Vulnerabilities > CVE-2011-2692 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
libpng
fedoraproject
debian
canonical
CWE-119
nessus

Summary

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

Vulnerable Configurations

Part Description Count
Application
Libpng
436
OS
Fedoraproject
1
OS
Debian
2
OS
Canonical
4

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBPNG12-110802.NASL
    descriptionThis update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id75911
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75911
    titleopenSUSE Security Update : libpng12 (libpng12-4947)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libpng12-4947.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75911);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"openSUSE Security Update : libpng12 (libpng12-4947)");
      script_summary(english:"Check for the libpng12-4947 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng12-0 fixes :
    
      - CVE-2011-2501: CVSS v2 Base Score: 5.0
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error
        (CWE-DesignError)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2691: CVSS v2 Base Score: 4.3
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=702578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706389"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng12 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-compat-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng12-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-0-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-0-debuginfo-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-compat-devel-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-debugsource-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng12-devel-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-0-32bit-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-0-debuginfo-32bit-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-compat-devel-32bit-1.2.46-7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng12-devel-32bit-1.2.46-7.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng12-0");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-8844.NASL
    descriptionThis update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there
    last seen2020-06-01
    modified2020-06-02
    plugin id55654
    published2011-07-25
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55654
    titleFedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-8844.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55654);
      script_version("1.9");
      script_cvs_date("Date: 2019/08/02 13:32:35");
    
      script_cve_id("CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
      script_bugtraq_id(48474, 48618, 48660);
      script_xref(name:"FEDORA", value:"2011-8844");
    
      script_name(english:"Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a 1-byte uninitialized memory reference in
    png_format_buffer(). It allows attackers to cause a denial of service
    (crash) via a malformed PNG image file that triggers an error that
    causes an out-of-bounds read when creating the error message. This is
    CVE-2011-2501.
    
    Also fixed in this release are some other minor security problems and
    there's additionally a bugfix backported from 1.5.3: when expanding a
    paletted image, always expand to RGBA if transparency is present.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=717084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=720607"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=720608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=720612"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062970.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?34f18a13"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng10 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpng10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/06/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC15", reference:"libpng10-1.0.55-1.fc15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng10");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12815.NASL
    descriptionThis update of libpng fixes : - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399). (CVE-2008-6218) - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119). (CVE-2011-2690) - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119). (CVE-2011-2692)
    last seen2020-06-01
    modified2020-06-02
    plugin id55895
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55895
    titleSuSE9 Security Update : libpng (YOU Patch Number 12815)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55895);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:40");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"SuSE9 Security Update : libpng (YOU Patch Number 12815)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng fixes :
    
      - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C):
        Resource Management Errors (CWE-399). (CVE-2008-6218)
    
      - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P):
        Buffer Errors (CWE-119). (CVE-2011-2690)
    
      - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P):
        Buffer Errors (CWE-119). (CVE-2011-2692)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-6218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-5063.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2501.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2690.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2691.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2692.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12815.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"libpng-1.2.5-182.32")) flag++;
    if (rpm_check(release:"SUSE9", reference:"libpng-devel-1.2.5-182.32")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"libpng-32bit-9-201108021634")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBPNG14-110802.NASL
    descriptionThis update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id75913
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75913
    titleopenSUSE Security Update : libpng14 (libpng14-4949)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libpng14-4949.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75913);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692");
    
      script_name(english:"openSUSE Security Update : libpng14 (libpng14-4949)");
      script_summary(english:"Check for the libpng14-4949 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of libpng14-14 fixes :
    
      - CVE-2011-2501: CVSS v2 Base Score: 5.0
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error
        (CWE-DesignError)
    
      - CVE-2011-2690: CVSS v2 Base Score: 5.1
        (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)
    
      - CVE-2011-2691: CVSS v2 Base Score: 4.3
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)
    
      - CVE-2011-2692: CVSS v2 Base Score: 5.0
        (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=702578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=706389"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng14 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-compat-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpng14-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-14-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-14-debuginfo-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-compat-devel-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-debugsource-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"libpng14-devel-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-14-32bit-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-14-debuginfo-32bit-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-compat-devel-32bit-1.4.4-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libpng14-devel-32bit-1.4.4-3.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng14-14");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1104.NASL
    descriptionUpdated libpng packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55726
    published2011-07-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55726
    titleRHEL 5 : libpng (RHSA-2011:1104)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:1104. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55726);
      script_version ("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2011-2690", "CVE-2011-2692");
      script_bugtraq_id(48660);
      script_xref(name:"RHSA", value:"2011:1104");
    
      script_name(english:"RHEL 5 : libpng (RHSA-2011:1104)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated libpng packages that fix two security issues are now available
    for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The libpng packages contain a library of functions for creating and
    manipulating PNG (Portable Network Graphics) image format files.
    
