Vulnerabilities > CVE-2011-3026 - Integer Overflow OR Wraparound vulnerability in Google Chrome

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
google
apple
opensuse
suse
CWE-190
nessus
NVD
Published: 2012-02-16
Updated: 2020-04-16

Summary

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

Vulnerable Configurations

Part Description Count
Application
Google
2020
OS
Apple
112
OS
Opensuse
1
OS
Suse
4

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_SEAMONKEY-120217.NASL
    descriptionMozilla SeaMonkey was updated to 2.7.2 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),
    last seen2020-06-05
    modified2014-06-13
    plugin id76028
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76028
    titleopenSUSE Security Update : seamonkey (seamonkey-5834)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update seamonkey-5834.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(76028);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-3026");

  script_name(english:"openSUSE Security Update : seamonkey (seamonkey-5834)");
  script_summary(english:"Check for the seamonkey-5834 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla SeaMonkey was updated to 2.7.2 to fix a security issue with
the embedded libpng, where a integer overflow could allow remote
attackers to crash the browser or potentially execute code
(CVE-2011-3026),"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=747328"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected seamonkey packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-translations-other");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-2.7.2-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-debuginfo-2.7.2-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-debugsource-2.7.2-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-dom-inspector-2.7.2-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-irc-2.7.2-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-translations-common-2.7.2-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-translations-other-2.7.2-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"seamonkey-venkman-2.7.2-0.2.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1367-2.NASL
    descriptionUSN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Firefox. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58034
    published2012-02-20
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58034
    titleUbuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerability (USN-1367-2)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1367-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58034);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:27");

  script_cve_id("CVE-2011-3026");
  script_bugtraq_id(52049);
  script_xref(name:"USN", value:"1367-2");

  script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerability (USN-1367-2)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-1367-1 fixed vulnerabilities in libpng. This provides the
corresponding update for Firefox.

Jueri Aedla discovered that libpng did not properly verify the size
used when allocating memory during chunk decompression. If a user or
automated system using libpng were tricked into opening a specially
crafted image, an attacker could exploit this to cause a denial of
service or execute code with the privileges of the user invoking the
program. (CVE-2011-3026).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1367-2/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected firefox package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"10.0.2+build1-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"firefox", pkgver:"10.0.2+build1-0ubuntu0.10.10.1")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"firefox", pkgver:"10.0.2+build1-0ubuntu0.11.04.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"firefox", pkgver:"10.0.2+build1-0ubuntu0.11.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0141.NASL
    descriptionFrom Red Hat Security Advisory 2012:0141 : Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-3026) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-04-18
    modified2013-07-12
    plugin id68463
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68463
    titleOracle Linux 4 : seamonkey (ELSA-2012-0141)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:0141 and 
# Oracle Linux Security Advisory ELSA-2012-0141 respectively.
#

include("compat.inc");

if (description)
{
  script_id(68463);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/17");

  script_cve_id("CVE-2011-3026");
  script_xref(name:"RHSA", value:"2012:0141");

  script_name(english:"Oracle Linux 4 : seamonkey (ELSA-2012-0141)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2012:0141 :

Updated SeaMonkey packages that fix one security issue are now
available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
critical security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

SeaMonkey is an open source web browser, e-mail and newsgroup client,
IRC chat client, and HTML editor.

A heap-based buffer overflow flaw was found in the way SeaMonkey
handled PNG (Portable Network Graphics) images. A web page containing
a malicious PNG image could cause SeaMonkey to crash or, possibly,
execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2011-3026)

