Executive Summary
Summary | |
---|---|
Title | libpng security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0534 | First vendor Publication | 2010-07-14 |
Vendor | RedHat | Last vendor Modification | 2010-07-14 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially-crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially-crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 504782 - CVE-2009-2042 libpng: Interlaced Images Information Disclosure Vulnerability 566234 - CVE-2010-0205 libpng: excessive memory consumption due to highly compressed huge ancillary chunk 608238 - CVE-2010-1205 libpng: out-of-bounds memory write 608644 - CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0534.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
25 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
25 % | CWE-200 | Information Exposure |
25 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11512 | |||
Oval ID: | oval:org.mitre.oval:def:11512 | ||
Title: | DSA-2072 libpng -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service via a PNG image containing malformed Physical Scale chunks. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2072 CVE-2010-1205 CVE-2010-2249 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11851 | |||
Oval ID: | oval:org.mitre.oval:def:11851 | ||
Title: | Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1205 | Version: | 25 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12991 | |||
Oval ID: | oval:org.mitre.oval:def:12991 | ||
Title: | USN-913-1 -- libpng vulnerabilities | ||
Description: | It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that libpng did not properly handle certain excessively compressed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-913-1 CVE-2009-2042 CVE-2010-0205 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13338 | |||
Oval ID: | oval:org.mitre.oval:def:13338 | ||
Title: | DSA-2072-1 libpng -- several | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1205 It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. CVE-2010-2249 It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service via a PNG image containing malformed Physical Scale chunks For the stable distribution , these problems have been fixed in version 1.2.27-2+lenny4. For the testing and unstable distribution, these problems have been fixed in version 1.2.44-1 We recommend that you upgrade your libpng package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2072-1 CVE-2010-1205 CVE-2010-2249 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13405 | |||
Oval ID: | oval:org.mitre.oval:def:13405 | ||
Title: | USN-960-1 -- libpng vulnerabilities | ||
Description: | It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-960-1 CVE-2010-1205 CVE-2010-2249 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13510 | |||
Oval ID: | oval:org.mitre.oval:def:13510 | ||
Title: | DSA-2032-1 libpng -- several | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2042 libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialised bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. CVE-2010-0205 libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service via a crafted PNG file For the stable distribution, these problems have been fixed in version 1.2.27-2+lenny3. For the testing and unstable distribution, these problems have been fixed in version 1.2.43-1 We recommend that you upgrade your libpng package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2032-1 CVE-2009-2042 CVE-2010-0205 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22383 | |||
Oval ID: | oval:org.mitre.oval:def:22383 | ||
Title: | RHSA-2010:0534: libpng security update (Important) | ||
Description: | Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0534-01 CESA-2010:0534 CVE-2009-2042 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libpng libpng10 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23184 | |||
Oval ID: | oval:org.mitre.oval:def:23184 | ||
Title: | ELSA-2010:0534: libpng security update (Important) | ||
Description: | Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0534-01 CVE-2009-2042 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | libpng libpng10 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7103 | |||
Oval ID: | oval:org.mitre.oval:def:7103 | ||
Title: | DSA-2032 libpng -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialised bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service via a crafted PNG file | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2032 CVE-2009-2042 CVE-2010-0205 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-07-20 | libpng <= 1.4.2 Denial of Service Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolv... File : nvt/gb_VMSA-2010-0007.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-26 | Name : Apple iTunes Multiple Vulnerabilities (Mac OS X) File : nvt/secpod_itunes_mult_vuln_macosx.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2010:0547 centos5 i386 File : nvt/gb_CESA-2010_0547_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0545 centos5 i386 File : nvt/gb_CESA-2010_0545_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for libpng CESA-2010:0534 centos5 i386 File : nvt/gb_CESA-2010_0534_libpng_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201010-01 (libpng) File : nvt/glsa_201010_01.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2072-1 (libpng) File : nvt/deb_2072_1.nasl |
