Vulnerabilities > CVE-2004-0421 - Out-of-bounds Read vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | Libpng
| 17 |
Application | 2 | |
OS | 2 | |
OS | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2011-8868.NASL description Fix for CVE-2011-2501. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55599 published 2011-07-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55599 title Fedora 14 : mingw32-libpng-1.4.3-2.fc14 (2011-8868) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-8868. # include("compat.inc"); if (description) { script_id(55599); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2004-0421", "CVE-2011-2501"); script_bugtraq_id(48474); script_xref(name:"FEDORA", value:"2011-8868"); script_name(english:"Fedora 14 : mingw32-libpng-1.4.3-2.fc14 (2011-8868)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2011-2501. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=717510" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0a6b22a6" ); script_set_attribute( attribute:"solution", value:"Update the affected mingw32-libpng package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw32-libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"mingw32-libpng-1.4.3-2.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw32-libpng"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2011-8844.NASL description This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there last seen 2020-06-01 modified 2020-06-02 plugin id 55654 published 2011-07-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55654 title Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-8844. # include("compat.inc"); if (description) { script_id(55654); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"); script_bugtraq_id(48474, 48618, 48660); script_xref(name:"FEDORA", value:"2011-8844"); script_name(english:"Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there's additionally a bugfix backported from 1.5.3: when expanding a paletted image, always expand to RGBA if transparency is present. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=717084" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=720607" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=720608" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=720612" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062970.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?34f18a13" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng10 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2011/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"libpng10-1.0.55-1.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng10"); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-212.NASL description Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to last seen 2020-06-01 modified 2020-06-02 plugin id 24597 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24597 title Mandrake Linux Security Advisory : doxygen (MDKSA-2006:212) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:212. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24597); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2006-3334", "CVE-2006-5793"); script_bugtraq_id(10244, 18698); script_xref(name:"MDKSA", value:"2006:212"); script_name(english:"Mandrake Linux Security Advisory : doxygen (MDKSA-2006:212)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793) In addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599) Packages have been patched to correct these issues." ); script_set_attribute( attribute:"solution", value:"Update the affected doxygen package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:doxygen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"doxygen-1.4.4-1.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2007.0", reference:"doxygen-1.4.7-1.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2004-106.NASL description - Mon Apr 19 2004 Matthias Clasen <mclasen at redhat.com> - fix a possible out-of-bounds read in the error message handler. #121229 - Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com> - rebuilt - Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com> - rebuilt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13689 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13689 title Fedora Core 1 : libpng10-1.0.13-11 (2004-106) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-106. # include("compat.inc"); if (description) { script_id(13689); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-0421"); script_xref(name:"FEDORA", value:"2004-106"); script_name(english:"Fedora Core 1 : libpng10-1.0.13-11 (2004-106)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Apr 19 2004 Matthias Clasen <mclasen at redhat.com> - fix a possible out-of-bounds read in the error message handler. #121229 - Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com> - rebuilt - Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com> - rebuilt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-May/000116.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0086c378" ); script_set_attribute( attribute:"solution", value: "Update the affected libpng10, libpng10-debuginfo and / or libpng10-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng10-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng10-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 1.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC1", reference:"libpng10-1.0.13-11")) flag++; if (rpm_check(release:"FC1", reference:"libpng10-debuginfo-1.0.13-11")) flag++; if (rpm_check(release:"FC1", reference:"libpng10-devel-1.0.13-11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng10 / libpng10-debuginfo / libpng10-devel"); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-213.NASL description Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to last seen 2020-06-01 modified 2020-06-02 plugin id 24598 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24598 title Mandrake Linux Security Advisory : chromium (MDKSA-2006:213) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:213. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24598); script_version ("1.20"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id( "CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2006-3334" ); script_bugtraq_id( 10244, 18698, 21078 ); script_xref(name:"MDKSA", value:"2006:213"); script_name(english:"Mandrake Linux Security Advisory : chromium (MDKSA-2006:213)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities : Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. In addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599) Packages have been patched to correct these issues." ); script_set_attribute( attribute:"solution", value:"Update the affected chromium and / or chromium-setup packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:chromium-setup"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"chromium-0.9.12-25.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"chromium-setup-0.9.12-25.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2011-9343.NASL description Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55612 published 2011-07-19 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55612 title Fedora 15 : libpng-1.2.46-1.fc15 (2011-9343) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-498.NASL description Steve Grubb discovered a problem in the Portable Network Graphics library libpng which is utilised in several applications. When processing a broken PNG image, the error handling routine will access memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng. This could be used as a denial of service attack against various programs that link against this library. The following commands will show you which packages utilise this library and whose programs should probably restarted after an upgrade : apt-cache showpkg libpng2 apt-cache showpkg libpng3 The following security matrix explains which package versions will contain a correction. Package stable (woody) unstable (sid) libpng 1.0.12-3.woody.5 1.0.15-5 libpng3 1.2.1-1.1.woody.5 1.2.5.0-6 last seen 2020-06-01 modified 2020-06-02 plugin id 15335 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15335 title Debian DSA-498-1 : libpng - out of bound access NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-124-04.NASL description New libpng packages are available