Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | libpng fails to limit number of rows in header |
| Informations | |||
|---|---|---|---|
| Name | VU#643615 | First vendor Publication | 2010-07-02 |
| Vendor | VU-CERT | Last vendor Modification | 2010-07-12 |
| Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Vulnerability Note VU#643615libpng fails to limit number of rows in headerOverviewLibpng contains a vulnerability in the way it handles images containing an extra row of image data beyond the height reported in the image header.I. DescriptionA vulnerability exists in the way libpng receives an extra row of image data beyond the height reported in the header of the image. According to the PNG Development Group:Several versions of libpng through 1.4.2 (and through 1.2.43 in the older series) contain a bug whereby progressive applications such as web browsers (or the rpng2 demo app included in libpng) could receive an extra row of image data beyond the height reported in the header, potentially leading to an out-of-bounds write to memory (depending on how the application is written) and the possibility of execution of an attacker's code with the privileges of the libpng user (including remote compromise in the case of a libpng-based browser visiting a hostile web site). The PNG Development Group has issued an upgrade to address this issue. See libpng version 1.2.44 and 1.4.3 for more information.
Referenceshttp://libpng.org/pub/png/libpng.html This issue was reported by the PNG Development Group in libpng version 1.2.44 and 1.4.3. This document was written by Michael Orlando.
|
Original Source
| Url : http://www.kb.cert.org/vuls/id/643615 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11851 | |||
| Oval ID: | oval:org.mitre.oval:def:11851 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability | ||
| Description: | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1205 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-07-20 | libpng <= 1.4.2 Denial of Service Vulnerability |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
| 2011-08-26 | Name : Apple iTunes Multiple Vulnerabilities (Mac OS X) File : nvt/secpod_itunes_mult_vuln_macosx.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2010:0547 centos5 i386 File : nvt/gb_CESA-2010_0547_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0545 centos5 i386 File : nvt/gb_CESA-2010_0545_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libpng CESA-2010:0534 centos5 i386 File : nvt/gb_CESA-2010_0534_libpng_centos5_i386.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201010-01 (libpng) File : nvt/glsa_201010_01.nasl |
| 2010-08-21 | Name : Debian Security Advisory DSA 2075-1 (xulrunner) File : nvt/deb_2075_1.nasl |
| 2010-08-21 | Name : Debian Security Advisory DSA 2072-1 (libpng) File : nvt/deb_2072_1.nasl |
| 2010-08-21 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox49.nasl |
| 2010-08-20 | Name : CentOS Update for seamonkey CESA-2010:0546 centos3 i386 File : nvt/gb_CESA-2010_0546_seamonkey_centos3_i386.nasl |
| 2010-08-20 | Name : CentOS Update for libpng10 CESA-2010:0534 centos3 i386 File : nvt/gb_CESA-2010_0534_libpng10_centos3_i386.nasl |
| 2010-08-06 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:032 File : nvt/gb_suse_2010_032.nasl |
| 2010-07-30 | Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-957-2 File : nvt/gb_ubuntu_USN_957_2.nasl |
| 2010-07-30 | Name : Fedora Update for mingw32-libpng FEDORA-2010-10776 File : nvt/gb_fedora_2010_10776_mingw32-libpng_fc12.nasl |
| 2010-07-30 | Name : Fedora Update for mingw32-libpng FEDORA-2010-10793 File : nvt/gb_fedora_2010_10793_mingw32-libpng_fc13.nasl |
| 2010-07-30 | Name : Ubuntu Update for thunderbird vulnerabilities USN-958-1 File : nvt/gb_ubuntu_USN_958_1.nasl |
| 2010-07-26 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-957-1 File : nvt/gb_ubuntu_USN_957_1.nasl |
| 2010-07-26 | Name : Ubuntu Update USN-930-5 File : nvt/gb_ubuntu_USN_930_5.nasl |
| 2010-07-26 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-4 File : nvt/gb_ubuntu_USN_930_4.nasl |
| 2010-07-23 | Name : Fedora Update for seamonkey FEDORA-2010-11363 File : nvt/gb_fedora_2010_11363_seamonkey_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for galeon FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_galeon_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_gnome-python2-extras_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for gnome-web-photo FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_gnome-web-photo_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for mozvoikko FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_mozvoikko_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_perl-Gtk2-MozEmbed_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for xulrunner FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_xulrunner_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for sunbird FEDORA-2010-11379 File : nvt/gb_fedora_2010_11379_sunbird_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for thunderbird FEDORA-2010-11379 File : nvt/gb_fedora_2010_11379_thunderbird_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for firefox FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_firefox_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for thunderbird FEDORA-2010-11361 File : nvt/gb_fedora_2010_11361_thunderbird_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for sunbird FEDORA-2010-11361 File : nvt/gb_fedora_2010_11361_sunbird_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for xulrunner FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_xulrunner_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_perl-Gtk2-MozEmbed_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for mozvoikko FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_mozvoikko_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for gnome-web-photo FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_gnome-web-photo_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_gnome-python2-extras_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for galeon FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_galeon_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for firefox FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_firefox_fc13.nasl |