2010-08-21 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox49.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2075-1 (xulrunner) File : nvt/deb_2075_1.nasl |
2010-08-20 | Name : CentOS Update for libpng10 CESA-2010:0534 centos3 i386 File : nvt/gb_CESA-2010_0534_libpng10_centos3_i386.nasl |
2010-08-20 | Name : CentOS Update for seamonkey CESA-2010:0546 centos3 i386 File : nvt/gb_CESA-2010_0546_seamonkey_centos3_i386.nasl |
2010-08-06 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:032 File : nvt/gb_suse_2010_032.nasl |
2010-07-30 | Name : Fedora Update for mingw32-libpng FEDORA-2010-10793 File : nvt/gb_fedora_2010_10793_mingw32-libpng_fc13.nasl |
2010-07-30 | Name : Fedora Update for mingw32-libpng FEDORA-2010-10776 File : nvt/gb_fedora_2010_10776_mingw32-libpng_fc12.nasl |
2010-07-30 | Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-957-2 File : nvt/gb_ubuntu_USN_957_2.nasl |
2010-07-30 | Name : Ubuntu Update for thunderbird vulnerabilities USN-958-1 File : nvt/gb_ubuntu_USN_958_1.nasl |
2010-07-26 | Name : Ubuntu Update USN-930-5 File : nvt/gb_ubuntu_USN_930_5.nasl |
2010-07-26 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-4 File : nvt/gb_ubuntu_USN_930_4.nasl |
2010-07-26 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-957-1 File : nvt/gb_ubuntu_USN_957_1.nasl |
2010-07-23 | Name : Fedora Update for xulrunner FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_xulrunner_fc13.nasl |
2010-07-23 | Name : Fedora Update for sunbird FEDORA-2010-11361 File : nvt/gb_fedora_2010_11361_sunbird_fc12.nasl |
2010-07-23 | Name : Fedora Update for seamonkey FEDORA-2010-11363 File : nvt/gb_fedora_2010_11363_seamonkey_fc12.nasl |
2010-07-23 | Name : Fedora Update for firefox FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_firefox_fc12.nasl |
2010-07-23 | Name : Fedora Update for galeon FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_galeon_fc12.nasl |
2010-07-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_perl-Gtk2-MozEmbed_fc13.nasl |
2010-07-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_gnome-python2-extras_fc12.nasl |
2010-07-23 | Name : Fedora Update for gnome-web-photo FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_gnome-web-photo_fc12.nasl |
2010-07-23 | Name : Fedora Update for mozvoikko FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_mozvoikko_fc12.nasl |
2010-07-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_perl-Gtk2-MozEmbed_fc12.nasl |
2010-07-23 | Name : Fedora Update for thunderbird FEDORA-2010-11361 File : nvt/gb_fedora_2010_11361_thunderbird_fc12.nasl |
2010-07-23 | Name : Fedora Update for xulrunner FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_xulrunner_fc12.nasl |
2010-07-23 | Name : Fedora Update for sunbird FEDORA-2010-11379 File : nvt/gb_fedora_2010_11379_sunbird_fc13.nasl |
2010-07-23 | Name : Fedora Update for thunderbird FEDORA-2010-11379 File : nvt/gb_fedora_2010_11379_thunderbird_fc13.nasl |
2010-07-23 | Name : Fedora Update for gnome-web-photo FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_gnome-web-photo_fc13.nasl |
2010-07-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_gnome-python2-extras_fc13.nasl |
2010-07-23 | Name : Fedora Update for galeon FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_galeon_fc13.nasl |
2010-07-23 | Name : Fedora Update for firefox FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_firefox_fc13.nasl |
2010-07-23 | Name : Fedora Update for seamonkey FEDORA-2010-11327 File : nvt/gb_fedora_2010_11327_seamonkey_fc13.nasl |
2010-07-23 | Name : Fedora Update for libpng10 FEDORA-2010-10833 File : nvt/gb_fedora_2010_10833_libpng10_fc12.nasl |
2010-07-23 | Name : Fedora Update for libpng10 FEDORA-2010-10823 File : nvt/gb_fedora_2010_10823_libpng10_fc13.nasl |
2010-07-23 | Name : Fedora Update for mozvoikko FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_mozvoikko_fc13.nasl |
2010-07-23 | Name : RedHat Update for firefox RHSA-2010:0547-01 File : nvt/gb_RHSA-2010_0547-01_firefox.nasl |
2010-07-23 | Name : RedHat Update for seamonkey RHSA-2010:0546-01 File : nvt/gb_RHSA-2010_0546-01_seamonkey.nasl |
2010-07-16 | Name : Mandriva Update for libpng MDVSA-2010:133 (libpng) File : nvt/gb_mandriva_MDVSA_2010_133.nasl |
2010-07-16 | Name : RedHat Update for libpng RHSA-2010:0534-01 File : nvt/gb_RHSA-2010_0534-01_libpng.nasl |
2010-07-12 | Name : Ubuntu Update for libpng vulnerabilities USN-960-1 File : nvt/gb_ubuntu_USN_960_1.nasl |