All SeaMonkey users should upgrade to these updated packages, which
correct this issue. After installing the update, SeaMonkey must be
restarted for the changes to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2012-February/002615.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected seamonkey packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-chat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-js-debugger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-mail");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL4", reference:"seamonkey-1.0.9-79.0.1.el4")) flag++;
if (rpm_check(release:"EL4", reference:"seamonkey-chat-1.0.9-79.0.1.el4")) flag++;
if (rpm_check(release:"EL4", reference:"seamonkey-devel-1.0.9-79.0.1.el4")) flag++;
if (rpm_check(release:"EL4", reference:"seamonkey-dom-inspector-1.0.9-79.0.1.el4")) flag++;
if (rpm_check(release:"EL4", reference:"seamonkey-js-debugger-1.0.9-79.0.1.el4")) flag++;
if (rpm_check(release:"EL4", reference:"seamonkey-mail-1.0.9-79.0.1.el4")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc");
}
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1800.NASL
    descriptionFix for the libpng security flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-03-02
    plugin id58189
    published2012-03-02
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58189
    titleFedora 17 : xulrunner-10.0.1-3.fc17 (2012-1800)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2012-1800.
#

include("compat.inc");

if (description)
{
  script_id(58189);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2011-3026");
  script_bugtraq_id(52049);
  script_xref(name:"FEDORA", value:"2012-1800");

  script_name(english:"Fedora 17 : xulrunner-10.0.1-3.fc17 (2012-1800)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Fix for the libpng security flaw.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=791184"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074194.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9c94e9a6"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xulrunner package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xulrunner");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"xulrunner-10.0.1-3.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xulrunner");
}
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1002.NASL
    descriptionThe installed version of Firefox 10.x is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability. An integer overflow error exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id58005
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58005
    titleFirefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow
    code
    #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(58005);
  script_version("1.7");
  script_cvs_date("Date: 2018/07/16 14:09:14");

  script_cve_id("CVE-2011-3026");
  script_bugtraq_id(52049);

  script_name(english:"Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow");
  script_summary(english:"Checks version of Firefox");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Windows host contains a web browser that is potentially
affected by an integer overflow vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The installed version of Firefox 10.x is earlier than 10.0.2 and is,
therefore, potentially affected by an integer overflow vulnerability.

An integer overflow error exists in 'libpng', a library used by this
application. When decompressing certain PNG image files, this error
can allow a heap-based buffer overflow which can crash the
application or potentially allow code execution.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6846f277");
  script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 10.0.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport"); 

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'10.0.2', min:'10.0', severity:SECURITY_HOLE);
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_3_1_19.NASL
    descriptionThe installed version of Thunderbird 3.1.x is earlier than 3.1.19 and is, therefore, potentially affected by an integer overflow vulnerability in libpng, a library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id58073
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58073
    titleThunderbird 3.1.x < 3.1.19 png_decompress_chunk Integer Overflow (Mac OS X)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58073);
  script_version("1.6");
  script_cvs_date("Date: 2018/07/14  1:59:36");

  script_cve_id("CVE-2011-3026");
  script_bugtraq_id(52049);

  script_name(english:"Thunderbird 3.1.x < 3.1.19 png_decompress_chunk Integer Overflow (Mac OS X)");
  script_summary(english:"Checks version of Thunderbird");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains an email client that is potentially
affected by an integer overflow vulnerability.");
  script_set_attribute(attribute:"description", value:

"The installed version of Thunderbird 3.1.x is earlier than 3.1.19 and
is, therefore, potentially affected by an integer overflow
vulnerability in libpng, a library used by this application.  When
decompressing certain PNG image files, this could be exploited to
crash the application or even execute arbitrary code.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11/");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6846f277");
  script_set_attribute(attribute:"solution", value:"Upgrade to Thunderbird 3.1.19 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("macosx_thunderbird_installed.nasl");
  script_require_keys("MacOSX/Thunderbird/Installed");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


kb_base = "MacOSX/Thunderbird";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:TRUE);

ver = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);
# nb: make sure we have at least 3 parts for the check.
for (i=max_index(ver); i<3; i++)
  ver[i] = 0;