| 2010-07-23 | Name : RedHat Update for seamonkey RHSA-2010:0546-01 File : nvt/gb_RHSA-2010_0546-01_seamonkey.nasl |
| 2010-07-23 | Name : RedHat Update for firefox RHSA-2010:0547-01 File : nvt/gb_RHSA-2010_0547-01_firefox.nasl |
| 2010-07-23 | Name : Fedora Update for libpng10 FEDORA-2010-10823 File : nvt/gb_fedora_2010_10823_libpng10_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for seamonkey FEDORA-2010-11327 File : nvt/gb_fedora_2010_11327_seamonkey_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for libpng10 FEDORA-2010-10833 File : nvt/gb_fedora_2010_10833_libpng10_fc12.nasl |
| 2010-07-16 | Name : RedHat Update for libpng RHSA-2010:0534-01 File : nvt/gb_RHSA-2010_0534-01_libpng.nasl |
| 2010-07-16 | Name : Mandriva Update for libpng MDVSA-2010:133 (libpng) File : nvt/gb_mandriva_MDVSA_2010_133.nasl |
| 2010-07-12 | Name : Ubuntu Update for libpng vulnerabilities USN-960-1 File : nvt/gb_ubuntu_USN_960_1.nasl |
| 2010-07-06 | Name : Fedora Update for libpng FEDORA-2010-10592 File : nvt/gb_fedora_2010_10592_libpng_fc12.nasl |
| 2010-07-06 | Name : FreeBSD Ports: png File : nvt/freebsd_png4.nasl |
| 2010-07-02 | Name : Fedora Update for libpng FEDORA-2010-10557 File : nvt/gb_fedora_2010_10557_libpng_fc13.nasl |
| 2010-04-30 | Name : Mandriva Update for gdm MDVA-2010:133 (gdm) File : nvt/gb_mandriva_MDVA_2010_133.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-180-01 libpng File : nvt/esoft_slk_ssa_2010_180_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 66600 | Mozilla Multiple Products PNG File Handling Overflow |
| 65852 | libpng pngpread.c PNG Image Data Height Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52307 - Revision : 1 - Type : FILE-IMAGE |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52306 - Revision : 1 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-100721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-100722.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-100727.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100714_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100720_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100720_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100720_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2011-08-11 | Name : The remote Windows host has an application that is affected by multiple vulne... File : blackberry_es_png_kb27244.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_0_4.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_10_2.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_2_banner.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
| 2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
| 2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-7144.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7101.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201010-01.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12642.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
| 2010-08-24 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO |
| 2010-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-133.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
| 2010-07-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2075.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10776.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10793.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-958-1.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-957-2.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100721.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-957-1.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-5.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-4.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11345.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11327.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11363.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11375.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11379.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11361.nasl - Type : ACT_GATHER_INFO |
| 2010-07-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8c2ea875949911df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-07-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3511.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_306.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_206.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2072.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_311.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10823.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10833.nasl - Type : ACT_GATHER_INFO |
| 2010-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
| 2010-07-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-960-1.nasl - Type : ACT_GATHER_INFO |
| 2010-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10592.nasl - Type : ACT_GATHER_INFO |
| 2010-07-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10557.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-180-01.nasl - Type : ACT_GATHER_INFO |
| 2010-06-29 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_edef3f2f82cf11dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO |
