GLSA-201010-01Executive Summary
| Summary | |
|---|---|
| Title | Libpng: Multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | GLSA-201010-01 | First vendor Publication | 2010-10-05 |
| Vendor | Gentoo | Last vendor Modification | 2010-10-05 |
| Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Synopsis Multiple vulnerabilities in libpng might lead to privilege escalation or a Denial of Service. Background libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes. Description Multiple vulnerabilities were found in libpng: * The png_decompress_chunk() function in pngrutil.c does not properly handle certain type of compressed data (CVE-2010-0205) * A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205) * A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249) Impact An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user. Workaround There is no known workaround at this time. Resolution All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3" References [ 1 ] CVE-2010-0205 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 [ 2 ] CVE-2010-1205 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 [ 3 ] CVE-2010-2249 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201010-01.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-201010-01.xml |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-399 | Resource Management Errors |
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11851 | |||
| Oval ID: | oval:org.mitre.oval:def:11851 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability | ||
| Description: | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1205 |
Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 |
Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-07-20 | libpng <= 1.4.2 Denial of Service Vulnerability |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 66600 | Mozilla Multiple Products PNG File Handling Overflow |
| 65853 | libpng pngrutil.c sCAL Chunk Memory Corruption DoS |
| 65852 | libpng pngpread.c PNG Image Data Height Overflow |
| 62670 | libpng pngrutil.c png_decompress_chunk Function Ancillary Chunks PNG File Dec... |
(High)
(Medium)