    A buffer overflow flaw was found in the way libpng processed certain
    PNG image files. An attacker could create a specially crafted PNG
    image that, when opened, could cause an application using libpng to
    crash or, potentially, execute arbitrary code with the privileges of
    the user running the application. (CVE-2011-2690)
    
    Note: The application behavior required to exploit CVE-2011-2690 is
    rarely used. No application shipped with Red Hat Enterprise Linux
    behaves this way, for example.
    
    An uninitialized memory read issue was found in the way libpng
    processed certain PNG images that use the Physical Scale (sCAL)
    extension. An attacker could create a specially crafted PNG image
    that, when opened, could cause an application using libpng to crash.
    (CVE-2011-2692)
    
    Users of libpng should upgrade to these updated packages, which
    contain backported patches to correct these issues. All running
    applications using libpng must be restarted for the update to take
    effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-2690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-2692"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2011:1104"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng and / or libpng-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2011:1104";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"libpng-1.2.10-7.1.el5_7.5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"libpng-devel-1.2.10-7.1.el5_7.5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng / libpng-devel");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-10928.NASL
    descriptionUpdate to MinGW cross compiled libpng 1.4.8, includes fixes for CVE-2011-2690 and CVE-2011-2692. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55987
    published2011-08-29
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55987
    titleFedora 15 : mingw32-libpng-1.4.8-1.fc15 (2011-10928)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-10928.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55987);
      script_version("1.9");
      script_cvs_date("Date: 2019/08/02 13:32:33");
    
      script_cve_id("CVE-2011-2690", "CVE-2011-2692");
      script_bugtraq_id(48618, 48660);
      script_xref(name:"FEDORA", value:"2011-10928");
    
      script_name(english:"Fedora 15 : mingw32-libpng-1.4.8-1.fc15 (2011-10928)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to MinGW cross compiled libpng 1.4.8, includes fixes for
    CVE-2011-2690 and CVE-2011-2692.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=720607"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=720612"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064528.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?175ee46d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mingw32-libpng package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw32-libpng");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC15", reference:"mingw32-libpng-1.4.8-1.fc15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw32-libpng");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1103.NASL
    descriptionFrom Red Hat Security Advisory 2011:1103 : Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68316
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68316
    titleOracle Linux 4 : libpng (ELSA-2011-1103)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2011:1103 and 
    # Oracle Linux Security Advisory ELSA-2011-1103 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68316);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:09");
    
      script_cve_id("CVE-2011-2692");
      script_xref(name:"RHSA", value:"2011:1103");
    
      script_name(english:"Oracle Linux 4 : libpng (ELSA-2011-1103)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2011:1103 :
    
    Updated libpng and libpng10 packages that fix one security issue are
    now available for Red Hat Enterprise Linux 4.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    The libpng packages contain a library of functions for creating and
    manipulating PNG (Portable Network Graphics) image format files.
    
    An uninitialized memory read issue was found in the way libpng
    processed certain PNG images that use the Physical Scale (sCAL)
    extension. An attacker could create a specially crafted PNG image
    that, when opened, could cause an application using libpng to crash.
    (CVE-2011-2692)
    