if (ver[0] == 3 && ver[1] == 1 && ver[2] < 19)
{
  if (report_verbosity > 0)
  {
    info +=
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 3.1.19' + '\n';
    security_hole(port:0, extra:info);
  }
  else security_hole(0);
  exit(0);
}
else 
{
  if (ver[0] == 3 && ver[1] == 1) exit(0, "The Thunderbird "+version+" install is not affected.");
  else exit(0, "Thunderbird 3.1.x is not installed.");
}
  • NASL familyWindows
    NASL idGOOGLE_CHROME_17_0_963_56.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 17.0.963.56 and is, therefore, affected by the following vulnerabilities: - Integer overflow errors exist related to PDF codecs and libpng. (CVE-2011-3015, CVE-2011-3026) - A read-after-free error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id57974
    published2012-02-16
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57974
    titleGoogle Chrome < 17.0.963.56 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57974);
  script_version("1.9");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id(
    "CVE-2011-3015",
    "CVE-2011-3016",
    "CVE-2011-3017",
    "CVE-2011-3018",
    "CVE-2011-3019",
    "CVE-2011-3020",
    "CVE-2011-3021",
    "CVE-2011-3022",
    "CVE-2011-3023",
    "CVE-2011-3024",
    "CVE-2011-3025",
    "CVE-2011-3026",
    "CVE-2011-3027"
  );
  script_bugtraq_id(52031, 52049);

  script_name(english:"Google Chrome < 17.0.963.56 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Google Chrome");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 17.0.963.56 and is, therefore, affected by the following
vulnerabilities:

  - Integer overflow errors exist related to PDF codecs and
    libpng. (CVE-2011-3015, CVE-2011-3026)

  - A read-after-free error exists related to 'counter
    nodes'. (CVE-2011-3016)

  - Use-after-free errors exist related to database
    handling, subframe loading, and drag-and-drop
    functionality. (CVE-2011-3017, CVE-2011-3021,
    CVE-2011-3023)

  - Heap-overflow errors exist related to path rendering and
    'MKV' handling. (CVE-2011-3018, CVE-2011-3019)

  - Unspecified errors exist related to the native
    client validator and HTTP use with translation scripts.
    (CVE-2011-3020, CVE-2011-3022)

  - Empty x509 certificates can cause browser crashes.
    (CVE-2011-3024)

  - An out-of-bounds read error exists related to h.264
    parsing. (CVE-2011-3025)

  - A bad variable cast exists related to column handling.
    (CVE-2011-3027)");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?32f2be13");
  script_set_attribute(attribute:"solution", value:"Upgrade to Google Chrome 17.0.963.56 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'17.0.963.56', severity:SECURITY_HOLE);
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1367-3.NASL
    descriptionUSN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Thunderbird. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58035
    published2012-02-20
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58035
    titleUbuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerability (USN-1367-3)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1367-3. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58035);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:27");

  script_cve_id("CVE-2011-3026");
  script_bugtraq_id(52049);
  script_xref(name:"USN", value:"1367-3");

  script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerability (USN-1367-3)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-1367-1 fixed vulnerabilities in libpng. This provides the
corresponding update for Thunderbird.

Jueri Aedla discovered that libpng did not properly verify the size
used when allocating memory during chunk decompression. If a user or
automated system using libpng were tricked into opening a specially
crafted image, an attacker could exploit this to cause a denial of
service or execute code with the privileges of the user invoking the
program. (CVE-2011-3026).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1367-3/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected thunderbird package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|10\.10|11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"thunderbird", pkgver:"3.1.19+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"thunderbird", pkgver:"3.1.19+build1+nobinonly-0ubuntu0.10.10.1")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"thunderbird", pkgver:"3.1.19+build1+nobinonly-0ubuntu0.11.04.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
}
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0317.NASL
    descriptionUpdated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-04-18
    modified2012-02-21
    plugin id58068
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58068
    titleRHEL 4 / 5 / 6 : libpng (RHSA-2012:0317)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2012:0317. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58068);
  script_version ("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/17");

  script_cve_id("CVE-2011-3026");
  script_xref(name:"RHSA", value:"2012:0317");

  script_name(english:"RHEL 4 / 5 / 6 : libpng (RHSA-2012:0317)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated libpng and libpng10 packages that fix one security issue are
now available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A heap-based buffer overflow flaw was found in libpng. An attacker
could create a specially crafted PNG image that, when opened, could
cause an application using libpng to crash or, possibly, execute
arbitrary code with the privileges of the user running the
application. (CVE-2011-3026)

