Executive Summary
Summary | |
---|---|
Title | New libpng, libpng3 packages fix multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-536 | First vendor Publication | 2004-08-04 |
Vendor | Debian | Last vendor Modification | 2004-08-04 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Chris Evans discovered several vulnerabilities in libpng: CAN-2004-0597 - Multiple buffer overflows exist, including when handling transparency chunk data, which could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed CAN-2004-0598 - Multiple NULL pointer dereferences in png_handle_iCPP() and elsewhere could be exploited to cause an application to crash when a specially crafted PNG image is processed CAN-2004-0599 - Multiple integer overflows in png_handle_sPLT(), png_read_png() nctions and elsewhere could be exploited to cause an application to crash, or potentially arbitrary code to be executed, when a specially crafted PNG image is processed In addition, a bug related to CAN-2002-1363 was fixed: CAN-2004-0768 - A buffer overflow could be caused by incorrect calculation of buffer offsets, possibly leading to the execution of arbitrary code For the current stable distribution (woody), these problems have been fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version 1.0.12-3.woody.7. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you update your libpng and libpng3 packages. |
Original Source
Url : http://www.debian.org/security/2004/dsa-536 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10083 | |||
Oval ID: | oval:org.mitre.oval:def:10083 | ||
Title: | Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. | ||
Description: | Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-1363 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10203 | |||
Oval ID: | oval:org.mitre.oval:def:10203 | ||
Title: | The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. | ||
Description: | The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0598 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10938 | |||
Oval ID: | oval:org.mitre.oval:def:10938 | ||
Title: | Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. | ||
Description: | Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0599 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11284 | |||
Oval ID: | oval:org.mitre.oval:def:11284 | ||
Title: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1479 | |||
Oval ID: | oval:org.mitre.oval:def:1479 | ||
Title: | Integer Overflow in libpng via Malformed PNG Image | ||
Description: | Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0599 | Version: | 1 |
Platform(s): | Sun Solaris 7 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2274 | |||
Oval ID: | oval:org.mitre.oval:def:2274 | ||
Title: | Windows Messenger 5 libpng Buffer Overflow | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Data Access Components 2.8 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2378 | |||
Oval ID: | oval:org.mitre.oval:def:2378 | ||
Title: | Multiple Buffer Overflows in libpng | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 1 |
Platform(s): | Sun Solaris 7 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2572 | |||
Oval ID: | oval:org.mitre.oval:def:2572 | ||
Title: | DoS Vulnerability in libpng function png_handle_iCCP() | ||
Description: | The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0598 | Version: | 1 |
Platform(s): | Sun Solaris 7 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3657 | |||
Oval ID: | oval:org.mitre.oval:def:3657 | ||
Title: | Portable Network Graphics Library Offset Calculation Vulnerability | ||
Description: | Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2002-1363 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4492 | |||
Oval ID: | oval:org.mitre.oval:def:4492 | ||
Title: | Adobe Acrobat Reader libpng Buffer Overflow | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 2 |
Platform(s): | Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Adobe Acrobat Reader |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:594 | |||
Oval ID: | oval:org.mitre.oval:def:594 | ||
Title: | Windows Messenger 6 libpng Buffer Overflow | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | MSN Messenger |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7709 | |||
Oval ID: | oval:org.mitre.oval:def:7709 | ||
Title: | libpng buffer overflow | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 9 |
Platform(s): | Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 | Product(s): | MSN Messenger 4.7 MSN Messenger 6.1 MSN Messenger 6.2 Adobe Acrobat Reader |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-12-23 | Name : Gentoo Security Advisory GLSA 200812-15 (povray) File : nvt/glsa_200812_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-06 (libpng) File : nvt/glsa_200407_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-03 (libpng) File : nvt/glsa_200408_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-22 (mozilla) File : nvt/glsa_200408_22.nasl |
2008-09-04 | Name : FreeBSD Ports: ImageMagick, ImageMagick-nox11 File : nvt/freebsd_ImageMagick3.nasl |
