Vulnerabilities > CVE-2011-2691 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBPNG12-110802.NASL description This update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) last seen 2020-06-01 modified 2020-06-02 plugin id 75911 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75911 title openSUSE Security Update : libpng12 (libpng12-4947) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libpng12-4947. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75911); script_version("1.3"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"); script_name(english:"openSUSE Security Update : libpng12 (libpng12-4947)"); script_summary(english:"Check for the libpng12-4947 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=702578" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=706387" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=706388" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=706389" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng12 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-compat-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"libpng12-0-1.2.46-7.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libpng12-0-debuginfo-1.2.46-7.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libpng12-compat-devel-1.2.46-7.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libpng12-debugsource-1.2.46-7.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libpng12-devel-1.2.46-7.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-0-32bit-1.2.46-7.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-0-debuginfo-32bit-1.2.46-7.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-compat-devel-32bit-1.2.46-7.3.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-devel-32bit-1.2.46-7.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng12-0"); }NASL family Fedora Local Security Checks NASL id FEDORA_2011-8844.NASL description This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there last seen 2020-06-01 modified 2020-06-02 plugin id 55654 published 2011-07-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55654 title Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-8844. # include("compat.inc"); if (description) { script_id(55654); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"); script_bugtraq_id(48474, 48618, 48660); script_xref(name:"FEDORA", value:"2011-8844"); script_name(english:"Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there's additionally a bugfix backported from 1.5.3: when expanding a paletted image, always expand to RGBA if transparency is present. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=717084" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=720607" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=720608" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=720612" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062970.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?34f18a13" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng10 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2011/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"libpng10-1.0.55-1.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng10"); }NASL family SuSE Local Security Checks NASL id SUSE9_12815.NASL description This update of libpng fixes : - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399). (CVE-2008-6218) - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119). (CVE-2011-2690) - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119). (CVE-2011-2692) last seen 2020-06-01 modified 2020-06-02 plugin id 55895 published 2011-08-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55895 title SuSE9 Security Update : libpng (YOU Patch Number 12815) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(55895); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:40"); script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"); script_name(english:"SuSE9 Security Update : libpng (YOU Patch Number 12815)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of libpng fixes : - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399). (CVE-2008-6218) - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119). (CVE-2011-2690) - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119). (CVE-2011-2692)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-6218.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-5063.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2501.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2690.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2691.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2692.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12815."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"libpng-1.2.5-182.32")) flag++; if (rpm_check(release:"SUSE9", reference:"libpng-devel-1.2.5-182.32")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"libpng-32bit-9-201108021634")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBPNG14-110802.NASL description This update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) last seen 2020-06-01 modified 2020-06-02 plugin id 75913 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75913 title openSUSE Security Update : libpng14 (libpng14-4949) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libpng14-4949. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75913); script_version("1.3"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"); script_name(english:"openSUSE Security Update : libpng14 (libpng14-4949)"); script_summary(english:"Check for the libpng14-4949 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=702578" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=706387" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=706388" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=706389" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng14 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-compat-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"libpng14-14-1.4.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libpng14-14-debuginfo-1.4.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libpng14-compat-devel-1.4.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libpng14-debugsource-1.4.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libpng14-devel-1.4.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-14-32bit-1.4.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-14-debuginfo-32bit-1.4.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-compat-devel-32bit-1.4.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-devel-32bit-1.4.4-3.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng14-14"); }NASL family Fedora Local Security Checks NASL id FEDORA_2011-9343.NASL description Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55612 published 2011-07-19 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55612 title Fedora 15 : libpng-1.2.46-1.fc15 (2011-9343) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_2.