Vulnerabilities > CVE-2002-0728 - Unspecified vulnerability in Greg Roelofs Libpng 1.0.14/1.2.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN greg-roelofs
nessus
Summary
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-140.NASL description Developers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications which could potentially allow an attacker to execute malicious code. Programs such as Galeon, Konqueror and various others make use of these libraries. In addition to that, the packages below fix another potential buffer overflow. The PNG libraries implement a safety margin which is also included in a newer upstream release. Thanks to Glenn Randers-Pehrson for informing us. To find out which packages depend on this library, you may want to execute the following commands : apt-cache showpkg libpng2 apt-cache showpkg libpng3 last seen 2020-06-01 modified 2020-06-02 plugin id 14977 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14977 title Debian DSA-140-2 : libpng - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-140. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14977); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2002-0660", "CVE-2002-0728"); script_xref(name:"DSA", value:"140"); script_name(english:"Debian DSA-140-2 : libpng - buffer overflow"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Developers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications which could potentially allow an attacker to execute malicious code. Programs such as Galeon, Konqueror and various others make use of these libraries. In addition to that, the packages below fix another potential buffer overflow. The PNG libraries implement a safety margin which is also included in a newer upstream release. Thanks to Glenn Randers-Pehrson for informing us. To find out which packages depend on this library, you may want to execute the following commands : apt-cache showpkg libpng2 apt-cache showpkg libpng3" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-140" ); script_set_attribute( attribute:"solution", value: "Upgrade the libpng packages immediately and restart programs and daemons that link to these libraries and read external data, such as web browsers. This problem has been fixed in version 1.0.12-3.woody.2 of libpng and version 1.2.1-1.1.woody.2 of libpng3 for the current stable distribution (woody) and in version 1.0.12-4 of libpng and version 1.2.1-2 of libpng3 for the unstable distribution (sid). The potato release of Debian does not seem to be vulnerable." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpng3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libpng-dev", reference:"1.2.1-1.1.woody.2")) flag++; if (deb_check(release:"3.0", prefix:"libpng2", reference:"1.0.12-3.woody.2")) flag++; if (deb_check(release:"3.0", prefix:"libpng2-dev", reference:"1.0.12-3.woody.2")) flag++; if (deb_check(release:"3.0", prefix:"libpng3", reference:"1.2.1-1.1.woody.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-049.NASL description A buffer overflow was found in the in the progressive reader of the PNG library when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. These deliberately malformed datastreams would crash applications thus potentially allowing an attacker to execute malicious code. Many programs make use of the PNG libraries, including web browsers. This overflow is corrected in versions 1.0.14 and 1.2.4 of the PNG library. In order to have the system utilize the upgraded packages after the upgrade, you must restart all running applications that are linked to libpng. You can obtain this list by executing last seen 2020-06-01 modified 2020-06-02 plugin id 13952 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13952 title Mandrake Linux Security Advisory : libpng (MDKSA-2002:049) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:049. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13952); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0728"); script_xref(name:"MDKSA", value:"2002:049"); script_name(english:"Mandrake Linux Security Advisory : libpng (MDKSA-2002:049)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow was found in the in the progressive reader of the PNG library when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. These deliberately malformed datastreams would crash applications thus potentially allowing an attacker to execute malicious code. Many programs make use of the PNG libraries, including web browsers. This overflow is corrected in versions 1.0.14 and 1.2.4 of the PNG library. In order to have the system utilize the upgraded packages after the upgrade, you must restart all running applications that are linked to libpng. You can obtain this list by executing 'lsof|grep libpng' or 'fuser -v /usr/lib/libpng.so'." ); script_set_attribute( attribute:"see_also", value:"ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"libpng-1.0.5-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"libpng-devel-1.0.5-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"libpng-1.0.8-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"libpng-devel-1.0.8-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libpng2-1.0.9-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libpng2-devel-1.0.9-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libpng2-1.0.12-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libpng2-devel-1.0.12-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libpng3-1.2.4-3.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libpng3-devel-1.2.4-3.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libpng3-static-devel-1.2.4-3.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-152.NASL description Updated libpng packages are available that fix a buffer overflow vulnerability. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. Versions of libpng prior to 1.0.14 contain a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications linked to libpng such as Mozilla that use the progressive reading feature. Packages within Red Hat Linux Advanced Server , such as Mozilla, make use of the shared libpng library, therefore all users are advised to upgrade to the errata packages which contain libpng 1.0.14. Libpng 1.0.14 is not vulnerable to this issue and contains fixes for other bugs including a number of memory leaks. last seen 2020-06-01 modified 2020-06-02 plugin id 12313 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12313 title RHEL 2.1 : libpng (RHSA-2002:152) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2002:152. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12313); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:09"); script_cve_id("CVE-2002-0660", "CVE-2002-0728"); script_xref(name:"RHSA", value:"2002:152"); script_name(english:"RHEL 2.1 : libpng (RHSA-2002:152)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libpng packages are available that fix a buffer overflow vulnerability. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. Versions of libpng prior to 1.0.14 contain a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications linked to libpng such as Mozilla that use the progressive reading feature. Packages within Red Hat Linux Advanced Server , such as Mozilla, make use of the shared libpng library, therefore all users are advised to upgrade to the errata packages which contain libpng 1.0.14. Libpng 1.0.14 is not vulnerable to this issue and contains fixes for other bugs including a number of memory leaks." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-0660" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-0728" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2002:152" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng and / or libpng-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/08/12"); script_set_attribute(attribute:"patch_publication_date", value:"2002/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2002:152"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libpng-1.0.14-0.7x.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libpng-devel-1.0.14-0.7x.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng / libpng-devel"); } }
Redhat
advisories |
|
References
- ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207
- ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000512
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000512
- http://rhn.redhat.com/errata/RHSA-2002-152.html
- http://rhn.redhat.com/errata/RHSA-2002-152.html
- http://www.debian.org/security/2002/dsa-140
- http://www.debian.org/security/2002/dsa-140
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-049.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-049.php