FreeBSD : qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling (5713bfda-e27d-11e4-b2ce-5453ed2e2b49)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Richard J. Moore reports :

Due to two recent vulnerabilities identified in the built-in image
format handling code, it was decided that this area required further
testing to determine if further issues remained. Fuzzing using
afl-fuzz located a number of issues in the handling of BMP, ICO and
GIF files. The issues exposed included denial of service and buffer
overflows leading to heap corruption. It is possible the latter could
be used to perform remote code execution.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 82786 ()

Bugtraq ID:

CVE ID: CVE-2015-1858

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now