2010-07-06 | Name : FreeBSD Ports: png File : nvt/freebsd_png4.nasl |
2010-07-06 | Name : Fedora Update for libpng FEDORA-2010-10592 File : nvt/gb_fedora_2010_10592_libpng_fc12.nasl |
2010-07-02 | Name : Fedora Update for libpng FEDORA-2010-10557 File : nvt/gb_fedora_2010_10557_libpng_fc13.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-05-04 | Name : FreeBSD Ports: png File : nvt/freebsd_png3.nasl |
2010-04-30 | Name : Mandriva Update for gdm MDVA-2010:133 (gdm) File : nvt/gb_mandriva_MDVA_2010_133.nasl |
2010-04-21 | Name : Debian Security Advisory DSA 2032-1 (libpng) File : nvt/deb_2032_1.nasl |
2010-03-31 | Name : Fedora Update for libpng FEDORA-2010-4616 File : nvt/gb_fedora_2010_4616_libpng_fc11.nasl |
2010-03-31 | Name : Fedora Update for libpng FEDORA-2010-4673 File : nvt/gb_fedora_2010_4673_libpng_fc12.nasl |
2010-03-31 | Name : Mandriva Update for libpng MDVSA-2010:063 (libpng) File : nvt/gb_mandriva_MDVSA_2010_063.nasl |
2010-03-31 | Name : Mandriva Update for libpng MDVSA-2010:064 (libpng) File : nvt/gb_mandriva_MDVSA_2010_064.nasl |
2010-03-22 | Name : Fedora Update for libpng10 FEDORA-2010-3375 File : nvt/gb_fedora_2010_3375_libpng10_fc12.nasl |
2010-03-22 | Name : Fedora Update for libpng10 FEDORA-2010-3414 File : nvt/gb_fedora_2010_3414_libpng10_fc11.nasl |
2010-03-22 | Name : Ubuntu Update for libpng vulnerabilities USN-913-1 File : nvt/gb_ubuntu_USN_913_1.nasl |
2010-02-19 | Name : Mandriva Update for pptp-linux MDVA-2010:064 (pptp-linux) File : nvt/gb_mandriva_MDVA_2010_064.nasl |
2010-02-19 | Name : Mandriva Update for totem MDVA-2010:063 (totem) File : nvt/gb_mandriva_MDVA_2010_063.nasl |
2009-10-13 | Name : SLES10: Security update for libpng File : nvt/sles10_libpng1.nasl |
2009-10-11 | Name : SLES11: Security update for libpng File : nvt/sles11_libpng12-00.nasl |
2009-10-10 | Name : SLES9: Security update for libpng File : nvt/sles9p5053577.nasl |
2009-07-29 | Name : SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client) File : nvt/suse_sa_2009_037.nasl |
2009-06-30 | Name : Gentoo Security Advisory GLSA 200906-01 (libpng) File : nvt/glsa_200906_01.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6531 (libpng) File : nvt/fcore_2009_6531.nasl |
2009-06-23 | Name : Fedora Core 11 FEDORA-2009-6506 (libpng) File : nvt/fcore_2009_6506.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6400 (mingw32-libpng) File : nvt/fcore_2009_6400.nasl |
2009-06-23 | Name : Fedora Core 11 FEDORA-2009-5977 (mingw32-libpng) File : nvt/fcore_2009_5977.nasl |
2009-06-23 | Name : Fedora Core 9 FEDORA-2009-6603 (libpng) File : nvt/fcore_2009_6603.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-180-01 libpng File : nvt/esoft_slk_ssa_2010_180_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-170-01 libpng File : nvt/esoft_slk_ssa_2009_170_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66600 | Mozilla Multiple Products PNG File Handling Overflow |
65853 | libpng pngrutil.c sCAL Chunk Memory Corruption DoS |
65852 | libpng pngpread.c PNG Image Data Height Overflow |
62670 | libpng pngrutil.c png_decompress_chunk Function Ancillary Chunks PNG File Dec... libpng contains a flaw that may allow a remote denial of service. The issue is triggered when the png_decompress_chunk() function in libpng fails to properly decompress certain highly compressed ancillary-chunk data, causing the process to consume large amounts of CPU and memory which may result in loss of availability for the application. |
54915 | libpng 1-bit Interlaced Image Handling Memory Disclosure libpng contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when libpng processes 1-bit interlaced images whose width is not divisible by 8, which will disclose uninitialized memory resulting in a loss of confidentiality. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-04-15 | IAVM : 2010-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0023997 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52307 - Revision : 1 - Type : FILE-IMAGE |
2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52306 - Revision : 1 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-100727.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-100722.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-100721.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100714_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100720_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100720_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100720_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-09-21 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0007.nasl - Type : ACT_GATHER_INFO |
