FreeBSD : libtremor -- multiple vulnerabilities (3dac84c9-bce1-4199-9784-d68af1eb7b2e)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The RedHat Project reports :

Will Drewry of the Google Security Team reported multiple issues in
OGG Vorbis and Tremor libraries, that could cause application using
those libraries to crash (NULL pointer dereference or divide by zero),
enter an infinite loop or cause heap overflow caused by integer
overflow.

See also :

http://www.nessus.org/u?2624b1eb
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=7e94eea
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=1d1f93e
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=159efc4
http://www.nessus.org/u?364845d9

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 85639 ()

Bugtraq ID:

CVE ID: CVE-2008-1418
CVE-2008-1419
CVE-2008-1420
CVE-2008-1423
CVE-2008-2009

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now