Lucene search

K

Debian DLA-2035-1 : libpgf security update

Issue in libpgf library leads to use-after-free vulnerabilit

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus
Ubuntu 16.04 LTS : libPGF vulnerability (USN-4554-1)
28 Sep 202000:00
nessus
Tenable Nessus
FreeBSD : libpgf -- use-after-free (9a71953a-474a-11e5-adde-14dae9d210b8)
21 Aug 201500:00
nessus
Prion
Design/Logic Flaw
20 Sep 201718:29
prion
UbuntuCve
CVE-2015-6673
20 Sep 201700:00
ubuntucve
CVE
CVE-2015-6673
20 Sep 201718:29
cve
Debian
[SECURITY] [DLA 2035-1] libpgf security update
15 Dec 201922:52
debian
Debian CVE
CVE-2015-6673
20 Sep 201718:29
debiancve
Mageia
Updated libpgf packages fix security vulnerability
5 Jan 201921:30
mageia
OpenVAS
Ubuntu: Security Advisory (USN-4554-1)
29 Sep 202000:00
openvas
OpenVAS
Debian: Security Advisory (DLA-2035-1)
16 Dec 201900:00
openvas
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2035-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(132060);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/04");

  script_cve_id("CVE-2015-6673");

  script_name(english:"Debian DLA-2035-1 : libpgf security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"An issue has been found in libpgf, a library to handle Progressive
Graphics File (PGF).

Due to lack of validation of ColorTableSize, a use-after-free issue
might appear in Decoder.cpp

For Debian 8 'Jessie', this problem has been fixed in version
6.14.12-3+deb8u1.

We recommend that you upgrade your libpgf packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/12/msg00017.html");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/libpgf");
  script_set_attribute(attribute:"solution", value:
"Upgrade the affected libpgf-dev, libpgf6, and libpgf6-dbg packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6673");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpgf-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpgf6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpgf6-dbg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libpgf-dev", reference:"6.14.12-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libpgf6", reference:"6.14.12-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libpgf6-dbg", reference:"6.14.12-3+deb8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
16 Dec 2019 00:00Current
9.5High risk
Vulners AI Score9.5
CVSS27.5
CVSS39.8
EPSS0.006
23
.json
Report