FreeBSD : graphite2 -- out-of-bounds write with malicious font (cf133acc-82e7-4755-a66a-5ddf90dacbe6)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Mozilla Foundation reports :

An out-of-bounds write in the Graphite 2 library triggered with a
maliciously crafted Graphite font. This results in a potentially
exploitable crash. This issue was fixed in the Graphite 2 library as
well as Mozilla products.

See also :

https://github.com/silnrsi/graphite/commit/1ce331d5548b
http://www.nessus.org/u?0d749bbc

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 99557 ()

Bugtraq ID:

CVE ID: CVE-2017-5436

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now