Vulnerabilities > CVE-2007-2445 - Remote Denial of Service vulnerability in Libpng Library
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2007-529.NASL description - Wed May 23 2007 Tom Lane <tgl at redhat.com> 2:1.2.10-9 - Add patch to fix CVE-2006-5793 Related: #215405 - Add patch to fix CVE-2007-2445 Related: #239542 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25304 published 2007-05-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25304 title Fedora Core 6 : libpng-1.2.10-9.fc6 (2007-529) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-529. # include("compat.inc"); if (description) { script_id(25304); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_xref(name:"FEDORA", value:"2007-529"); script_name(english:"Fedora Core 6 : libpng-1.2.10-9.fc6 (2007-529)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Wed May 23 2007 Tom Lane <tgl at redhat.com> 2:1.2.10-9 - Add patch to fix CVE-2006-5793 Related: #215405 - Add patch to fix CVE-2007-2445 Related: #239542 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001747.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?48c665d9" ); script_set_attribute( attribute:"solution", value: "Update the affected libpng, libpng-debuginfo and / or libpng-devel packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC6", reference:"libpng-1.2.10-9.fc6")) flag++; if (rpm_check(release:"FC6", reference:"libpng-debuginfo-1.2.10-9.fc6")) flag++; if (rpm_check(release:"FC6", reference:"libpng-devel-1.2.10-9.fc6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng / libpng-debuginfo / libpng-devel"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_137080-09.NASL description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jun/15/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107484 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107484 title Solaris 10 (sparc) : 137080-09 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107484); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2007-2445", "CVE-2007-5266", "CVE-2007-5267", "CVE-2007-5268", "CVE-2007-5269", "CVE-2008-1382", "CVE-2008-3964", "CVE-2009-0040"); script_name(english:"Solaris 10 (sparc) : 137080-09"); script_summary(english:"Check for patch 137080-09"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 137080-09" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jun/15/17" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/137080-09" ); script_set_attribute(attribute:"solution", value:"Install patch 137080-09 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-1382"); script_cwe_id(20, 94, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:137080"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/16"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"137080-09", obsoleted_by:"", package:"SUNWpng-devel", version:"20.2.6.0,REV=10.0.3.2004.12.15.14.11") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"137080-09", obsoleted_by:"", package:"SUNWpng", version:"20.2.6.0,REV=10.0.3.2004.12.15.14.11") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"137080-09", obsoleted_by:"", package:"SUNWpngS", version:"20.2.6.0,REV=10.0.3.2004.12.15.14.11") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWpng / SUNWpng-devel / SUNWpngS"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-136-01.NASL description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25253 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25253 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2007-136-01) NASL family SuSE Local Security Checks NASL id SUSE_LIBPNG-3739.NASL description Applications using libpng can crash if libpng is ask to process a grayscale image with a malformed (bad CRC) tRNS chunk. (CVE-2007-2445) last seen 2020-06-01 modified 2020-06-02 plugin id 27331 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27331 title openSUSE 10 Security Update : libpng (libpng-3739) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_137081.NASL description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Sep/11/17 This plugin has been deprecated and either replaced with individual 137081 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 31337 published 2008-03-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=31337 title Solaris 10 (x86) : 137081-11 (deprecated) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0356.NASL description Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793) Users of libpng should update to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25269 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25269 title RHEL 2.1 / 3 / 4 / 5 : libpng (RHSA-2007:0356) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_114817.NASL description GNOME 2.0.0_x86: libpng Patch. Date this patch was last updated by Sun : Mar/19/12 last seen 2020-06-01 modified 2020-06-02 plugin id 23455 published 2006-11-06 reporter This script is Copyright (C) 2006-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23455 title Solaris 8 (x86) : 114817-04 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4CB9C51303EF11DCA51D0019B95D4F14.NASL description A Libpng Security Advisory reports : A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some libpng applications. This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited otherwise. last seen 2020-06-01 modified 2020-06-02 plugin id 25261 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25261 title FreeBSD : png -- DoS crash vulnerability (4cb9c513-03ef-11dc-a51d-0019b95d4f14) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_137081-09.NASL