Vulnerabilities > CVE-2009-5063 - Memory Leak vulnerability in Libpng

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
libpng
CWE-401
nessus

Summary

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

Vulnerable Configurations

Part Description Count
Application
Libpng
194

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBPNG12-110802.NASL
    descriptionThis update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id75911
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75911
    titleopenSUSE Security Update : libpng12 (libpng12-4947)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libpng12-4947.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75911);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"openSUSE Security Update : libpng12 (libpng12-4947)");
      script_summary(english:"Check for the libpng12-4947 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng12-0 fixes :
    
      - CVE-2011-2501: CVSS v2 Base Score: 5.0
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error
        (CWE-DesignError)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2691: CVSS v2 Base Score: 4.3
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=702578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706389"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng12 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-compat-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-0-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-0-debuginfo-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-compat-devel-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-debugsource-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-devel-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-0-32bit-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-0-debuginfo-32bit-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-compat-devel-32bit-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-devel-32bit-1.2.46-7.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng12-0");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12815.NASL
    descriptionThis update of libpng fixes : - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399). (CVE-2008-6218) - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119). (CVE-2011-2690) - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119). (CVE-2011-2692)
    last seen2020-06-01
    modified2020-06-02
    plugin id55895
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55895
    titleSuSE9 Security Update : libpng (YOU Patch Number 12815)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55895);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:40");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"SuSE9 Security Update : libpng (YOU Patch Number 12815)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng fixes :
    
      - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C):
        Resource Management Errors (CWE-399). (CVE-2008-6218)
    
      - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P):
        Buffer Errors (CWE-119). (CVE-2011-2690)
    
      - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P):
        Buffer Errors (CWE-119). (CVE-2011-2692)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-6218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-5063.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2501.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2690.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2691.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2692.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12815.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"libpng-1.2.5-182.32")) flag++;
    if (rpm_check(release:"SUSE9", reference:"libpng-devel-1.2.5-182.32")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"libpng-32bit-9-201108021634")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBPNG14-110802.NASL
    descriptionThis update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id75913
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75913
    titleopenSUSE Security Update : libpng14 (libpng14-4949)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libpng14-4949.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75913);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"openSUSE Security Update : libpng14 (libpng14-4949)");
      script_summary(english:"Check for the libpng14-4949 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng14-14 fixes :
    
      - CVE-2011-2501: CVSS v2 Base Score: 5.0
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error
        (CWE-DesignError)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2691: CVSS v2 Base Score: 4.3
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=702578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706389"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng14 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-compat-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-14-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-14-debuginfo-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-compat-devel-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-debugsource-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-devel-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-14-32bit-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-14-debuginfo-32bit-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-compat-devel-32bit-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-devel-32bit-1.4.4-3.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng14-14");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-15 (libpng: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libpng: The &ldquo;embedded_profile_len()&rdquo; function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). The &ldquo;png_format_buffer()&rdquo; function in pngerror.c contains an off-by-one error (CVE-2011-2501). The &ldquo;png_rgb_to_gray()&rdquo; function in pngrtran.c contains an integer overflow error (CVE-2011-2690). The &ldquo;png_err()&rdquo; function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). The &ldquo;png_handle_sCAL()&rdquo; function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). The &ldquo;png_decompress_chunk()&rdquo; function in pngrutil.c contains an integer overflow error (CVE-2011-3026). The &ldquo;png_inflate()&rdquo; function in pngrutil.c contains and out of bounds error (CVE-2011-3045). The &ldquo;png_set_text_2()&rdquo; function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). The &ldquo;png_formatted_warning()&rdquo; function in pngerror.c contains an off-by-one error (CVE-2011-3464). Impact : An attacker could exploit these vulnerabilities to execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user, or to cause programs linked against the library to crash. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59668
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59668
    titleGLSA-201206-15 : libpng: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201206-15.
    #
    # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59668);
      script_version("1.13");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-3464");
      script_bugtraq_id(48474, 48618, 48660, 51823, 52049, 52453, 52830);
      script_xref(name:"GLSA", value:"201206-15");
    
      script_name(english:"GLSA-201206-15 : libpng: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201206-15
    (libpng: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in libpng:
          The &ldquo;embedded_profile_len()&rdquo; function in pngwutil.c does not
            check for negative values, resulting in a memory leak (CVE-2009-5063).
          The &ldquo;png_format_buffer()&rdquo; function in pngerror.c contains an
            off-by-one error (CVE-2011-2501).
          The &ldquo;png_rgb_to_gray()&rdquo; function in pngrtran.c contains an
            integer overflow error (CVE-2011-2690).
          The &ldquo;png_err()&rdquo; function in pngerror.c contains a NULL pointer
            dereference error (CVE-2011-2691).
          The &ldquo;png_handle_sCAL()&rdquo; function in pngrutil.c improperly handles
            malformed sCAL chunks(CVE-2011-2692).
          The &ldquo;png_decompress_chunk()&rdquo; function in pngrutil.c contains an
            integer overflow error (CVE-2011-3026).
          The &ldquo;png_inflate()&rdquo; function in pngrutil.c contains and out of
            bounds error (CVE-2011-3045).
          The &ldquo;png_set_text_2()&rdquo; function in pngset.c contains an error
            which could result in memory corruption (CVE-2011-3048).
          The &ldquo;png_formatted_warning()&rdquo; function in pngerror.c contains an
            off-by-one error (CVE-2011-3464).
      
