Detections
Analytics

FreeBSD : zgv -- exploitable heap overflows (249a8c42-6973-11d9-ae49-000c41e2cdad)

critical Nessus Plugin ID 18873

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

infamous41md reports :

zgv uses malloc() frequently to allocate memory for storing image data. When calculating how much to allocate, user-supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small buffers to be allocated. Then we can overflow the buffer, and eventually execute code. There are a total of 11 overflows that are exploitable to execute arbitrary code.

These bugs exist in both zgv and xzgv.

Solution

Update the affected packages.

See Also

https://marc.info/?l=bugtraq&m=109886210702781

https://marc.info/?l=bugtraq&m=109898111915661

http://www.nessus.org/u?ff8096ed

http://www.svgalib.org/rus/zgv/

http://www.nessus.org/u?344a1818

http://www.nessus.org/u?c48dcc4d

Plugin Details

Severity: Critical

ID: 18873

File Name: freebsd_pkg_249a8c42697311d9ae49000c41e2cdad.nasl

Version: 1.23

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xzgv, p-cpe:/a:freebsd:freebsd:zgv, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/18/2005

Vulnerability Publication Date: 10/26/2004

Reference Information

CVE: CVE-2004-0994