    Users of libpng and libpng10 should upgrade to these updated packages,
    which contain a backported patch to correct this issue. All running
    applications using libpng or libpng10 must be restarted for the update
    to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2011-July/002250.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libpng");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libpng-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libpng10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libpng10-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", reference:"libpng-1.2.7-8.el4")) flag++;
    if (rpm_check(release:"EL4", reference:"libpng-devel-1.2.7-8.el4")) flag++;
    if (rpm_check(release:"EL4", reference:"libpng10-1.0.16-9.el4")) flag++;
    if (rpm_check(release:"EL4", reference:"libpng10-devel-1.0.16-9.el4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng / libpng-devel / libpng10 / libpng10-devel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-9343.NASL
    descriptionUpdate to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55612
    published2011-07-19
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55612
    titleFedora 15 : libpng-1.2.46-1.fc15 (2011-9343)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1103.NASL
    descriptionUpdated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55838
    published2011-08-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55838
    titleCentOS 4 : libpng (CESA-2011:1103)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreMedia - CoreProcesses - CoreStorage - File Systems - iChat Server - Kernel - libsecurity - Open Directory - PHP - python - QuickTime - SMB File Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id56480
    published2011-10-13
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56480
    titleMac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1175-1.NASL
    descriptionFrank Busse discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause libpng to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. (CVE-2011-2501) It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-2690) Frank Busse discovered that libpng did not properly handle certain PNG images with invalid sCAL chunks. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-2692). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55699
    published2011-07-27
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55699
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : libpng vulnerabilities (USN-1175-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1104.NASL
    descriptionFrom Red Hat Security Advisory 2011:1104 : Updated libpng packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68317
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68317
    titleOracle Linux 5 : libpng (ELSA-2011-1104)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-9336.NASL
    descriptionUpdate to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55738
    published2011-08-01
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55738
    titleFedora 14 : libpng-1.2.46-1.fc14 (2011-9336)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-15 (libpng: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libpng: The &ldquo;embedded_profile_len()&rdquo; function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). The &ldquo;png_format_buffer()&rdquo; function in pngerror.c contains an off-by-one error (CVE-2011-2501). The &ldquo;png_rgb_to_gray()&rdquo; function in pngrtran.c contains an integer overflow error (CVE-2011-2690). The &ldquo;png_err()&rdquo; function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). The &ldquo;png_handle_sCAL()&rdquo; function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). The &ldquo;png_decompress_chunk()&rdquo; function in pngrutil.c contains an integer overflow error (CVE-2011-3026). The &ldquo;png_inflate()&rdquo; function in pngrutil.c contains and out of bounds error (CVE-2011-3045). The &ldquo;png_set_text_2()&rdquo; function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). The &ldquo;png_formatted_warning()&rdquo; function in pngerror.c contains an off-by-one error (CVE-2011-3464). Impact : An attacker could exploit these vulnerabilities to execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user, or to cause programs linked against the library to crash. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59668
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59668
    titleGLSA-201206-15 : libpng: Multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-151.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in libpng : The png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression (CVE-2011-2501). Buffer overflow in libpng, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image (CVE-2011-2690). The png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image (CVE-2011-2691). NOTE: This does not affect the binary packages in Mandriva, but could affect users if PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.?? package. The png_handle_sCAL function in pngrutil.c in libpng does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory (CVE-2011-2692). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56529
    published2011-10-18
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56529
    titleMandriva Linux Security Advisory : libpng (MDVSA-2011:151)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1105.NASL
    descriptionUpdated libpng packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2501) An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55727
    published2011-07-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55727
    titleRHEL 6 : libpng (RHSA-2011:1105)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110728_LIBPNG_ON_SL5_X.NASL
    descriptionThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Scientific Linux behaves this way, for example. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61100
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61100
    titleScientific Linux Security Update : libpng on SL5.x i386/x86_64
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1421.NASL
    descriptionAccording to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048) - The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692) - It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.(CVE-2015-8472) - The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691) - Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540) - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.(CVE-2011-3026) - An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.(CVE-2015-7981) - Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690) - The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124924
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124924
    titleEulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBPNG12-110802.NASL
    descriptionThis update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id75603
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75603
    titleopenSUSE Security Update : libpng12 (libpng12-4947)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1105.NASL
    descriptionFrom Red Hat Security Advisory 2011:1105 : Updated libpng packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2501) An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68318
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68318
    titleOracle Linux 6 : libpng (ELSA-2011-1105)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBPNG-7669.NASL
    descriptionThis update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id55897
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55897
    titleSuSE 10 Security Update : libpng (ZYPP Patch Number 7669)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110728_LIBPNG_ON_SL4_X.NASL
    descriptionThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61099
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61099
    titleScientific Linux Security Update : libpng on SL4.x i386/x86_64
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2012-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components : - curl - Directory Service - ImageIO - libarchive - libsecurity - libxml - Quartz Composer - QuickTime - Ruby - Samba - Security Framework
    last seen2020-06-01
    modified2020-06-02
    plugin id59067
    published2012-05-10
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59067
    titleMac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2011-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id56481
    published2011-10-13
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56481
    titleMac OS X Multiple Vulnerabilities (Security Update 2011-006)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-10954.NASL
    descriptionUpdate to MinGW cross compiled libpng 1.4.8, includes fixes for CVE-2011-2690 and CVE-2011-2692. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55989
    published2011-08-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55989
    titleFedora 14 : mingw32-libpng-1.4.8-1.fc14 (2011-10954)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBPNG14-110802.NASL
    descriptionThis update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id75604
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75604
    titleopenSUSE Security Update : libpng14 (libpng14-4949)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPNG-DEVEL-110802.NASL
    descriptionThis update of libpng12-0 fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - unknown (unknown). (CVE-2009-5063: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)) - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id55896
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55896
    titleSuSE 11.1 Security Update : libpng (SAT Patch Number 4948)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2287.NASL
    descriptionThe PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image. The other vulnerabilities are less critical and allow an attacker to cause a crash in the program (denial of service) via a crafted PNG image.
    last seen2020-03-17
    modified2011-07-29
    plugin id55721
    published2011-07-29
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55721
    titleDebian DSA-2287-1 : libpng - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1103.NASL
    descriptionUpdated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id55725
    published2011-07-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55725
    titleRHEL 4 : libpng (RHSA-2011:1103)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1104.NASL
    descriptionUpdated libpng packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56268
    published2011-09-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56268
    titleCentOS 5 : libpng (CESA-2011:1104)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBPNG-7670.NASL
    descriptionThis update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen2020-06-01
    modified2020-06-02
    plugin id57218
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57218
    titleSuSE 10 Security Update : libpng (ZYPP Patch Number 7670)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-8867.NASL
    descriptionThis update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this release are some other minor security problems and there
    last seen2020-06-01
    modified2020-06-02
    plugin id55655
    published2011-07-25
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55655
    titleFedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110728_LIBPNG_ON_SL6_X.NASL
    descriptionThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Scientific Linux behaves this way, for example. An out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2501) An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61101
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61101
    titleScientific Linux Security Update : libpng on SL6.x i386/x86_64

