Vulnerabilities > CVE-2010-2249 - Memory Leak vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Vulnerable Configurations

Part Description Count
Application
Libpng
342
Application
Apple
253
Application
Vmware
16
OS
Apple
65
OS
Fedoraproject
2
OS
Suse
4
OS
Opensuse
2
OS
Canonical
5
OS
Debian
1

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2010-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id50549
    published2010-11-10
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50549
    titleMac OS X Multiple Vulnerabilities (Security Update 2010-007)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(50549);
      script_version("1.48");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2008-4546",
        "CVE-2009-0796",
        "CVE-2009-0946",
        "CVE-2009-2624",
        "CVE-2009-3793",
        "CVE-2009-4134",
        "CVE-2010-0105",
        "CVE-2010-0205",
        "CVE-2010-0209",
        "CVE-2010-0397",
        "CVE-2010-1205",
        "CVE-2010-1297",
        "CVE-2010-1449",
        "CVE-2010-1450",
        "CVE-2010-1752",
        "CVE-2010-1811",
        "CVE-2010-1828",
        "CVE-2010-1829",
        "CVE-2010-1830",
        "CVE-2010-1831",
        "CVE-2010-1832",
        "CVE-2010-1836",
        "CVE-2010-1837",
        "CVE-2010-1838",
        "CVE-2010-1840",
        "CVE-2010-1841",
        "CVE-2010-1845",
        "CVE-2010-1846",
        "CVE-2010-1848",
        "CVE-2010-1849",
        "CVE-2010-1850",
        "CVE-2010-2160",
        "CVE-2010-2161",
        "CVE-2010-2162",
        "CVE-2010-2163",
        "CVE-2010-2164",
        "CVE-2010-2165",
        "CVE-2010-2166",
        "CVE-2010-2167",
        "CVE-2010-2169",
        "CVE-2010-2170",
        "CVE-2010-2171",
        "CVE-2010-2172",
        "CVE-2010-2173",
        "CVE-2010-2174",
        "CVE-2010-2175",
        "CVE-2010-2176",
        "CVE-2010-2177",
        "CVE-2010-2178",
        "CVE-2010-2179",
        "CVE-2010-2180",
        "CVE-2010-2181",
        "CVE-2010-2182",
        "CVE-2010-2183",
        "CVE-2010-2184",
        "CVE-2010-2185",
        "CVE-2010-2186",
        "CVE-2010-2187",
        "CVE-2010-2188",
        "CVE-2010-2189",
        "CVE-2010-2213",
        "CVE-2010-2214",
        "CVE-2010-2215",
        "CVE-2010-2216",
        "CVE-2010-2249",
        "CVE-2010-2484",
        "CVE-2010-2497",
        "CVE-2010-2498",
        "CVE-2010-2499",
        "CVE-2010-2500",
        "CVE-2010-2519",
        "CVE-2010-2520",
        "CVE-2010-2531",
        "CVE-2010-2805",
        "CVE-2010-2806",
        "CVE-2010-2807",
        "CVE-2010-2808",
        "CVE-2010-2884",
        "CVE-2010-2941",
        "CVE-2010-3053",
        "CVE-2010-3054",
        "CVE-2010-3636",
        "CVE-2010-3638",
        "CVE-2010-3639",
        "CVE-2010-3640",
        "CVE-2010-3641",
        "CVE-2010-3642",
        "CVE-2010-3643",
        "CVE-2010-3644",
        "CVE-2010-3645",
        "CVE-2010-3646",
        "CVE-2010-3647",
        "CVE-2010-3648",
        "CVE-2010-3649",
        "CVE-2010-3650",
        "CVE-2010-3652",
        "CVE-2010-3654",
        "CVE-2010-3783",
        "CVE-2010-3784",
        "CVE-2010-3785",
        "CVE-2010-3796",
        "CVE-2010-3797",
        "CVE-2010-3976",
        "CVE-2010-4010"
      );
      script_bugtraq_id(
        31537,
        34383,
        34550,
        38478,
        39658,
        40361,
        40363,
        40365,
        40586,
        40779,
        40780,
        40781,
        40782,
        40783,
        40784,
        40785,
        40786,
        40787,
        40788,
        40789,
        40790,
        40791,
        40792,
        40793,
        40794,
        40795,
        40796,
        40797,
        40798,
        40799,
        40800,
        40801,
        40802,
        40803,
        40805,
        40806,
        40807,
        40808,
        40809,
        41049,
        41174,
        42285,
        42621,
        42624,
        44504,
        44530,
        44671,
        44729,
        44800,
        44802,
        44804,
        44806,
        44807,
        44808,
        44812,
        44814,
        44815,
        44816,
        44817,
        44819,
        44822,
        44829,
        44832,
        44833,
        44835,
        99999
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2010-007)");
      script_summary(english:"Check for the presence of Security Update 2010-007");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes security
    issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.5 that does not
    have Security Update 2010-007 applied. 
    