Users of libpng and libpng10 should upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
applications using libpng or libpng10 must be restarted for the update
to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2012:0317"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-3026"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpng10-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(4|5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x / 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2012:0317";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL4", reference:"libpng-1.2.7-9.el4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"libpng-devel-1.2.7-9.el4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"libpng10-1.0.16-10.el4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"libpng10-devel-1.0.16-10.el4")) flag++;


  if (rpm_check(release:"RHEL5", reference:"libpng-1.2.10-15.el5_7")) flag++;

  if (rpm_check(release:"RHEL5", reference:"libpng-devel-1.2.10-15.el5_7")) flag++;


  if (rpm_check(release:"RHEL6", reference:"libpng-1.2.46-2.el6_2")) flag++;

  if (rpm_check(release:"RHEL6", reference:"libpng-debuginfo-1.2.46-2.el6_2")) flag++;

  if (rpm_check(release:"RHEL6", reference:"libpng-devel-1.2.46-2.el6_2")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libpng-static-1.2.46-2.el6_2")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libpng-static-1.2.46-2.el6_2")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libpng-static-1.2.46-2.el6_2")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpng / libpng-debuginfo / libpng-devel / libpng-static / libpng10 / etc");
  }
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPNG-DEVEL-120221.NASL
    descriptionA heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash. (CVE-2011-3026)
    last seen2020-06-05
    modified2012-02-29
    plugin id58165
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58165
    titleSuSE 11.1 Security Update : libpng (SAT Patch Number 5857)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(58165);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-3026");

  script_name(english:"SuSE 11.1 Security Update : libpng (SAT Patch Number 5857)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A heap-based buffer overflow in libpng was fixed that could
potentially be exploited by attackers to execute arbitrary code or
cause an application to crash. (CVE-2011-3026)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=747311"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3026.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5857.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng12-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");


