Detections
Analytics

FreeBSD : OpenEXR -- heap buffer overflow in internal_huf_decompress (06428d91-152e-11ee-8b14-dbdd62da85fb)

high Nessus Plugin ID 177673

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 06428d91-152e-11ee-8b14-dbdd62da85fb advisory.

 - oss-fuzz reports: heap buffer overflow in internal_huf_decompress. Cary Phillips reports: v3.1.9 - Patch release that addresses [...] also OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress Kimball Thurston reports: Fix scenario where malformed dwa file could read past end of buffer - fixes OSS-Fuzz 59382 (06428d91-152e-11ee-8b14-dbdd62da85fb)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382

http://www.nessus.org/u?7b42b093

https://github.com/AcademySoftwareFoundation/openexr/pull/1439

http://www.nessus.org/u?e9756e01

http://www.nessus.org/u?818a593b

Plugin Details

Severity: High

ID: 177673

File Name: freebsd_pkg_06428d91152e11ee8b14dbdd62da85fb.nasl

Version: 1.0

Type: local

Published: 6/28/2023

Updated: 6/28/2023

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openexr, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 6/27/2023

Vulnerability Publication Date: 5/28/2023