FreeBSD : graphite2 -- multiple vulnerabilities (adffe823-e692-4921-ae9c-0b825c218372)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Mozilla Foundation reports :

Security researcher Holger Fuhrmannek and Mozilla security engineer
Tyson Smith reported a number of security vulnerabilities in the
Graphite 2 library affecting version 1.3.5.

The issue reported by Holger Fuhrmannek is a mechanism to induce stack
corruption with a malicious graphite font. This leads to a potentially
exploitable crash when the font is loaded.

Tyson Smith used the Address Sanitizer tool in concert with a custom
software fuzzer to find a series of uninitialized memory,
out-of-bounds read, and out-of-bounds write errors when working with
fuzzed graphite fonts.

Security researcher James Clawson used the Address Sanitizer tool to
discover an out-of-bounds write in the Graphite 2 library when loading
a crafted Graphite font file. This results in a potentially
exploitable crash.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now