flag = 0;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libpng-devel-1.2.31-5.27.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libpng12-0-1.2.31-5.27.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng-devel-1.2.31-5.27.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng12-0-1.2.31-5.27.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libpng12-0-32bit-1.2.31-5.27.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libpng12-0-1.2.31-5.27.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libpng12-0-32bit-1.2.31-5.27.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libpng12-0-32bit-1.2.31-5.27.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-2008.NASL
    descriptionThis update addresses an integer overflow in the libpng10 PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-29
    plugin id58155
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58155
    titleFedora 15 : libpng10-1.0.57-1.fc15 (2012-2008)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBPNG12-120220.NASL
    descriptionA heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026). libpng 1.2 was updated to 1.2.47 to fix this issue.
    last seen2020-06-05
    modified2014-06-13
    plugin id75912
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75912
    titleopenSUSE Security Update : libpng12 (libpng12-5846)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120216_XULRUNNER_ON_SL5_X.NASL
    descriptionXULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61253
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61253
    titleScientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64 (20120216)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-022.NASL
    descriptionSecurity issues were identified and fixed in mozilla firefox and thunderbird : An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable (CVE-2011-3026). The mozilla firefox and thunderbird packages has been upgraded to the latest respective versions whish is not affecte dby this security flaw. Additionally the rootcerts packages (root CA cerificates bundle) has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. Update : This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
    last seen2020-06-01
    modified2020-06-02
    plugin id58082
    published2012-02-22
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58082
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2012:022-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1930.NASL
    descriptionFix nasty buffer overrun bug, CVE-2011-3026 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-29
    plugin id58152
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58152
    titleFedora 15 : libpng-1.2.46-2.fc15 (2012-1930)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-15 (libpng: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libpng: The &ldquo;embedded_profile_len()&rdquo; function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). The &ldquo;png_format_buffer()&rdquo; function in pngerror.c contains an off-by-one error (CVE-2011-2501). The &ldquo;png_rgb_to_gray()&rdquo; function in pngrtran.c contains an integer overflow error (CVE-2011-2690). The &ldquo;png_err()&rdquo; function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). The &ldquo;png_handle_sCAL()&rdquo; function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). The &ldquo;png_decompress_chunk()&rdquo; function in pngrutil.c contains an integer overflow error (CVE-2011-3026). The &ldquo;png_inflate()&rdquo; function in pngrutil.c contains and out of bounds error (CVE-2011-3045). The &ldquo;png_set_text_2()&rdquo; function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). The &ldquo;png_formatted_warning()&rdquo; function in pngerror.c contains an off-by-one error (CVE-2011-3464). Impact : An attacker could exploit these vulnerabilities to execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user, or to cause programs linked against the library to crash. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59668
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59668
    titleGLSA-201206-15 : libpng: Multiple vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0142.NASL
    descriptionFrom Red Hat Security Advisory 2012:0142 : An updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. A heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3026) All Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-07-12
    plugin id68464
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68464
    titleOracle Linux 4 : firefox (ELSA-2012-0142)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1367-4.NASL
    descriptionUSN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Xulrunner. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58036
    published2012-02-20
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58036
    titleUbuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerability (USN-1367-4)
  • NASL familyGain a shell remotely
    NASL idAPPLETV_5_1.NASL
    descriptionAccording to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff
    last seen2020-06-01
    modified2020-06-02
    plugin id62357
    published2012-09-27
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62357
    titleApple TV < 5.1 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_3_6_27.NASL
    descriptionThe installed version of Firefox 3.6.x is earlier than 3.6.27 and is, therefore, potentially affected by an integer overflow vulnerability in libpng, a library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id58072
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58072
    titleFirefox 3.6.x < 3.6.27 png_decompress_chunk Integer Overflow (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_10_0_2.NASL
    descriptionThe installed version of Thunderbird 10.x is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability in libpng, a library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id58075
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58075
    titleThunderbird 10.x < 10.0.2 png_decompress_chunk Integer Overflow (Mac OS X)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0317.NASL
    descriptionUpdated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-04-18
    modified2012-02-21
    plugin id58042
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58042
    titleCentOS 4 / 5 / 6 : libpng / libpng10 (CESA-2012:0317)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0141.NASL
    descriptionUpdated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-3026) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-04-18
    modified2012-02-17
    plugin id57993
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57993
    titleRHEL 4 : seamonkey (RHSA-2012:0141)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1421.NASL
    descriptionAccording to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048) - The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692) - It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.(CVE-2015-8472) - The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691) - Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540) - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.(CVE-2011-3026) - An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.(CVE-2015-7981) - Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690) - The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124924
