Vulnerabilities > CVE-2002-1363 - Buffer Overflow vulnerability in LibPNG Incorrect Offset Calculation
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-212.NASL description Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to last seen 2020-06-01 modified 2020-06-02 plugin id 24597 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24597 title Mandrake Linux Security Advisory : doxygen (MDKSA-2006:212) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:212. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24597); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2006-3334", "CVE-2006-5793"); script_bugtraq_id(10244, 18698); script_xref(name:"MDKSA", value:"2006:212"); script_name(english:"Mandrake Linux Security Advisory : doxygen (MDKSA-2006:212)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793) In addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599) Packages have been patched to correct these issues." ); script_set_attribute( attribute:"solution", value:"Update the affected doxygen package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:doxygen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"doxygen-1.4.4-1.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2007.0", reference:"doxygen-1.4.7-1.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200407-06.NASL description The remote host is affected by the vulnerability described in GLSA-200407-06 (libpng: Buffer overflow on row buffers) Due to a wrong calculation of loop offset values, libpng contains a buffer overflow vulnerability on the row buffers. This vulnerability was initially patched in January 2003 but since it has been discovered that libpng contains the same vulnerability in two other places. Impact : An attacker could exploit this vulnerability to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version. last seen 2020-06-01 modified 2020-06-02 plugin id 14539 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14539 title GLSA-200407-06 : libpng: Buffer overflow on row buffers code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200407-06. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14539); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2002-1363"); script_xref(name:"GLSA", value:"200407-06"); script_name(english:"GLSA-200407-06 : libpng: Buffer overflow on row buffers"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200407-06 (libpng: Buffer overflow on row buffers) Due to a wrong calculation of loop offset values, libpng contains a buffer overflow vulnerability on the row buffers. This vulnerability was initially patched in January 2003 but since it has been discovered that libpng contains the same vulnerability in two other places. Impact : An attacker could exploit this vulnerability to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200407-06" ); script_set_attribute( attribute:"solution", value: "All libpng users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=media-libs/libpng-1.2.5-r7' # emerge '>=media-libs/libpng-1.2.5-r7' You should also run revdep-rebuild to rebuild any packages that depend on older versions of libpng : # revdep-rebuild" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-libs/libpng", unaffected:make_list("ge 1.2.5-r7"), vulnerable:make_list("le 1.2.5-r6"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-402.NASL description Updated libpng packages that fix several issues are now available. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0597 to these issues. In addition, this audit discovered a potential NULL pointer dereference in libpng (CVE-2004-0598) and several integer overflow issues (CVE-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim. Red Hat would like to thank Chris Evans for discovering these issues. For users of Red Hat Enterprise Linux 2.1 these patches also include a more complete fix for the out of bounds memory access flaw (CVE-2002-1363). All users are advised to update to the updated libpng packages which contain backported security patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14213 published 2004-08-05 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14213 title RHEL 2.1 / 3 : libpng (RHSA-2004:402) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:402. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(14213); script_version ("1.30"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2002-1363", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599"); script_xref(name:"RHSA", value:"2004:402"); script_name(english:"RHEL 2.1 / 3 : libpng (RHSA-2004:402)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libpng packages that fix several issues are now available. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During a source code audit, Chris Evans discovered several buffer overflows in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0597 to these issues. In addition, this audit discovered a potential NULL pointer dereference in libpng (CVE-2004-0598) and several integer overflow issues (CVE-2004-0599). An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to crash when the file was opened by the victim. Red Hat would like to thank Chris Evans for discovering these issues. For users of Red Hat Enterprise Linux 2.1 these patches also include a more complete fix for the out of bounds memory access flaw (CVE-2002-1363). All users are advised to update to the updated libpng packages which contain backported security patches and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-1363" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0597" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0598" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0599" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:402" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng10-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/26"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:402"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libpng-1.0.14-7")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libpng-devel-1.0.14-7")) flag++; if (rpm_check(release:"RHEL3", reference:"libpng-1.2.2-25")) flag++; if (rpm_check(release:"RHEL3", reference:"libpng-devel-1.2.2-25")) flag++; if (rpm_check(release:"RHEL3", reference:"libpng10-1.0.13-15")) flag++; if (rpm_check(release:"RHEL3", reference:"libpng10-devel-1.0.13-15")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng / libpng-devel / libpng10 / libpng10-devel"); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-213.NASL description Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to last seen 2020-06-01 modified 2020-06-02 plugin id 24598 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24598 title Mandrake Linux Security Advisory : chromium (MDKSA-2006:213) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:213. