Vulnerabilities > CVE-2009-2042 - Information Exposure vulnerability in Libpng

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.

Vulnerable Configurations

Part Description Count
Application
Libpng
389

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-913-1.NASL
    descriptionIt was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042) It was discovered that libpng did not properly handle certain excessively compressed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-0205). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id45080
    published2010-03-17
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45080
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : libpng vulnerabilities (USN-913-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-913-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(45080);
      script_version("1.14");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2009-2042", "CVE-2010-0205");
      script_bugtraq_id(35233, 38478);
      script_xref(name:"USN", value:"913-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : libpng vulnerabilities (USN-913-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that libpng did not properly initialize memory when
    decoding certain 1-bit interlaced images. If a user or automated
    system were tricked into processing crafted PNG images, an attacker
    could possibly use this flaw to read sensitive information stored in
    memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and
    9.04. (CVE-2009-2042)
    
    It was discovered that libpng did not properly handle certain
    excessively compressed PNG images. If a user or automated system were
    tricked into processing a crafted PNG image, an attacker could
    possibly use this flaw to consume all available resources, resulting
    in a denial of service. (CVE-2010-0205).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/913-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected libpng12-0, libpng12-dev and / or libpng3
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng12-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng12-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(6\.06|8\.04|8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"libpng12-0", pkgver:"1.2.8rel-5ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libpng12-dev", pkgver:"1.2.8rel-5ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libpng3", pkgver:"1.2.8rel-5ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"libpng12-0", pkgver:"1.2.15~beta5-3ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"libpng12-dev", pkgver:"1.2.15~beta5-3ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"libpng3", pkgver:"1.2.15~beta5-3ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libpng12-0", pkgver:"1.2.27-1ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libpng12-dev", pkgver:"1.2.27-1ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libpng3", pkgver:"1.2.27-1ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libpng12-0", pkgver:"1.2.27-2ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libpng12-dev", pkgver:"1.2.27-2ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libpng3", pkgver:"1.2.27-2ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"libpng12-0", pkgver:"1.2.37-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"libpng12-dev", pkgver:"1.2.37-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"libpng3", pkgver:"1.2.37-1ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng12-0 / libpng12-dev / libpng3");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-5977.NASL
    descriptionFix libpng vulnerability (RHBZ#504782). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39397
    published2009-06-16
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39397
    titleFedora 11 : mingw32-libpng-1.2.37-1.fc11 (2009-5977)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200906-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200906-01 (libpng: Information disclosure) Jeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file. Impact : A remote attacker might entice a user to open a specially crafted PNG file, possibly resulting in the disclosure of sensitive memory portions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id39561
    published2009-06-28
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39561
    titleGLSA-200906-01 : libpng: Information disclosure
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100714_LIBPNG_ON_SL3_X.NASL
    descriptionA memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60816
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60816
    titleScientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0534.NASL
    descriptionUpdated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id47741
    published2010-07-16
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47741
    titleCentOS 3 / 4 / 5 : libpng / libpng10 (CESA-2010:0534)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2032.NASL
    descriptionSeveral vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2042 libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via
    last seen2020-06-01
    modified2020-06-02
    plugin id45480
    published2010-04-12
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45480
    titleDebian DSA-2032-1 : libpng - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-6400.NASL
    descriptionFix libpng vulnerability (RHBZ#504782). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39405
    published2009-06-16
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39405
    titleFedora 10 : mingw32-libpng-1.2.37-1.fc10 (2009-6400)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-170-01.NASL
    descriptionNew libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. Jeff Phillips discovered an uninitialized-memory-read bug affecting interlaced images that may have security implications.
    last seen2020-06-01
    modified2020-06-02
    plugin id39472
    published2009-06-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39472
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2009-170-01)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-6531.NASL
    descriptionUpdate to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty low-risk issue, but it
    last seen2020-06-01
    modified2020-06-02
    plugin id39455
    published2009-06-19
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39455
    titleFedora 10 : libpng-1.2.37-1.fc10 (2009-6531)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79961
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79961
    titleGLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0007.NASL
