FreeBSD : p5-Imager -- possibly exploitable buffer overflow (632c98be-aad2-4af2-849f-41a6862afd6a)
Critical Nessus Plugin ID 25130
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionImager 0.56 and all earlier versions with BMP support have a security issue when reading compressed 8-bit per pixel BMP files where either a compressed run of data or a literal run of data overflows the scan-line.
Such an overflow causes a buffer overflow in a malloc() allocated memory buffer, possibly corrupting the memory arena headers.
The effect depends on your system memory allocator, with glibc this typically results in an abort, but with other memory allocators it may be possible to cause local code execution.
SolutionUpdate the affected package.