports :

Due to two recent vulnerabilities identified in the built-in image
format handling code, it was decided that this area required further
testing to determine if further issues remained. Fuzzing using
afl-fuzz located a number of issues in the handling of BMP, ICO and
GIF files. The issues exposed included denial of service and buffer
overflows leading to heap corruption. It is possible the latter could
be used to perform remote code execution.

See also :

http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
http://www.nessus.org/u?9d284eef

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 82786 ()

Bugtraq ID:

CVE ID: CVE-2015-1858
CVE-2015-1859
CVE-2015-1860

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now