description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jun/15/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107982 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107982 title Solaris 10 (x86) : 137081-09 NASL family SuSE Local Security Checks NASL id SUSE_LIBPNG-3479.NASL description Applications using libpng can crash if libpng is ask to process a grayscale image with a malformed (bad CRC) tRNS chunk. (CVE-2007-2445) last seen 2020-06-01 modified 2020-06-02 plugin id 27330 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27330 title openSUSE 10 Security Update : libpng (libpng-3479) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0356.NASL description From Red Hat Security Advisory 2007:0356 : Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793) Users of libpng should update to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67500 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67500 title Oracle Linux 3 / 4 / 5 : libpng (ELSA-2007-0356) NASL family Solaris Local Security Checks NASL id SOLARIS10_137080-07.NASL description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jul/18/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107483 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107483 title Solaris 10 (sparc) : 137080-07 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-472-1.NASL description It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28073 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28073 title Ubuntu 6.06 LTS / 6.10 / 7.04 : libpng vulnerability (USN-472-1) NASL family Fedora Local Security Checks NASL id FEDORA_2007-528.NASL description - Wed May 23 2007 Tom Lane <tgl at redhat.com> 2:1.2.8-3 - Add patch to fix CVE-2006-5793 Related: #215405 - Add patch to fix CVE-2007-2445 Related: #239542 - Require pkgconfig in the -devel subpackage Resolves: #217903 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25303 published 2007-05-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25303 title Fedora Core 5 : libpng-1.2.8-3.fc5 (2007-528) NASL family Fedora Local Security Checks NASL id FEDORA_2007-0004.NASL description The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. This update to libpng 1.0.26 resolves this problem. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62266 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62266 title Fedora 7 : libpng10-1.0.26-1.fc7.1 (2007-0004) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-002.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 31605 published 2008-03-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31605 title Mac OS X Multiple Vulnerabilities (Security Update 2008-002) NASL family Solaris Local Security Checks NASL id SOLARIS10_137080.NASL description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Sep/11/17 This plugin has been deprecated and either replaced with individual 137080 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 31333 published 2008-03-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=31333 title Solaris 10 (sparc) : 137080-11 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_137080-10.NASL description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jul/17/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107485 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107485 title Solaris 10 (sparc) : 137080-10 NASL family Solaris Local Security Checks NASL id SOLARIS8_114816.NASL description GNOME 2.0.0: libpng Patch. Date this patch was last updated by Sun : Mar/19/12 last seen 2020-06-01 modified 2020-06-02 plugin id 23367 published 2006-11-06 reporter This script is Copyright (C) 2006-2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23367 title Solaris 8 (sparc) : 114816-04 NASL family Scientific Linux Local Security Checks NASL id SL_20070517_LIBPNG_ON_SL5_X.NASL description A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793) last seen 2020-06-01 modified 2020-06-02 plugin id 60184 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60184 title Scientific Linux Security Update : libpng on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_137081-07.NASL description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jul/18/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107981 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107981 title Solaris 10 (x86) : 137081-07 NASL family Fedora Local Security Checks NASL id FEDORA_2007-2666.NASL description - Thu Oct 18 2007 Tom Lane <tgl at redhat.com> 2:1.2.22-1 - Update to libpng 1.2.22, primarily to fix CVE-2007-5269 Related: #324771 - Update License tag - Wed May 23 2007 Tom Lane <tgl at redhat.com> 2:1.2.16-2 - Add patch to fix CVE-2007-2445 Related: #239542 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27787 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27787 title Fedora 7 : libpng-1.2.22-1.fc7 (2007-2666) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_137081-10.NASL description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jul/17/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107983 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107983 title Solaris 10 (x86) : 137081-10 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1750.NASL description Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. - CVE-2007-5269 Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. - CVE-2008-1382 libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length last seen 2020-06-01 modified 2020-06-02 plugin id 35988 published 2009-03-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35988 title Debian DSA-1750-1 : libpng - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-11.NASL description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79964 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79964 title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200705-24.NASL description The remote host is affected by the vulnerability described in GLSA-200705-24 (libpng: Denial of Service) Mats Palmgren fixed an error in file pngrutil.c in which the trans[] array might be not allocated because of images with a bad tRNS chunk CRC value. Impact : A remote attacker could craft an image that when processed or viewed by an application using libpng causes the application to terminate abnormally. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25383 published 2007-06-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25383 title GLSA-200705-24 : libpng: Denial of Service NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1613.NASL description Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (crash), if a maliciously crafted image is loaded into an application using libgd. - CVE-2007-3476 An array indexing error in libgd last seen 2020-06-01 modified 2020-06-02 plugin id 33552 published 2008-07-23 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33552 title Debian DSA-1613-1 : libgd2 - multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0356.NASL description Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793) Users of libpng should update to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25256 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25256 title CentOS 3 / 4 / 5 : libpng (CESA-2007:0356) NASL family Solaris Local Security Checks NASL id SOLARIS9_139382.NASL description GNOME 2.0.2: libpng Patch. Date this patch was last updated by Sun : Oct/03/08 last seen 2016-09-26 modified 2008-10-17 plugin id 34435 published 2008-10-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=34435 title Solaris 5.9 (sparc) : 139382-01 NASL family SuSE Local Security Checks NASL id SUSE_LIBPNG-3740.NASL description Applications using libpng can crash if libpng is ask to process a grayscale image with a malformed (bad CRC) tRNS chunk. (CVE-2007-2445) last seen 2020-06-01 modified 2020-06-02 plugin id 29508 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29508 title SuSE 10 Security Update : libpng (ZYPP Patch Number 3740) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-116.NASL description A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25440 published 2007-06-07 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25440 title Mandrake Linux Security Advisory : libpng (MDKSA-2007:116)
Oval
| accepted | 2013-04-29T04:01:34.142-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10094 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | ||||||||||||||||||||||||||||||||
| version | 28 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/64260/CORE-2008-0124.txt |
| id | PACKETSTORM:64260 |
| last seen | 2016-12-05 |
| published | 2008-03-04 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/64260/Core-Security-Technologies-Advisory-2008.0124.html |
| title | Core Security Technologies Advisory 2008.0124 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
- http://docs.info.apple.com/article.html?artnum=307562
- http://irrlicht.sourceforge.net/changes.txt
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://openpkg.com/go/OpenPKG-SA-2007.013
- http://osvdb.org/36196
- http://secunia.com/advisories/25268
- http://secunia.com/advisories/25273
- http://secunia.com/advisories/25292
- http://secunia.com/advisories/25329
- http://secunia.com/advisories/25353
- http://secunia.com/advisories/25461
- http://secunia.com/advisories/25554
- http://secunia.com/advisories/25571
- http://secunia.com/advisories/25742
- http://secunia.com/advisories/25787
- http://secunia.com/advisories/25867
- http://secunia.com/advisories/27056
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/30161
- http://secunia.com/advisories/31168
- http://secunia.com/advisories/34388
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650
- http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624
- http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
- http://www.coresecurity.com/?action=item&id=2148
- http://www.debian.org/security/2008/dsa-1613
- http://www.debian.org/security/2009/dsa-1750
- http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml
- http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
- http://www.kb.cert.org/vuls/id/684664
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:116
- http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt
- http://www.novell.com/linux/security/advisories/2007_13_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-0356.html
- http://www.securityfocus.com/archive/1/468910/100/0/threaded
- http://www.securityfocus.com/archive/1/489135/100/0/threaded
- http://www.securityfocus.com/bid/24000
- http://www.securityfocus.com/bid/24023
- http://www.securitytracker.com/id?1018078
- http://www.trustix.org/errata/2007/0019/
- http://www.ubuntu.com/usn/usn-472-1
- http://www.vupen.com/english/advisories/2007/1838
- http://www.vupen.com/english/advisories/2007/2385
- http://www.vupen.com/english/advisories/2008/0924/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34340
- https://issues.rpath.com/browse/RPL-1381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094