oval:org.mitre.oval:def:13510

Definition Id: oval:org.mitre.oval:def:13510
 
Oval ID: oval:org.mitre.oval:def:13510
Title: DSA-2032-1 libpng -- several
Description: Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2042 libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialised bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. CVE-2010-0205 libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service via a crafted PNG file For the stable distribution, these problems have been fixed in version 1.2.27-2+lenny3. For the testing and unstable distribution, these problems have been fixed in version 1.2.43-1 We recommend that you upgrade your libpng package.
Family: unix Class: patch
Reference(s): DSA-2032-1
CVE-2009-2042
CVE-2010-0205
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): libpng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6513
 
Oval ID: oval:org.mitre.oval:def:6513
Title: Debian GNU/Linux 5.0 is installed
Description: Debian GNU/Linux 5.0 (lenny) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:5.0
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13510