    descriptiona. Windows-based VMware Tools Unsafe Library Loading vulnerability A vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems. In order for an attacker to exploit the vulnerability, the attacker would need to lure the user that is logged on a Windows Guest Operating System to click on the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id56246
    published2011-09-21
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56246
    titleVMSA-2010-0007 : VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
  • NASL familyWindows
    NASL idVMWARE_MULTIPLE_VMSA_2010_0007.NASL
    descriptionA VMware product (Player, Workstation, or Movie Decoder) detected on the remote host has one or more of the following vulnerabilities : - The VMnc media codec has multiple heap overflow vulnerabilities. A remote attacker could exploit these issues by tricking a user into requesting a malicious web page or opening a malicious file. (CVE-2009-1564, CVE-2009-1565) - A flaw in the 3rd party libpng library could allow an attacker to read sensitive portions of memory. (CVE-2009-2042) - A flaw in vmware-authd could lead to a denial of service service on Windows-based hosts. (CVE-2009-3707) - A format string vulnerability exists in the VMware Remote Console Plug-in. A remote attacker could exploit this by tricking a user into requesting a malicious web page, resulting in arbitrary code execution. (CVE-2009-3732) - A flaw in the virtual networking stack could result in an information leak, causing memory from a guest VM to be sent to host
    last seen2020-06-01
    modified2020-06-02
    plugin id45541
    published2010-04-15
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45541
    titleVMware Products Multiple Vulnerabilities (VMSA-2010-0007)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id45372
    published2010-03-29
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45372
    titleMac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0534.NASL
    descriptionFrom Red Hat Security Advisory 2010:0534 : Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68063
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68063
    titleOracle Linux 3 / 4 / 5 : libpng (ELSA-2010-0534)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPNG-DEVEL-090624.NASL
    descriptionThis update of libpng improves the parsing of 1-bit interlaced images. This bug could be abused to use
    last seen2020-06-01
    modified2020-06-02
    plugin id41426
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41426
    titleSuSE 11 Security Update : libpng (SAT Patch Number 1039)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-6603.NASL
    descriptionUpdate to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty low-risk issue, but it
    last seen2020-06-01
    modified2020-06-02
    plugin id39459
    published2009-06-19
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39459
    titleFedora 9 : libpng-1.2.37-1.fc9 (2009-6603)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2010-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar
    last seen2020-06-01
    modified2020-06-02
    plugin id45373
    published2010-03-29
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45373
    titleMac OS X Multiple Vulnerabilities (Security Update 2010-002)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBPNG-6326.NASL
    descriptionThis update of libpng improves the parsing of 1-bit interlaced images. This bug could be abused to use
    last seen2020-06-01
    modified2020-06-02
    plugin id41549
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41549
    titleSuSE 10 Security Update : libpng (ZYPP Patch Number 6326)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-6506.NASL
    descriptionUpdate to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty low-risk issue, but it
    last seen2020-06-01
    modified2020-06-02
    plugin id39454
    published2009-06-19
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39454
    titleFedora 11 : libpng-1.2.37-1.fc11 (2009-6506)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0534.NASL
    descriptionUpdated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id47876
    published2010-07-28
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47876
    titleRHEL 3 / 4 / 5 : libpng (RHSA-2010:0534)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-063.NASL
    descriptionMultiple vulnerabilities has been found and corrected in libpng : libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via out-of-bounds pixels in the file (CVE-2009-2042). The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a decompression bomb attack (CVE-2010-0205). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id45124
    published2010-03-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45124
    titleMandriva Linux Security Advisory : libpng (MDVSA-2010:063)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBPNG-6324.NASL
    descriptionThis update of libpng improves the parsing of 1-bit interlaced images. This bug could be abused to use
    last seen2020-06-01
    modified2020-06-02
    plugin id42016
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42016
    titleopenSUSE 10 Security Update : libpng (libpng-6324)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12444.NASL
    descriptionThis update of libpng improves the parsing of 1-bit interlaced images. This bug could be abused to use
    last seen2020-06-01
    modified2020-06-02
    plugin id41308
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41308
    titleSuSE9 Security Update : libpng (YOU Patch Number 12444)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBPNG-DEVEL-090624.NASL
    descriptionThis update of libpng improves the parsing of 1-bit interlaced images. This bug could be abused to use
    last seen2020-06-01
    modified2020-06-02
    plugin id40266
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40266
    titleopenSUSE Security Update : libpng-devel (libpng-devel-1046)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBPNG-DEVEL-090624.NASL
    descriptionThis update of libpng improves the parsing of 1-bit interlaced images. This bug could be abused to use
    last seen2020-06-01
    modified2020-06-02
    plugin id40040
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40040
    titleopenSUSE Security Update : libpng-devel (libpng-devel-1046)

Redhat

rpms
  • libpng-2:1.2.10-7.1.el5_5.3
  • libpng-2:1.2.2-30
  • libpng-2:1.2.7-3.el4_8.3
  • libpng-debuginfo-2:1.2.10-7.1.el5_5.3
  • libpng-debuginfo-2:1.2.2-30
  • libpng-debuginfo-2:1.2.7-3.el4_8.3
  • libpng-devel-2:1.2.10-7.1.el5_5.3
  • libpng-devel-2:1.2.2-30
  • libpng-devel-2:1.2.7-3.el4_8.3
  • libpng10-0:1.0.13-21
  • libpng10-0:1.0.16-3.el4_8.4
  • libpng10-debuginfo-0:1.0.13-21
  • libpng10-debuginfo-0:1.0.16-3.el4_8.4
  • libpng10-devel-0:1.0.13-21
  • libpng10-devel-0:1.0.16-3.el4_8.4

Statements

contributorMark J Cox
lastmodified2010-07-14
organizationRed Hat
statementThis issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.