FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)
Medium Nessus Plugin ID 92905
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference.
A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. [CVE-2013-7345]
A malicious input file could trigger infinite recursion in libmagic(3). [CVE-2014-1943]
A specifically crafted Portable Executable (PE) can trigger out-of-bounds read. [CVE-2014-2270] Impact : An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can the application to crash or consume excessive CPU resources, resulting in a denial-of-service.
SolutionUpdate the affected packages.