2011-08-11 | Name : The remote Windows host has an application that is affected by multiple vulne... File : blackberry_es_png_kb27244.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_0_4.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_10_2.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_2_banner.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng12-0-100319.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-100319.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7101.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-6933.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-7144.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201010-01.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12642.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
2010-08-24 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO |
2010-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-133.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
2010-07-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2075.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10776.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10793.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100721.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-957-2.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-958-1.nasl - Type : ACT_GATHER_INFO |
2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-4.nasl - Type : ACT_GATHER_INFO |
2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-5.nasl - Type : ACT_GATHER_INFO |
2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-957-1.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11327.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11345.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11361.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11363.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11375.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11379.nasl - Type : ACT_GATHER_INFO |
2010-07-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8c2ea875949911df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-07-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3511.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2072.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10823.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10833.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_306.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_311.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_206.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2010-07-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-960-1.nasl - Type : ACT_GATHER_INFO |
2010-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10592.nasl - Type : ACT_GATHER_INFO |
2010-07-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10557.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-180-01.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2988.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3375.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3414.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4616.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4673.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4683.nasl - Type : ACT_GATHER_INFO |
2010-06-29 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_edef3f2f82cf11dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO |
2010-05-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpng-devel-100318.nasl - Type : ACT_GATHER_INFO |
2010-05-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-100318.nasl - Type : ACT_GATHER_INFO |
2010-05-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpng-devel-100318.nasl - Type : ACT_GATHER_INFO |
2010-05-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12599.nasl - Type : ACT_GATHER_INFO |
2010-04-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4fb5d2cd4c7711df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote host has a virtualization application affected by multiple vulnera... File : vmware_multiple_vmsa_2010_0007.nasl - Type : ACT_GATHER_INFO |
2010-04-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2032.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-03-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-064.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-063.nasl - Type : ACT_GATHER_INFO |
2010-03-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-913-1.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libpng-6324.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12444.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-6326.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200906-01.nasl - Type : ACT_GATHER_INFO |
2009-06-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-170-01.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6506.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6531.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6603.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5977.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6400.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:37 |
|