FreeBSD : librsvg2 -- denial of service vulnerability (d6c51737-a84b-11e5-8f5c-002590263bf5)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Adam Maris, Red Hat Product Security, reports :

CVE-2015-7558: Stack exhaustion due to cyclic dependency causing to
crash an application was found in librsvg2 while parsing SVG file. It
has been fixed in 2.40.12 by many commits that has rewritten the
checks for cyclic references.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205502
http://www.openwall.com/lists/oss-security/2015/12/21/5
https://bugzilla.redhat.com/1268243
http://www.nessus.org/u?3a67645d

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87543 ()

Bugtraq ID:

CVE ID: CVE-2015-7558

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now