    This security update contains fixes for the following products :
    
      - AFP Server
      - Apache mod_perl
      - ATS
      - CFNetwork
      - CoreGraphics
      - CoreText
      - CUPS
      - Directory Services
      - diskdev_cmds
      - Disk Images
      - Flash Player plug-in
      - gzip
      - ImageIO
      - Image RAW
      - MySQL
      - Password Server
      - PHP
      - Printing
      - python
      - QuickLook
      - Safari RSS
      - Wiki Server
      - X11"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT4435"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2010-007 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploithub_sku", value:"EH-11-164");
      script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player "Button" Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 79, 189, 399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
    
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(0, "The 'Host/uname' KB item is missing.");
    
    pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$";
    if (!ereg(pattern:pat, string:uname)) exit(0, "Can't identify the Darwin kernel version from the uname output ("+uname+").");
    
    
    darwin = ereg_replace(pattern:pat, replace:"\1", string:uname);
    if (ereg(pattern:"^9\.[0-8]\.", string:darwin))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2010\.00[7-9]|201[1-9]\.[0-9]+)(\.leopard)?\.bom", string:packages)) 
        exit(0, "The host has Security Update 2010-007 or later installed and therefore is not affected.");
      else 
        security_hole(0);
    }
    else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201010-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201010-01 (Libpng: Multiple vulnerabilities) Multiple vulnerabilities were found in libpng: The png_decompress_chunk() function in pngrutil.c does not properly handle certain type of compressed data (CVE-2010-0205) A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205) A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249) Impact : An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id49771
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49771
    titleGLSA-201010-01 : Libpng: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12642.NASL
    descriptionSpecially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205, CVE-2010-2249)
    last seen2020-06-01
    modified2020-06-02
    plugin id49191
    published2010-09-12
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49191
    titleSuSE9 Security Update : libpng (YOU Patch Number 12642)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar
    last seen2020-06-01
    modified2020-06-02
    plugin id50548
    published2010-11-10
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50548
    titleMac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBPNG-DEVEL-100901.NASL
    descriptionSpecially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files (CVE-2010-1205, CVE-2010-2249).
    last seen2020-06-01
    modified2020-06-02
    plugin id49192
    published2010-09-12
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49192
    titleopenSUSE Security Update : libpng-devel (openSUSE-SU-2010:0594-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2072.NASL
    descriptionSeveral vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1205 It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. - CVE-2010-2249 It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
    last seen2020-06-01
    modified2020-06-02
    plugin id47767
    published2010-07-21
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47767
    titleDebian DSA-2072-1 : libpng - several vulnerabilities
  • NASL familyWindows
    NASL idSAFARI_5_0_4.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 5.0.4. It therefore is potentially affected by several issues in the following components : - ImageIO - libxml - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id52613
    published2011-03-10
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52613
    titleSafari < 5.0.4 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100714_LIBPNG_ON_SL3_X.NASL
    descriptionA memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60816
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60816
    titleScientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10823.NASL
    descriptionThis update addresses two security issues: * CVE-2010-1205, in which a buffer overflow might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. * CVE-2010-2249, in which a memory leak allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47771
    published2010-07-21
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47771
    titleFedora 13 : libpng10-1.0.54-1.fc13 (2010-10823)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-180-01.NASL
    descriptionNew libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47562
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47562
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2010-180-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBPNG-7144.NASL
    descriptionSpecially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205 / CVE-2010-2249)
    last seen2020-06-01
    modified2020-06-02
    plugin id49882
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49882
    titleSuSE 10 Security Update : libpng (ZYPP Patch Number 7144)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10557.NASL
    descriptionUpdate to libpng 1.2.44, includes fixes for CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47587
    published2010-07-02
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47587
    titleFedora 13 : libpng-1.2.44-1.fc13 (2010-10557)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBPNG-DEVEL-100901.NASL
    descriptionSpecially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files (CVE-2010-1205, CVE-2010-2249).
    last seen2020-06-01
    modified2020-06-02
    plugin id49193
    published2010-09-12
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49193
    titleopenSUSE Security Update : libpng-devel (openSUSE-SU-2010:0594-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0534.NASL
    descriptionUpdated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id47741
    published2010-07-16
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47741
    titleCentOS 3 / 4 / 5 : libpng / libpng10 (CESA-2010:0534)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPNG-DEVEL-100901.NASL
    descriptionSpecially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205 / CVE-2010-2249)
    last seen2020-06-01
    modified2020-06-02
    plugin id50941
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50941
    titleSuSE 11 / 11.1 Security Update : libpng (SAT Patch Numbers 3045 / 3046)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-133.NASL
    descriptionMultiple vulnerabilities has been found and corrected in libpng : Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file (CVE-2008-6218. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row (CVE-2010-1205). Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks (CVE-2010-2249). As a precaution htmldoc has been rebuilt to link against the system libpng library for CS4 and 2008.0. Latest xulrunner and mozilla-thunderbird has been patched as a precaution for 2008.0 wheres on 2009.0 and up the the system libpng library is used instead of the bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is therefore also being provided with this advisory. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48192
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48192
    titleMandriva Linux Security Advisory : libpng (MDVSA-2010:133)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10776.NASL
    description - Update to 1.2.44 - Fixes CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47836
    published2010-07-27
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47836
    titleFedora 12 : mingw32-libpng-1.2.44-1.fc12 (2010-10776)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0534.NASL
    descriptionFrom Red Hat Security Advisory 2010:0534 : Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68063
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68063
    titleOracle Linux 3 / 4 / 5 : libpng (ELSA-2010-0534)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-960-1.NASL
    descriptionIt was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-2249). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47695
    published2010-07-09
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47695
    titleUbuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libpng vulnerabilities (USN-960-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10833.NASL
    descriptionThis update addresses two security issues: * CVE-2010-1205, in which a buffer overflow might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. * CVE-2010-2249, in which a memory leak allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47772
    published2010-07-21
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47772
    titleFedora 12 : libpng10-1.0.54-1.fc12 (2010-10833)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10793.NASL
    description - Update to 1.2.44 - Fixes CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47837
    published2010-07-27
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47837
    titleFedora 13 : mingw32-libpng-1.2.44-1.fc13 (2010-10793)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0534.NASL
    descriptionUpdated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id47876
    published2010-07-28
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47876
    titleRHEL 3 / 4 / 5 : libpng (RHSA-2010:0534)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10592.NASL
    descriptionUpdate to libpng 1.2.44, includes fixes for CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47599
    published2010-07-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47599
    titleFedora 12 : libpng-1.2.44-1.fc12 (2010-10592)
  • NASL familyWindows
    NASL idITUNES_10_2.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 10.2. As such, it is affected by numerous issues in the following components : - ImageIO - libxml - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id52534
    published2011-03-03
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52534
    titleApple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_10_2_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 10.2. It is, therefore, affected by multiple vulnerabilities in the WebKit, ImageIO, and libxml components. Note that these only affect iTunes for Windows.
    last seen2020-06-01
    modified2020-06-02
    plugin id52535
    published2011-03-03
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52535
    titleApple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)

