This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Greg Roelofs First view 2006-01-31
Product Libpng Last view 2006-11-17
Version 1.2.7 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:greg_roelofs:libpng

Activity : Overall

Related : CVE

  Date Alert Description
2.6 2006-11-17 CVE-2006-5793

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.

7.5 2006-06-30 CVE-2006-3334

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

5 2006-01-31 CVE-2006-0481

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
30398 libpng sPLT Chunk Handling DoS
28160 libpng png_decompress_chunk Function Overflow
22850 libpng PNG Processing png_set_strip_alpha() Function Overflow

OpenVAS Exploits

id Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for libpng
File : nvt/sles9p5009301.nasl
2009-02-27 Name : Fedora Update for libpng FEDORA-2007-528
File : nvt/gb_fedora_2007_528_libpng_fc5.nasl
2009-02-27 Name : Fedora Update for libpng FEDORA-2007-529
File : nvt/gb_fedora_2007_529_libpng_fc6.nasl
2008-12-23 Name : Gentoo Security Advisory GLSA 200812-15 (povray)
File : nvt/glsa_200812_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200607-06 (libpng)
File : nvt/glsa_200607_06.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200611-09 (libpng)
File : nvt/glsa_200611_09.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-335-03 libpng
File : nvt/esoft_slk_ssa_2006_335_03.nasl

Nessus® Vulnerability Scanner

id Description
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-0356.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20070517_libpng_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2008-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200812-15.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2008-002.nasl - Type: ACT_GATHER_INFO
2007-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_libpng-2325.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-383-1.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_libpng-2322.nasl - Type: ACT_GATHER_INFO
2007-05-25 Name: The remote Fedora Core host is missing a security update.
File: fedora_2007-528.nasl - Type: ACT_GATHER_INFO
2007-05-25 Name: The remote Fedora Core host is missing a security update.
File: fedora_2007-529.nasl - Type: ACT_GATHER_INFO
2007-05-20 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2007-0356.nasl - Type: ACT_GATHER_INFO
2007-05-20 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2007-0356.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-210.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-213.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2006-212.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-211.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2006-335-03.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-209.nasl - Type: ACT_GATHER_INFO
2006-11-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200611-09.nasl - Type: ACT_GATHER_INFO
2006-07-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200607-06.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2006-0205.nasl - Type: ACT_GATHER_INFO
2006-02-14 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2006-0205.nasl - Type: ACT_GATHER_INFO