Redhat

advisories
  • bugzilla
    id720612
    titleCVE-2011-2692 libpng: Invalid read when handling empty sCAL chunks
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentlibpng-devel is earlier than 2:1.2.7-8.el4
            ovaloval:com.redhat.rhsa:tst:20111103001
          • commentlibpng-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060205004
        • AND
          • commentlibpng is earlier than 2:1.2.7-8.el4
            ovaloval:com.redhat.rhsa:tst:20111103003
          • commentlibpng is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060205002
        • AND
          • commentlibpng10-devel is earlier than 0:1.0.16-9.el4
            ovaloval:com.redhat.rhsa:tst:20111103005
          • commentlibpng10-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070356008
        • AND
          • commentlibpng10 is earlier than 0:1.0.16-9.el4
            ovaloval:com.redhat.rhsa:tst:20111103007
          • commentlibpng10 is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070356006
    rhsa
    idRHSA-2011:1103
    released2011-07-28
    severityModerate
    titleRHSA-2011:1103: libpng security update (Moderate)
  • bugzilla
    id720612
    titleCVE-2011-2692 libpng: Invalid read when handling empty sCAL chunks
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentlibpng is earlier than 2:1.2.10-7.1.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20111104001
          • commentlibpng is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070356011
        • AND
          • commentlibpng-devel is earlier than 2:1.2.10-7.1.el5_7.5
            ovaloval:com.redhat.rhsa:tst:20111104003
          • commentlibpng-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070356013
    rhsa
    idRHSA-2011:1104
    released2011-07-28
    severityModerate
    titleRHSA-2011:1104: libpng security update (Moderate)
  • bugzilla
    id720612
    titleCVE-2011-2692 libpng: Invalid read when handling empty sCAL chunks
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentlibpng-devel is earlier than 2:1.2.46-1.el6_1
            ovaloval:com.redhat.rhsa:tst:20111105001
          • commentlibpng-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111105002
        • AND
          • commentlibpng-static is earlier than 2:1.2.46-1.el6_1
            ovaloval:com.redhat.rhsa:tst:20111105003
          • commentlibpng-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111105004
        • AND
          • commentlibpng is earlier than 2:1.2.46-1.el6_1
            ovaloval:com.redhat.rhsa:tst:20111105005
          • commentlibpng is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111105006
    rhsa
    idRHSA-2011:1105
    released2011-07-28
    severityModerate
    titleRHSA-2011:1105: libpng security update (Moderate)
rpms
  • libpng-2:1.2.7-8.el4
  • libpng-debuginfo-2:1.2.7-8.el4
  • libpng-devel-2:1.2.7-8.el4
  • libpng10-0:1.0.16-9.el4
  • libpng10-debuginfo-0:1.0.16-9.el4
  • libpng10-devel-0:1.0.16-9.el4
  • libpng-2:1.2.10-7.1.el5_7.5
  • libpng-debuginfo-2:1.2.10-7.1.el5_7.5
  • libpng-devel-2:1.2.10-7.1.el5_7.5
  • libpng-2:1.2.46-1.el6_1
  • libpng-debuginfo-2:1.2.46-1.el6_1
  • libpng-devel-2:1.2.46-1.el6_1
  • libpng-static-2:1.2.46-1.el6_1

References