Executive Summary

Summary
Title Sun Alert 269788 Security Vulnerability in Solaris libpng(3) May Allow a Remote User to Disclose Potentially Sensitive Information from Applications Linked to libpng(3)
Informations
Name SUN-269788 First vendor Publication 2009-10-14
Vendor Sun Last vendor Modification 2009-11-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris

Multiple security vulnerabilities in libpng(3), which is shipped with Solaris, may allow a local or remote unprivileged user to disclose potentially sensitive information associated with applications linked to libpng(3), when a user has loaded a specially crafted Portable Network Graphics (PNG) format image file (.png) supplied by an untrusted user.

These issues are also described in the following document:

    CVE-2009-2042 at: http://www.security-database.com/detail.php?cve=CVE-2009-2042

State: Workaround
First released: 14-Oct-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_269788_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 466

OpenVAS Exploits

Date Description
2012-04-16 Name : VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolv...
File : nvt/gb_VMSA-2010-0007.nasl
2011-08-09 Name : CentOS Update for libpng CESA-2010:0534 centos5 i386
File : nvt/gb_CESA-2010_0534_libpng_centos5_i386.nasl
2010-08-20 Name : CentOS Update for libpng10 CESA-2010:0534 centos3 i386
File : nvt/gb_CESA-2010_0534_libpng10_centos3_i386.nasl
2010-07-16 Name : RedHat Update for libpng RHSA-2010:0534-01
File : nvt/gb_RHSA-2010_0534-01_libpng.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-04-21 Name : Debian Security Advisory DSA 2032-1 (libpng)
File : nvt/deb_2032_1.nasl
2010-03-31 Name : Fedora Update for libpng FEDORA-2010-4616
File : nvt/gb_fedora_2010_4616_libpng_fc11.nasl
2010-03-31 Name : Mandriva Update for libpng MDVSA-2010:063 (libpng)
File : nvt/gb_mandriva_MDVSA_2010_063.nasl
2010-03-22 Name : Ubuntu Update for libpng vulnerabilities USN-913-1
File : nvt/gb_ubuntu_USN_913_1.nasl
2010-02-19 Name : Mandriva Update for totem MDVA-2010:063 (totem)
File : nvt/gb_mandriva_MDVA_2010_063.nasl
2009-10-13 Name : SLES10: Security update for libpng
File : nvt/sles10_libpng1.nasl
2009-10-11 Name : SLES11: Security update for libpng
File : nvt/sles11_libpng12-00.nasl
2009-10-10 Name : SLES9: Security update for libpng
File : nvt/sles9p5053577.nasl
2009-07-29 Name : SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client)
File : nvt/suse_sa_2009_037.nasl
2009-06-30 Name : Gentoo Security Advisory GLSA 200906-01 (libpng)
File : nvt/glsa_200906_01.nasl
2009-06-23 Name : Fedora Core 9 FEDORA-2009-6603 (libpng)
File : nvt/fcore_2009_6603.nasl
2009-06-23 Name : Fedora Core 10 FEDORA-2009-6531 (libpng)
File : nvt/fcore_2009_6531.nasl
2009-06-23 Name : Fedora Core 11 FEDORA-2009-6506 (libpng)
File : nvt/fcore_2009_6506.nasl
2009-06-23 Name : Fedora Core 10 FEDORA-2009-6400 (mingw32-libpng)
File : nvt/fcore_2009_6400.nasl
2009-06-23 Name : Fedora Core 11 FEDORA-2009-5977 (mingw32-libpng)
File : nvt/fcore_2009_5977.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-170-01 libpng
File : nvt/esoft_slk_ssa_2009_170_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54915 libpng 1-bit Interlaced Image Handling Memory Disclosure

libpng contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when libpng processes 1-bit interlaced images whose width is not divisible by 8, which will disclose uninitialized memory resulting in a loss of confidentiality.

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-04-15 IAVM : 2010-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0023997

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100714_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-09-21 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0007.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2010-04-15 Name : The remote host has a virtualization application affected by multiple vulnera...
File : vmware_multiple_vmsa_2010_0007.nasl - Type : ACT_GATHER_INFO
2010-04-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2032.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-03-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-063.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-913-1.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_libpng-6324.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12444.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libpng-6326.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200906-01.nasl - Type : ACT_GATHER_INFO
2009-06-21 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-170-01.nasl - Type : ACT_GATHER_INFO
2009-06-19 Name : The remote Fedora host is missing a security update.
File : fedora_2009-6531.nasl - Type : ACT_GATHER_INFO
2009-06-19 Name : The remote Fedora host is missing a security update.
File : fedora_2009-6506.nasl - Type : ACT_GATHER_INFO
2009-06-19 Name : The remote Fedora host is missing a security update.
File : fedora_2009-6603.nasl - Type : ACT_GATHER_INFO
2009-06-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-6400.nasl - Type : ACT_GATHER_INFO
2009-06-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5977.nasl - Type : ACT_GATHER_INFO