FreeBSD Local Security Checks : FreeBSD Ports: sdl

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60950

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: sdl_image

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: sdl_image

CVE-2007-6697
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image
before 1.2.7 allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
GIF file, a similar issue to CVE-2006-4484. NOTE: some of these
details are obtained from third party information.

CVE-2008-0544
Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c
in SDL_image before 1.2.7 allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted IFF ILBM file. NOTE: some of these details are obtained from
third party information.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-6697
BugTraq ID: 27417
http://www.securityfocus.com/bid/27417
Bugtraq: 20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=120110205511630&w=2
Bugtraq: 20080213 rPSA-2008-0061-1 SDL_image (Google Search)
http://www.securityfocus.com/archive/1/488079/100/0/threaded
Debian Security Information: DSA-1493 (Google Search)
http://www.debian.org/security/2008/dsa-1493
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html
http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:040
http://vexillium.org/?sec-sdlgif
http://secunia.com/advisories/28640
http://secunia.com/advisories/28752
http://secunia.com/advisories/28830
http://secunia.com/advisories/28837
http://secunia.com/advisories/28850
http://secunia.com/advisories/28869
http://secunia.com/advisories/29542
http://www.ubuntu.com/usn/usn-595-1
http://www.vupen.com/english/advisories/2008/0266
XForce ISS Database: sdlimage-gif-bo(39865)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39865
Common Vulnerability Exposure (CVE) ID: CVE-2008-0544
BugTraq ID: 27435
http://www.securityfocus.com/bid/27435
XForce ISS Database: sdlimage-imgloadlbmrw-bo(39899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39899

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60950
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: sdl_image
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: sdl_image CVE-2007-6697 Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information. CVE-2008-0544 Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6697 BugTraq ID: 27417 http://www.securityfocus.com/bid/27417 Bugtraq: 20080123 SDL_Image 1.2.6 and prior GIF handling buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=120110205511630&w=2 Bugtraq: 20080213 rPSA-2008-0061-1 SDL_image (Google Search) http://www.securityfocus.com/archive/1/488079/100/0/threaded Debian Security Information: DSA-1493 (Google Search) http://www.debian.org/security/2008/dsa-1493 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00008.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00039.html http://www.gentoo.org/security/en/glsa/glsa-200802-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:040 http://vexillium.org/?sec-sdlgif http://secunia.com/advisories/28640 http://secunia.com/advisories/28752 http://secunia.com/advisories/28830 http://secunia.com/advisories/28837 http://secunia.com/advisories/28850 http://secunia.com/advisories/28869 http://secunia.com/advisories/29542 http://www.ubuntu.com/usn/usn-595-1 http://www.vupen.com/english/advisories/2008/0266 XForce ISS Database: sdlimage-gif-bo(39865) https://exchange.xforce.ibmcloud.com/vulnerabilities/39865 Common Vulnerability Exposure (CVE) ID: CVE-2008-0544 BugTraq ID: 27435 http://www.securityfocus.com/bid/27435 XForce ISS Database: sdlimage-imgloadlbmrw-bo(39899) https://exchange.xforce.ibmcloud.com/vulnerabilities/39899
Copyright	Copyright (C) 2008 E-Soft Inc.