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24598); script_version ("1.20"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id( "CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2006-3334" ); script_bugtraq_id( 10244, 18698, 21078 ); script_xref(name:"MDKSA", value:"2006:213"); script_name(english:"Mandrake Linux Security Advisory : chromium (MDKSA-2006:213)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. In addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599) Packages have been patched to correct these issues." ); script_set_attribute( attribute:"solution", value:"Update the affected chromium and / or chromium-setup packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:chromium-setup"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"chromium-0.9.12-25.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"chromium-setup-0.9.12-25.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-063.NASL description A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. This vulnerability was initially patched in January of 2003, but it has since been noted that fixes were required in two additional places that had not been corrected with the earlier patch. This update uses an updated patch to fix all known issues. After the upgrade, all applications that use libpng should be restarted. Many applications are linked to libpng, so if you are unsure of what applications to restart, you may wish to reboot the system. Mandrakesoft encourages all users to upgrade immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 14162 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14162 title Mandrake Linux Security Advisory : libpng (MDKSA-2004:063) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:063. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14162); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2002-1363"); script_xref(name:"MDKSA", value:"2004:063"); script_name(english:"Mandrake Linux Security Advisory : libpng (MDKSA-2004:063)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. This vulnerability was initially patched in January of 2003, but it has since been noted that fixes were required in two additional places that had not been corrected with the earlier patch. This update uses an updated patch to fix all known issues. After the upgrade, all applications that use libpng should be restarted. Many applications are linked to libpng, so if you are unsure of what applications to restart, you may wish to reboot the system. Mandrakesoft encourages all users to upgrade immediately." ); script_set_attribute( attribute:"see_also", value:"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:008" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64png3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64png3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64png3-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64png3-1.2.5-10.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64png3-devel-1.2.5-10.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64png3-static-devel-1.2.5-10.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libpng3-1.2.5-10.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libpng3-devel-1.2.5-10.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libpng3-static-devel-1.2.5-10.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libpng3-1.2.5-2.3.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libpng3-devel-1.2.5-2.3.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libpng3-static-devel-1.2.5-2.3.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64png3-1.2.5-7.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64png3-devel-1.2.5-7.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64png3-static-devel-1.2.5-7.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libpng3-1.2.5-7.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libpng3-devel-1.2.5-7.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libpng3-static-devel-1.2.5-7.3.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-008.NASL description A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. After the upgrade, all applications that use libpng should be restarted. Many applications are linked to libpng, so if you are unsure of what applications to restart, you may wish to reboot the system. MandrakeSoft encourages all users to upgrade immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 13993 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13993 title Mandrake Linux Security Advisory : libpng (MDKSA-2003:008) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:008. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13993); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-1363"); script_xref(name:"MDKSA", value:"2003:008"); script_name(english:"Mandrake Linux Security Advisory : libpng (MDKSA-2003:008)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. After the upgrade, all applications that use libpng should be restarted. Many applications are linked to libpng, so if you are unsure of what applications to restart, you may wish to reboot the system. MandrakeSoft encourages all users to upgrade immediately." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpng3-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"libpng-1.0.8-2.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"libpng-devel-1.0.8-2.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libpng2-1.0.9-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"libpng2-devel-1.0.9-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libpng2-1.0.12-2.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libpng2-devel-1.0.12-2.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libpng3-1.2.4-3.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libpng3-devel-1.2.4-3.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libpng3-static-devel-1.2.4-3.