FreeBSD : zgv, xzgv -- heap overflow vulnerability (a813a219-d2d4-11da-a672-000e0c2e438a)
High Nessus Plugin ID 22518
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionGentoo reports :
Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap allocated buffer.
An attacker may be able to construct a malicious image that executes arbitrary code with the permissions of the xzgv or zgv user when attempting to render the image.
SolutionUpdate the affected packages.