for Slackware 9.0, 9.1, and -current to fix an issue where libpng could be caused to crash, perhaps creating a denial of service issue if network services are linked with it. last seen 2020-06-01 modified 2020-06-02 plugin id 18751 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18751 title Slackware 9.0 / 9.1 / current : libpng update (SSA:2004-124-04) NASL family Fedora Local Security Checks NASL id FEDORA_2011-9336.NASL description Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55738 published 2011-08-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55738 title Fedora 14 : libpng-1.2.46-1.fc14 (2011-9336) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-151.NASL description Multiple vulnerabilities has been discovered and corrected in libpng : The png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression (CVE-2011-2501). Buffer overflow in libpng, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image (CVE-2011-2690). The png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image (CVE-2011-2691). NOTE: This does not affect the binary packages in Mandriva, but could affect users if PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.?? package. The png_handle_sCAL function in pngrutil.c in libpng does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory (CVE-2011-2692). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56529 published 2011-10-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56529 title Mandriva Linux Security Advisory : libpng (MDVSA-2011:151) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200405-06.NASL description The remote host is affected by the vulnerability described in GLSA-200405-06 (libpng denial of service vulnerability) libpng provides two functions (png_chunk_error and png_chunk_warning) for default error and warning messages handling. These functions do not perform proper bounds checking on the provided message, which is limited to 64 bytes. Programs linked against this library may crash when handling a malicious PNG image. Impact : This vulnerability could be used to crash various programs using the libpng library, potentially resulting in a denial of service attack on vulnerable daemon processes. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of libpng. last seen 2020-06-01 modified 2020-06-02 plugin id 14492 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14492 title GLSA-200405-06 : libpng denial of service vulnerability NASL family Fedora Local Security Checks NASL id FEDORA_2011-8874.NASL description Fix for CVE-2011-2501. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55600 published 2011-07-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55600 title Fedora 15 : mingw32-libpng-1.4.3-3.fc15 (2011-8874) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1421.NASL description According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048) - The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692) - It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.(CVE-2015-8472) - The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691) - Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540) - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.(CVE-2011-3026) - An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.(CVE-2015-7981) - Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690) - The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124924 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124924 title EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3A408F6F9C5211D893660020ED76EF5A.NASL description Steve Grubb reports a buffer read overrun in libpng last seen 2020-06-01 modified 2020-06-02 plugin id 37799 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37799 title FreeBSD : libpng denial-of-service (3a408f6f-9c52-11d8-9366-0020ed76ef5a) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20040809.NASL description The remote host is missing Security Update 2004-08-09. libpng is a library used for manipulating graphics files. Several buffer overflows have been discovered in libpng. A remote attacker could exploit these vulnerabilities by tricking a user into opening a maliciously crafted PNG file, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 14242 published 2004-08-10 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14242 title Mac OS X Multiple Vulnerabilities (Security Update 2004-08-09) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-040.NASL description Steve Grubb discovered that libpng would access memory that is out of bounds when creating an error message. The impact of this bug is not clear, but it could lead to a core dump in a program using libpng, or could result in a DoS (Denial of Service) condition in a daemon that uses libpng to process PNG imagaes. The updated packages are patched to correct the vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 14139 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14139 title Mandrake Linux Security Advisory : libpng (MDKSA-2004:040) NASL family Fedora Local Security Checks NASL id FEDORA_2004-105.NASL description - Mon Apr 19 2004 Matthias Clasen <mclasen at redhat.com> - fix a possible out-of-bounds read in the error message handler. #121229 - Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com> - rebuilt - Fri Feb 27 2004 Mark McLoughlin <markmc at redhat.com> 2:1.2.2-19 - rebuild with changed bits/setjmp.h on ppc - Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com> - rebuilt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13688 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13688 title Fedora Core 1 : libpng-1.2.2-20 (2004-105) NASL family FreeBSD Local Security Checks NASL id FREEBSD_LIBPNG.NASL description The following package needs to be updated: linux-png last seen 2016-09-26 modified 2011-10-03 plugin id 12563 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12563 title FreeBSD : libpng denial-of-service (93) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-180.NASL description Updated libpng packages that fix a out of bounds memory access are now available. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Steve Grubb discovered a out of bounds memory access flaw in libpng. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. This issue may not be used to execute arbitrary code. Users are advised to upgrade to these updated packages that contain a backported security fix not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12492 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12492 title RHEL 2.1 / 3 : libpng (RHSA-2004:180) NASL family Fedora Local Security Checks NASL id FEDORA_2011-8867.NASL description This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there last seen 2020-06-01 modified 2020-06-02 plugin id 55655 published 2011-07-25 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55655 title Fedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)
Oval
accepted 2013-04-29T04:15:26.599-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. family unix id oval:org.mitre.oval:def:11710 status accepted submitted 2010-07-09T03:56:16-04:00 title The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. version 27 accepted 2007-04-25T19:53:11.593-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security
description The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. family unix id oval:org.mitre.oval:def:971 status accepted submitted 2004-05-20T12:00:00.000-04:00 title libpng Malformed PNG Image Vulnerability version 37
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://www.securityfocus.com/bid/10244
- http://www.redhat.com/support/errata/RHSA-2004-180.html
- http://lists.apple.com/mhonarc/security-announce/msg00056.html
- http://www.debian.org/security/2004/dsa-498
- http://www.redhat.com/support/errata/RHSA-2004-181.html
- http://secunia.com/advisories/22957
- http://secunia.com/advisories/22958
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:040
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
- http://marc.info/?l=bugtraq&m=108334922320309&w=2
- http://marc.info/?l=bugtraq&m=108335030208523&w=2
- http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2
- http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16022
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A971
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11710