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpng3-1.2.4-3.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpng3-devel-1.2.4-3.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpng3-static-devel-1.2.4-3.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-007.NASL description Updated libpng packages are available which fix a buffer overflow vulnerability. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. Unpatched versions of libpng 1.2.1 and earlier do not correctly calculate offsets, which leads to a buffer overflow and the possibility of arbitrary code execution. This could be exploited by an attacker creating a carefully crafted PNG file which could execute arbitrary code when the victim views it. Packages within Red Hat Linux Advanced Server, such as Mozilla, make use of the shared libpng library. All users are advised to upgrade to the errata packages, which contain libpng 1.0.14 with a backported patch that corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12348 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12348 title RHEL 2.1 : libpng (RHSA-2003:007) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040809.NASL description The remote host is missing Security Update 2004-08-09. libpng is a library used for manipulating graphics files. Several buffer overflows have been discovered in libpng. A remote attacker could exploit these vulnerabilities by tricking a user into opening a maliciously crafted PNG file, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 14242 published 2004-08-10 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14242 title Mac OS X Multiple Vulnerabilities (Security Update 2004-08-09) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-213.NASL description Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer. last seen 2020-06-01 modified 2020-06-02 plugin id 15050 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15050 title Debian DSA-213-1 : libpng - buffer overflow NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_0004.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:0004 (libpng). The library libpng provides several functions to encode, decode and manipulate Portable Network Graphics (PNG) image files. Due to wrong calculation of some loop offset values a buffer overflow can occur. The buffer overflow can lead to Denial-of-Service or even to remote compromise. After updating libpng all applications that use libpng should be restarted. Due to the fact that a lot of applications are linked with libpng it may be necessary to switch to runlevel S and back to the previous runlevel or even to reboot the system. There is no temporary fix known. Please install the new packages from our FTP servers. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command last seen 2020-06-01 modified 2020-06-02 plugin id 13770 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13770 title SUSE-SA:2003:0004: libpng NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-249.NASL description Updated libpng packages that fix a possible buffer overflow are now available. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During an audit of Red Hat Linux updates, the Fedora Legacy team found a security issue in libpng that had not been fixed in Red Hat Enterprise Linux 3. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim. Note: this issue does not affect Red Hat Enterprise Linux 2.1 Users are advised to upgrade to these updated packages that contain a backported security fix and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12507 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12507 title RHEL 3 : libpng (RHSA-2004:249) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-536.NASL description Chris Evans discovered several vulnerabilities in libpng : - CAN-2004-0597 Multiple buffer overflows exist, including when handling transparency chunk data, which could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed - CAN-2004-0598 Multiple NULL pointer dereferences in png_handle_iCPP() and elsewhere could be exploited to cause an application to crash when a specially crafted PNG image is processed - CAN-2004-0599 Multiple integer overflows in the png_handle_sPLT(), png_read_png() functions and elsewhere could be exploited to cause an application to crash, or potentially arbitrary code to be executed, when a specially crafted PNG image is processed In addition, a bug related to CAN-2002-1363 was fixed : - CAN-2004-0768 A buffer overflow could be caused by incorrect calculation of buffer offsets, possibly leading to the execution of arbitrary code last seen 2020-06-01 modified 2020-06-02 plugin id 15373 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15373 title Debian DSA-536-1 : libpng - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-119.NASL description Updated mICQ packages are available which fix a remote crash. mICQ is an online messaging and conferencing program. mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character. Users of mICQ are advised to upgrade to these erratum packages containing mICQ version 0.4.10.2 which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12384 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12384 title RHEL 2.1 : micq (RHSA-2003:119)
Oval
| accepted | 2004-10-06T12:00:00.000-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:3657 | ||||
| status | accepted | ||||
| submitted | 2004-09-03T04:26:00.000-04:00 | ||||
| title | Portable Network Graphics Library Offset Calculation Vulnerability | ||||
| version | 4 |
Redhat
| advisories |
| ||||||||||||||||||||||||
| rpms |
|
References
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:008
- http://www.debian.org/security/2002/dsa-213
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063
- http://www.novell.com/linux/security/advisories/2003_004_libpng.html
- http://www.redhat.com/support/errata/RHSA-2003-006.html
- http://www.redhat.com/support/errata/RHSA-2003-007.html
- http://www.redhat.com/support/errata/RHSA-2003-119.html
- http://www.redhat.com/support/errata/RHSA-2003-157.html
- http://www.redhat.com/support/errata/RHSA-2004-249.html
- http://www.redhat.com/support/errata/RHSA-2004-402.html
- http://www.securityfocus.com/bid/6431
- https://bugzilla.fedora.us/show_bug.cgi?id=1943
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10925
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3657