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreMedia - CoreProcesses - CoreStorage - File Systems - iChat Server - Kernel - libsecurity - Open Directory - PHP - python - QuickTime - SMB File Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56480 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56480 title Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-9336.NASL description Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55738 published 2011-08-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55738 title Fedora 14 : libpng-1.2.46-1.fc14 (2011-9336) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-15.NASL description The remote host is affected by the vulnerability described in GLSA-201206-15 (libpng: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libpng: The “embedded_profile_len()” function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). The “png_format_buffer()” function in pngerror.c contains an off-by-one error (CVE-2011-2501). The “png_rgb_to_gray()” function in pngrtran.c contains an integer overflow error (CVE-2011-2690). The “png_err()” function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). The “png_handle_sCAL()” function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). The “png_decompress_chunk()” function in pngrutil.c contains an integer overflow error (CVE-2011-3026). The “png_inflate()” function in pngrutil.c contains and out of bounds error (CVE-2011-3045). The “png_set_text_2()” function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). The “png_formatted_warning()” function in pngerror.c contains an off-by-one error (CVE-2011-3464). Impact : An attacker could exploit these vulnerabilities to execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user, or to cause programs linked against the library to crash. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59668 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59668 title GLSA-201206-15 : libpng: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-151.NASL description Multiple vulnerabilities has been discovered and corrected in libpng : The png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression (CVE-2011-2501). Buffer overflow in libpng, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image (CVE-2011-2690). The png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image (CVE-2011-2691). NOTE: This does not affect the binary packages in Mandriva, but could affect users if PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.?? package. The png_handle_sCAL function in pngrutil.c in libpng does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory (CVE-2011-2692). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56529 published 2011-10-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56529 title Mandriva Linux Security Advisory : libpng (MDVSA-2011:151) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1421.NASL description According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048) - The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692) - It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.(CVE-2015-8472) - The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691) - Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540) - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.(CVE-2011-3026) - An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.(CVE-2015-7981) - Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690) - The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124924 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124924 title EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421) NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBPNG12-110802.NASL description This update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) last seen 2020-06-01 modified 2020-06-02 plugin id 75603 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75603 title openSUSE Security Update : libpng12 (libpng12-4947) NASL family SuSE Local Security Checks NASL id SUSE_LIBPNG-7669.NASL description This update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) last seen 2020-06-01 modified 2020-06-02 plugin id 55897 published 2011-08-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55897 title SuSE 10 Security Update : libpng (ZYPP Patch Number 7669) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-006.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56481 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56481 title Mac OS X Multiple Vulnerabilities (Security Update 2011-006) NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBPNG14-110802.NASL description This update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) last seen 2020-06-01 modified 2020-06-02 plugin id 75604 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75604 title openSUSE Security Update : libpng14 (libpng14-4949) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPNG-DEVEL-110802.NASL description This update of libpng12-0 fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - unknown (unknown). (CVE-2009-5063: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)) - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) last seen 2020-06-01 modified 2020-06-02 plugin id 55896 published 2011-08-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55896 title SuSE 11.1 Security Update : libpng (SAT Patch Number 4948) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2287.NASL description The PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image. The other vulnerabilities are less critical and allow an attacker to cause a crash in the program (denial of service) via a crafted PNG image. last seen 2020-03-17 modified 2011-07-29 plugin id 55721 published 2011-07-29 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55721 title Debian DSA-2287-1 : libpng - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_LIBPNG-7670.NASL description This update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) last seen 2020-06-01 modified 2020-06-02 plugin id 57218 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57218 title SuSE 10 Security Update : libpng (ZYPP Patch Number 7670) NASL family Fedora Local Security Checks NASL id FEDORA_2011-8867.NASL description This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there last seen 2020-06-01 modified 2020-06-02 plugin id 55655 published 2011-07-25 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55655 title Fedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)
References
- http://secunia.com/advisories/45046
- http://www.openwall.com/lists/oss-security/2011/07/13/2
- http://www.libpng.org/pub/png/libpng.html
- http://www.securityfocus.com/bid/48660
- https://bugzilla.redhat.com/show_bug.cgi?id=720608
- http://www.debian.org/security/2011/dsa-2287
- http://secunia.com/advisories/45405
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
- http://secunia.com/advisories/45492
- http://support.apple.com/kb/HT5002
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
- http://secunia.com/advisories/49660
- http://security.gentoo.org/glsa/glsa-201206-15.xml
- http://marc.info/?l=bugtraq&m=133951357207000&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68537
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261