Vulnerabilities > CVE-2010-2249 - Memory Leak vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-007.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 50549 published 2010-11-10 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50549 title Mac OS X Multiple Vulnerabilities (Security Update 2010-007) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(50549); script_version("1.48"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2008-4546", "CVE-2009-0796", "CVE-2009-0946", "CVE-2009-2624", "CVE-2009-3793", "CVE-2009-4134", "CVE-2010-0105", "CVE-2010-0205", "CVE-2010-0209", "CVE-2010-0397", "CVE-2010-1205", "CVE-2010-1297", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1752", "CVE-2010-1811", "CVE-2010-1828", "CVE-2010-1829", "CVE-2010-1830", "CVE-2010-1831", "CVE-2010-1832", "CVE-2010-1836", "CVE-2010-1837", "CVE-2010-1838", "CVE-2010-1840", "CVE-2010-1841", "CVE-2010-1845", "CVE-2010-1846", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172", "CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188", "CVE-2010-2189", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215", "CVE-2010-2216", "CVE-2010-2249", "CVE-2010-2484", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2531", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-2884", "CVE-2010-2941", "CVE-2010-3053", "CVE-2010-3054", "CVE-2010-3636", "CVE-2010-3638", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654", "CVE-2010-3783", "CVE-2010-3784", "CVE-2010-3785", "CVE-2010-3796", "CVE-2010-3797", "CVE-2010-3976", "CVE-2010-4010" ); script_bugtraq_id( 31537, 34383, 34550, 38478, 39658, 40361, 40363, 40365, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40795, 40796, 40797, 40798, 40799, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809, 41049, 41174, 42285, 42621, 42624, 44504, 44530, 44671, 44729, 44800, 44802, 44804, 44806, 44807, 44808, 44812, 44814, 44815, 44816, 44817, 44819, 44822, 44829, 44832, 44833, 44835, 99999 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2010-007)"); script_summary(english:"Check for the presence of Security Update 2010-007"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4435" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2010-007 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-164"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player "Button" Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 189, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(0, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^9\.[0-8]\.", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2010\.00[7-9]|201[1-9]\.[0-9]+)(\.leopard)?\.bom", string:packages)) exit(0, "The host has Security Update 2010-007 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201010-01.NASL description The remote host is affected by the vulnerability described in GLSA-201010-01 (Libpng: Multiple vulnerabilities) Multiple vulnerabilities were found in libpng: The png_decompress_chunk() function in pngrutil.c does not properly handle certain type of compressed data (CVE-2010-0205) A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205) A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249) Impact : An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 49771 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49771 title GLSA-201010-01 : Libpng: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE9_12642.NASL description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205, CVE-2010-2249) last seen 2020-06-01 modified 2020-06-02 plugin id 49191 published 2010-09-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49191 title SuSE9 Security Update : libpng (YOU Patch Number 12642) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_5.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 50548 published 2010-11-10 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50548 title Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBPNG-DEVEL-100901.NASL description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files (CVE-2010-1205, CVE-2010-2249). last seen 2020-06-01 modified 2020-06-02 plugin id 49192 published 2010-09-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49192 title openSUSE Security Update : libpng-devel (openSUSE-SU-2010:0594-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2072.NASL description Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1205 It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. - CVE-2010-2249 It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. last seen 2020-06-01 modified 2020-06-02 plugin id 47767 published 2010-07-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47767 title Debian DSA-2072-1 : libpng - several vulnerabilities NASL family Windows NASL id SAFARI_5_0_4.NASL description The version of Safari installed on the remote Windows host is earlier than 5.0.4. It therefore is potentially affected by several issues in the following components : - ImageIO - libxml - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 52613 published 2011-03-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52613 title Safari < 5.0.4 Multiple Vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20100714_LIBPNG_ON_SL3_X.NASL description A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) All running applications using libpng or libpng10 must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60816 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60816 title Scientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2010-10823.NASL description This update addresses two security issues: * CVE-2010-1205, in which a buffer overflow might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. * CVE-2010-2249, in which a memory leak allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47771 published 2010-07-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47771 title Fedora 13 : libpng10-1.0.54-1.fc13 (2010-10823) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-180-01.NASL description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47562 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47562 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2010-180-01) NASL family SuSE Local Security Checks NASL id SUSE_LIBPNG-7144.NASL description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205 / CVE-2010-2249) last seen 2020-06-01 modified 2020-06-02 plugin id 49882 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49882 title SuSE 10 Security Update : libpng (ZYPP Patch Number 7144) NASL family Fedora Local Security Checks NASL id FEDORA_2010-10557.NASL description Update to libpng 1.2.44, includes fixes for CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47587 published 2010-07-02 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47587 title Fedora 13 : libpng-1.2.44-1.fc13 (2010-10557) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBPNG-DEVEL-100901.NASL description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files (CVE-2010-1205, CVE-2010-2249). last seen 2020-06-01 modified 2020-06-02 plugin id 49193 published 2010-09-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49193 title openSUSE Security Update : libpng-devel (openSUSE-SU-2010:0594-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0534.NASL description Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 47741 published 2010-07-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47741 title CentOS 3 / 4 / 5 : libpng / libpng10 (CESA-2010:0534) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPNG-DEVEL-100901.NASL description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205 / CVE-2010-2249) last seen 2020-06-01 modified 2020-06-02 plugin id 50941 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50941 title SuSE 11 / 11.1 Security Update : libpng (SAT Patch Numbers 3045 / 3046) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-133.NASL description Multiple vulnerabilities has been found and corrected in libpng : Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file (CVE-2008-6218. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row (CVE-2010-1205). Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks (CVE-2010-2249). As a precaution htmldoc has been rebuilt to link against the system libpng library for CS4 and 2008.0. Latest xulrunner and mozilla-thunderbird has been patched as a precaution for 2008.0 wheres on 2009.0 and up the the system libpng library is used instead of the bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is therefore also being provided with this advisory. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48192 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48192 title Mandriva Linux Security Advisory : libpng (MDVSA-2010:133) NASL family Fedora Local Security Checks NASL id FEDORA_2010-10776.NASL description - Update to 1.2.44 - Fixes CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47836 published 2010-07-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47836 title Fedora 12 : mingw32-libpng-1.2.44-1.fc12 (2010-10776) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0534.NASL description From Red Hat Security Advisory 2010:0534 : Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68063 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68063 title Oracle Linux 3 / 4 / 5 : libpng (ELSA-2010-0534) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-960-1.NASL description It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-2249). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47695 published 2010-07-09 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47695 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libpng vulnerabilities (USN-960-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-10833.NASL description This update addresses two security issues: * CVE-2010-1205, in which a buffer overflow might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. * CVE-2010-2249, in which a memory leak allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47772 published 2010-07-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47772 title Fedora 12 : libpng10-1.0.54-1.fc12 (2010-10833) NASL family Fedora Local Security Checks NASL id FEDORA_2010-10793.NASL description - Update to 1.2.44 - Fixes CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47837 published 2010-07-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47837 title Fedora 13 : mingw32-libpng-1.2.44-1.fc13 (2010-10793) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0534.NASL description Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 47876 published 2010-07-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47876 title RHEL 3 / 4 / 5 : libpng (RHSA-2010:0534) NASL family Fedora Local Security Checks NASL id FEDORA_2010-10592.NASL description Update to libpng 1.2.44, includes fixes for CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47599 published 2010-07-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47599 title Fedora 12 : libpng-1.2.44-1.fc12 (2010-10592) NASL family Windows NASL id ITUNES_10_2.NASL description The version of Apple iTunes installed on the remote Windows host is older than 10.2. As such, it is affected by numerous issues in the following components : - ImageIO - libxml - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 52534 published 2011-03-03 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52534 title Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check) NASL family Peer-To-Peer File Sharing NASL id ITUNES_10_2_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 10.2. It is, therefore, affected by multiple vulnerabilities in the WebKit, ImageIO, and libxml components. Note that these only affect iTunes for Windows. last seen 2020-06-01 modified 2020-06-02 plugin id 52535 published 2011-03-03 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52535 title Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=608644
- http://secunia.com/advisories/40302
- http://www.vupen.com/english/advisories/2010/1612
- http://www.libpng.org/pub/png/libpng.html
- http://www.securityfocus.com/bid/41174
- http://www.ubuntu.com/usn/USN-960-1
- http://www.vupen.com/english/advisories/2010/1755
- http://secunia.com/advisories/40472
- http://www.vupen.com/english/advisories/2010/1877
- http://www.debian.org/security/2010/dsa-2072
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
- http://www.vupen.com/english/advisories/2010/1837
- http://www.vupen.com/english/advisories/2010/1846
- http://secunia.com/advisories/40547
- http://secunia.com/advisories/41574
- http://www.vupen.com/english/advisories/2010/2491
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://www.vmware.com/security/advisories/VMSA-2010-0014.html
- http://lists.vmware.com/pipermail/security-announce/2010/000105.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://support.apple.com/kb/HT4435
- http://support.apple.com/kb/HT4456
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://www.vupen.com/english/advisories/2010/3046
- http://support.apple.com/kb/HT4457
- http://www.vupen.com/english/advisories/2010/3045
- http://secunia.com/advisories/42314
- http://www.securitytracker.com/id?1024723
- http://secunia.com/advisories/42317
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
- http://support.apple.com/kb/HT4554
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
- http://support.apple.com/kb/HT4566
- http://secunia.com/advisories/40336
- http://www.vupen.com/english/advisories/2010/1637
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59816
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20