Redhat

advisories
bugzilla
id608644
titleCVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentlibpng-devel is earlier than 2:1.2.7-3.el4_8.3
          ovaloval:com.redhat.rhsa:tst:20100534001
        • commentlibpng-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060205004
      • AND
        • commentlibpng is earlier than 2:1.2.7-3.el4_8.3
          ovaloval:com.redhat.rhsa:tst:20100534003
        • commentlibpng is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060205002
      • AND
        • commentlibpng10-devel is earlier than 0:1.0.16-3.el4_8.4
          ovaloval:com.redhat.rhsa:tst:20100534005
        • commentlibpng10-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070356008
      • AND
        • commentlibpng10 is earlier than 0:1.0.16-3.el4_8.4
          ovaloval:com.redhat.rhsa:tst:20100534007
        • commentlibpng10 is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070356006
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibpng is earlier than 2:1.2.10-7.1.el5_5.3
          ovaloval:com.redhat.rhsa:tst:20100534010
        • commentlibpng is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070356011
      • AND
        • commentlibpng-devel is earlier than 2:1.2.10-7.1.el5_5.3
          ovaloval:com.redhat.rhsa:tst:20100534012
        • commentlibpng-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070356013
rhsa
idRHSA-2010:0534
released2010-07-14
severityImportant
titleRHSA-2010:0534: libpng security update (Important)
rpms
  • libpng-2:1.2.10-7.1.el5_5.3
  • libpng-2:1.2.2-30
  • libpng-2:1.2.7-3.el4_8.3
  • libpng-debuginfo-2:1.2.10-7.1.el5_5.3
  • libpng-debuginfo-2:1.2.2-30
  • libpng-debuginfo-2:1.2.7-3.el4_8.3
  • libpng-devel-2:1.2.10-7.1.el5_5.3
  • libpng-devel-2:1.2.2-30
  • libpng-devel-2:1.2.7-3.el4_8.3
  • libpng10-0:1.0.13-21
  • libpng10-0:1.0.16-3.el4_8.4
  • libpng10-debuginfo-0:1.0.13-21
  • libpng10-debuginfo-0:1.0.16-3.el4_8.4
  • libpng10-devel-0:1.0.13-21
  • libpng10-devel-0:1.0.16-3.el4_8.4

References