    Impact :
    
        An attacker could exploit these vulnerabilities to execute arbitrary
          code with the permissions of the user running the vulnerable program,
          which could be the root user, or to cause programs linked against the
          library to crash.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201206-15"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All libpng 1.5 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.10'
        All libpng 1.2 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.49'
        Packages which depend on this library may need to be recompiled. Tools
          such as revdep-rebuild may assist in identifying some of these packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libpng");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"media-libs/libpng", unaffected:make_list("ge 1.5.10", "ge 1.2.49"), vulnerable:make_list("lt 1.5.10"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBPNG12-110802.NASL
    descriptionThis update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id75603
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75603
    titleopenSUSE Security Update : libpng12 (libpng12-4947)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libpng12-4947.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75603);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"openSUSE Security Update : libpng12 (libpng12-4947)");
      script_summary(english:"Check for the libpng12-4947 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng12-0 fixes :
    
      - CVE-2011-2501: CVSS v2 Base Score: 5.0
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error
        (CWE-DesignError)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2691: CVSS v2 Base Score: 4.3
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=702578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706389"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng12 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-compat-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"libpng12-0-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"libpng12-compat-devel-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"libpng12-devel-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libpng12-0-32bit-1.2.46-7.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng12-0");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBPNG-7669.NASL
    descriptionThis update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id55897
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55897
    titleSuSE 10 Security Update : libpng (ZYPP Patch Number 7669)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55897);
      script_version ("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"SuSE 10 Security Update : libpng (ZYPP Patch Number 7669)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng fixes :
    
      - CVE-2008-6218: CVSS v2 Base Score: 7.1
        (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors
        (CWE-399)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-6218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-5063.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2501.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2690.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2691.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2692.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7669.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:3, reference:"libpng-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"libpng-devel-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"libpng-32bit-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"libpng-devel-32bit-1.2.8-19.31.9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1367-1.NASL
    descriptionIt was discovered that libpng did not properly verify the embedded profile length of iCCP chunks. An attacker could exploit this to cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-5063) Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57998
    published2012-02-17
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57998
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libpng vulnerabilities (USN-1367-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1367-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57998);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2009-5063", "CVE-2011-3026");
      script_bugtraq_id(52049);
      script_xref(name:"USN", value:"1367-1");
    
      script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libpng vulnerabilities (USN-1367-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that libpng did not properly verify the embedded
    profile length of iCCP chunks. An attacker could exploit this to cause
    a denial of service via application crash. This issue only affected
    Ubuntu 8.04 LTS. (CVE-2009-5063)
    
    Jueri Aedla discovered that libpng did not properly verify the size
    used when allocating memory during chunk decompression. If a user or
    automated system using libpng were tricked into opening a specially
    crafted image, an attacker could exploit this to cause a denial of
    service or execute code with the privileges of the user invoking the
    program. (CVE-2011-3026).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1367-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng12-0 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng12-0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"libpng12-0", pkgver:"1.2.15~beta5-3ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"libpng12-0", pkgver:"1.2.42-1ubuntu2.3")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libpng12-0", pkgver:"1.2.44-1ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"libpng12-0", pkgver:"1.2.44-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"libpng12-0", pkgver:"1.2.46-3ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng12-0");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBPNG14-110802.NASL
    descriptionThis update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id75604
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75604
    titleopenSUSE Security Update : libpng14 (libpng14-4949)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libpng14-4949.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75604);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"openSUSE Security Update : libpng14 (libpng14-4949)");
      script_summary(english:"Check for the libpng14-4949 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng14-14 fixes :
    
      - CVE-2011-2501: CVSS v2 Base Score: 5.0
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error
        (CWE-DesignError)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2691: CVSS v2 Base Score: 4.3
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=702578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706389"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng14 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-compat-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"libpng14-14-1.4.3-3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"libpng14-compat-devel-1.4.3-3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"libpng14-devel-1.4.3-3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libpng14-14-32bit-1.4.3-3.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng14-14");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPNG-DEVEL-110802.NASL
    descriptionThis update of libpng12-0 fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - unknown (unknown). (CVE-2009-5063: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)) - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id55896
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55896
    titleSuSE 11.1 Security Update : libpng (SAT Patch Number 4948)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55896);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"SuSE 11.1 Security Update : libpng (SAT Patch Number 4948)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng12-0 fixes :
    
      - CVE-2008-6218: CVSS v2 Base Score: 7.1
        (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors
        (CWE-399)
    
      - unknown (unknown). (CVE-2009-5063: CVSS v2 Base Score:
        4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P))
    
      - CVE-2011-2501: CVSS v2 Base Score: 5.0
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error
        (CWE-DesignError)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2691: CVSS v2 Base Score: 4.3
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=475533"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=680146"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=702578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-6218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-5063.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2501.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2690.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2691.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2692.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4948.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng12-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libpng-devel-1.2.31-5.25.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libpng12-0-1.2.31-5.25.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng-devel-1.2.31-5.25.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng12-0-1.2.31-5.25.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng12-0-32bit-1.2.31-5.25.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"libpng12-0-1.2.31-5.25.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libpng12-0-32bit-1.2.31-5.25.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libpng12-0-32bit-1.2.31-5.25.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBPNG-7670.NASL
    descriptionThis update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id57218
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57218
    titleSuSE 10 Security Update : libpng (ZYPP Patch Number 7670)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57218);
      script_version ("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"SuSE 10 Security Update : libpng (ZYPP Patch Number 7670)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng fixes :
    
      - CVE-2008-6218: CVSS v2 Base Score: 7.1
        (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors
        (CWE-399)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-6218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-5063.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2501.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2690.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2691.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2692.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7670.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"libpng-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"libpng-devel-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"libpng-32bit-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"libpng-devel-32bit-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"libpng-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"libpng-devel-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"libpng-32bit-1.2.8-19.31.9")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"libpng-devel-32bit-1.2.8-19.31.9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");