Detections
Analytics

FreeBSD : firefox -- Heap buffer overflow rasterizing paths in SVG with Skia (e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7)

high Nessus Plugin ID 110431

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Mozilla Foundation reports :

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/

http://www.nessus.org/u?05a23656

Plugin Details

Severity: High

ID: 110431

File Name: freebsd_pkg_e3e68fe8d9cb4ba8b09c9e3a28588eb7.nasl

Version: 1.3

Type: local

Published: 6/11/2018

Updated: 11/23/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:firefox-esr, p-cpe:/a:freebsd:freebsd:linux-seamonkey, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:waterfox, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/8/2018

Vulnerability Publication Date: 6/6/2018