Detections
Analytics

FreeBSD : OpenEXR/ilmbase 2.5.2 -- patch release with various bug/security fixes (714e6c35-c75b-11ea-aa29-d74973d1f9f3)

high Nessus Plugin ID 138582

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Cary Phillips reports :

openexr 2.5.2 [is a p]atch release with various bug/security and build/install fixes :

- Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile()

- Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize()

- Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile()

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?606804da

http://www.nessus.org/u?633dc25d

Plugin Details

Severity: High

ID: 138582

File Name: freebsd_pkg_714e6c35c75b11eaaa29d74973d1f9f3.nasl

Version: 1.1

Type: local

Published: 7/17/2020

Updated: 7/17/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ilmbase, p-cpe:/a:freebsd:freebsd:openexr, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/16/2020

Vulnerability Publication Date: 5/18/2020