2008-09-04 | Name : FreeBSD Ports: png File : nvt/freebsd_png.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 213-1 (libpng, libpng3) File : nvt/deb_213_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 536-1 (libpng) File : nvt/deb_536_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 570-1 (libpng) File : nvt/deb_570_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 571-1 (libpng3) File : nvt/deb_571_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-222-01 libpng File : nvt/esoft_slk_ssa_2004_222_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-223-01 Mozilla File : nvt/esoft_slk_ssa_2004_223_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-223-02 imagemagick File : nvt/esoft_slk_ssa_2004_223_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10711 | libpng Buffer Offset Multiple Unspecified Remote Overflows |
8326 | libpng png_handle_tRNS Remote Overflow A remote overflow exists in libpng. The library function png_handle_tRNS fails to perform a length check on PNG images resulting in a buffer overflow. With a specially crafted PNG file, an attacker can cause the execution of code resulting in a loss of integrity. |
8316 | libpng pngrutil.c Multiple Function Progressive Display Image Reading Overflow A potential local integer overflow exists in libpng. The library function png_push_read_chunk contains code that might be susceptible to integer overflows. It is currently unknown how dangerous this code might be. With a specially crafted request, an attacker might cause crashes or execution of code resulting in a loss of availability. |
8315 | libpng png_read_png Integer Overflow A local overflow exists in libpng. The library function png_read_png fails to validate the height of input PNG files resulting in a possible integer overflow. With a specially crafted request, an attacker might cause a crash of the applicatioin resulting in a loss of availability. |
8314 | libpng png_handle_sPLT Local Overflow A local overflow exists in libpng. The library function png_handle_sPLT fails to validate input resulting in a possible integer overflow. With a specially crafted request, an attacker might theoretically cause execution of code resulting in a loss of integrity. |
8313 | libpng png_handle_iCCP() Function NULL Pointer Dereference DoS A local overflow exists in libpng. The library function png_handle_iCCP fails to validate the input length from PNG files resulting in a possible NULL-pointer being referenced. With a specially crafted request, an attacker can cause denial of service which might result in a loss of availability for the application. |
8312 | libpng png_handle_sBIT() Local Overflow A local overflow exists in libpng. The library function png_handle_sBIT relies on checks in other functions to perform input validation resulting in a possible buffer overflow. With a specially crafted PNG file, an attacker might cause execution of code resulting in a loss of integrity. |
7191 | Portable Network Graphics Libraries libpng Row Buffer Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Multiple Products PNG large image height download attempt RuleID : 3133-community - Revision : 15 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Multiple Products PNG large image height download attempt RuleID : 3133 - Revision : 15 - Type : FILE-IMAGE |
2014-01-10 | libpng tRNS overflow attempt RuleID : 2673-community - Revision : 12 - Type : FILE-IMAGE |
2014-01-10 | libpng tRNS overflow attempt RuleID : 2673 - Revision : 12 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f9e3e60be65011d89b0a000347a4fa7d.nasl - Type : ACT_GATHER_INFO |
2008-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-15.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-213.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-212.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-223-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-222-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-223-02.nasl - Type : ACT_GATHER_INFO |
2005-02-08 | Name : Arbitrary code can be executed on the remote host through the Media Player. File : smb_nt_ms05-009.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-571.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-570.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-536.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-213.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200407-06.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200408-03.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200408-22.nasl - Type : ACT_GATHER_INFO |
2004-08-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-079.nasl - Type : ACT_GATHER_INFO |
2004-08-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-082.nasl - Type : ACT_GATHER_INFO |
2004-08-10 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20040809.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-236.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-421.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-402.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-239.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-238.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-237.nasl - Type : ACT_GATHER_INFO |
2004-08-04 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_023.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-063.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-008.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_0004.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-007.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2003-119.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-249.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote host is using an unsupported version of Mac OS X. File : macosx_version.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:24 |
|
2013-05-11 12:18:38 |
|