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124924
    titleEulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_LIBPNG_20130313.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. (CVE-2011-3026) - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. (CVE-2011-3048)
    last seen2020-06-01
    modified2020-06-02
    plugin id80674
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80674
    titleOracle Solaris Third-Party Patch Update : libpng (multiple_vulnerabilities_in_libpng2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0317.NASL
    descriptionFrom Red Hat Security Advisory 2012:0317 : Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-04-18
    modified2013-07-12
    plugin id68485
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68485
    titleOracle Linux 4 / 5 / 6 : libpng (ELSA-2012-0317)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-5068.NASL
    description - Fixes an issue that may cause hangs when handling IMAP mail (mozbz#733731) - Fixes an issue that may cause filters that move mail to specific folders to be erronously changed (mozbz#735940) Fixes a libpng flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-09
    plugin id58634
    published2012-04-09
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58634
    titleFedora 15 : thunderbird-11.0.1-1.fc15 (2012-5068)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBPNG-7980.NASL
    descriptionA heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash. (CVE-2011-3026)
    last seen2020-06-05
    modified2012-02-29
    plugin id58167
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58167
    titleSuSE 10 Security Update : libpng (ZYPP Patch Number 7980)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3627.NASL
    descriptionThe installed version of Firefox 3.6.x is earlier than 3.6.27 and is, therefore, potentially affected by an integer overflow vulnerability. An integer overflow error exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id58006
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58006
    titleFirefox 3.6.x < 3.6.27 'png_decompress_chunk' Integer Overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1844.NASL
    descriptionFixes a libpng flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-23
    plugin id58098
    published2012-02-23
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58098
    titleFedora 16 : thunderbird-10.0.1-2.fc16 (2012-1844)
  • NASL familyWindows
    NASL idSEAMONKEY_272.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.7.2. Such versions are potentially affected by an integer overflow vulnerability. An integer overflow error exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id58009
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58009
    titleSeaMonkey < 2.7.2 'png_decompress_chunk' Integer Overflow
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLAFIREFOX-120217.NASL
    descriptionMozillaFirefox was updated to 10.0.2 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),
    last seen2020-06-05
    modified2014-06-13
    plugin id75953
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75953
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-5825)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D7DBD2DB599C11E1A2FB14DAE9EBCF89.NASL
    descriptionThe Mozilla Project reports : MFSA 2012-11 libpng integer overflow
    last seen2020-04-18
    modified2012-02-20
    plugin id58022
    published2012-02-20
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58022
    titleFreeBSD : mozilla -- heap-buffer overflow (d7dbd2db-599c-11e1-a2fb-14dae9ebcf89)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-49.NASL
    descriptionA heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)
    last seen2020-04-18
    modified2013-09-04
    plugin id69656
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69656
    titleAmazon Linux AMI : libpng (ALAS-2012-49)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0143.NASL
    descriptionUpdated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen2020-04-18
    modified2012-02-17
    plugin id57995
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57995
    titleRHEL 5 / 6 : xulrunner (RHSA-2012:0143)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0140.NASL
    descriptionFrom Red Hat Security Advisory 2012:0140 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG (Portable Network Graphics) images. An HTML mail message or remote content containing a specially crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3026) All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-07-12
    plugin id68462
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68462
    titleOracle Linux 6 : thunderbird (ELSA-2012-0140)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0143.NASL
    descriptionUpdated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen2020-04-18
    modified2012-02-17
    plugin id57985
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57985
    titleCentOS 5 / 6 : xulrunner (CESA-2012:0143)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2012-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id62213
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62213
    titleMac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1369-1.NASL
    descriptionNicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0449) It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0444) Tim Abraldes discovered that when encoding certain image types the resulting data was always a fixed size. There is the possibility of sensitive data from uninitialized memory being appended to these images. (CVE-2012-0447) It was discovered that Thunderbird did not properly perform XPConnect security checks. An attacker could exploit this to conduct cross-site scripting (XSS) attacks through web pages and Thunderbird extensions. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0446) It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2011-3659) Alex Dvorov discovered that Thunderbird did not properly handle sub-frames in form submissions. An attacker could exploit this to conduct phishing attacks using HTML5 frames. (CVE-2012-0445) Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0442, CVE-2012-0443) Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0452) Jueri Aedla discovered that libpng, which is in Thunderbird, did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id58037
    published2012-02-20
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58037
    titleUbuntu 11.10 : thunderbird vulnerabilities (USN-1369-1)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1002.NASL
    descriptionThe installed version of Thunderbird 10.x is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability. An integer overflow error exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id58007
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58007
    titleMozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-4910.NASL
    description - Fixes an issue that may cause hangs when handling IMAP mail (mozbz#733731) - Fixes an issue that may cause filters that move mail to specific folders to be erronously changed (mozbz#735940) Fixes a libpng flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-12
    plugin id58706
    published2012-04-12
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58706
    titleFedora 17 : thunderbird-11.0.1-1.fc17 (2012-4910)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLA-JS192-120217.NASL
    descriptionMozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),
    last seen2020-06-05
    modified2014-06-13
    plugin id75962
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75962
    titleopenSUSE Security Update : mozilla-js192 (mozilla-js192-5832)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1892.NASL
    descriptionFix nasty buffer overrun bug, CVE-2011-3026 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-29
    plugin id58150
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58150
    titleFedora 17 : libpng-1.5.8-2.fc17 (2012-1892)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2F5FF968582911E1828800262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts). [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team. [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Slawomir Blazek. [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Juri Aedla. [112847] Medium CVE-2011-3027: Bad cast in column handling. Credit to miaubiz.
    last seen2020-06-01
    modified2020-06-02
    plugin id57968
    published2012-02-16
    reporterThis script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57968
    titleFreeBSD : chromium -- multiple vulnerabilities (2f5ff968-5829-11e1-8288-00262d5ed8ee)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1367-1.NASL
    descriptionIt was discovered that libpng did not properly verify the embedded profile length of iCCP chunks. An attacker could exploit this to cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-5063) Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57998
    published2012-02-17
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57998
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libpng vulnerabilities (USN-1367-1)
  • NASL familyWindows
    NASL idIBM_INFORMIX_GENERO_2_41.NASL
    descriptionThe installed version of IBM Informix Genero is earlier than 2.41 and is, therefore, potentially affected by an integer overflow vulnerability in the libpng library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id64379
    published2013-01-31
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64379
    titleIBM Informix Genero < 2.41 png_decompress_chunk Integer Overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-2003.NASL
    descriptionThis update addresses an integer overflow in the libpng10 PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-29
    plugin id58154
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58154
    titleFedora 17 : libpng10-1.0.57-1.fc17 (2012-2003)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-2028.NASL
    descriptionThis update addresses an integer overflow in the libpng10 PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-29
    plugin id58156
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58156
    titleFedora 16 : libpng10-1.0.57-1.fc16 (2012-2028)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLATHUNDERBIRD-120217.NASL
    descriptionMozilla Thunderbird was updated to 3.1.19 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),
    last seen2020-06-05
    modified2014-06-13
    plugin id75970
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75970
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5826)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_98690C45036111E2A391000C29033C32.NASL
    descriptionKurt Seifried reports : There is an issue in ImageMagick that is also present in GraphicsMagick. CVE-2011-3026 deals with libpng memory allocation, and limitations have been added so that a bad PNG can
    last seen2020-06-01
    modified2020-06-02
    plugin id62298
    published2012-09-26
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62298
    titleFreeBSD : ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file (98690c45-0361-11e2-a391-000c29033c32)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-142.NASL
    descriptionChromium version 19.0.1046 and v8 version 3.9.7.0 fix several security issues.
    last seen2020-06-05
    modified2014-06-13
    plugin id74563
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74563
    titleopenSUSE Security Update : chromium / v8 (openSUSE-2012-142)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120216_FIREFOX_ON_SL4_X.NASL
    descriptionMozilla Firefox is an open source web browser. A heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3026) All Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61251
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61251
    titleScientific Linux Security Update : firefox on SL4.x i386/x86_64 (20120216)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1845.NASL
    descriptionFix for the libpng security flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-03-07
    plugin id58253
    published2012-03-07
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58253
    titleFedora 15 : xulrunner-10.0.1-3.fc15 (2012-1845)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBPNG14-120220.NASL
    descriptionA heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash (CVE-2011-3026).
    last seen2020-06-05
    modified2014-06-13
    plugin id75914
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75914
    titleopenSUSE Security Update : libpng14 (libpng14-5847)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0142.NASL
    descriptionAn updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. A heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3026) All Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-04-18
    modified2012-02-17
    plugin id57984
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57984
    titleCentOS 4 : firefox (CESA-2012:0142)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0140.NASL
    descriptionAn updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG (Portable Network Graphics) images. An HTML mail message or remote content containing a specially crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3026) All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2012-02-21
    plugin id58041
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58041
    titleCentOS 6 : thunderbird (CESA-2012:0140)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-5028.NASL
    description - Fixes an issue that may cause hangs when handling IMAP mail (mozbz#733731) - Fixes an issue that may cause filters that move mail to specific folders to be erronously changed (mozbz#735940) Fixes a libpng flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-02
    plugin id58555
    published2012-04-02
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58555
    titleFedora 16 : thunderbird-11.0.1-1.fc16 (2012-5028)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120220_LIBPNG_ON_SL4_X.NASL
    descriptionThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61254
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61254
    titleScientific Linux Security Update : libpng on SL4.x, SL5.x, SL6.x i386/x86_64 (20120220)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-120220.NASL
    descriptionMozilla Firefox was updated to 10.0.2 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),
    last seen2020-06-05
    modified2012-02-24
    plugin id58112
    published2012-02-24
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58112
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5838)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-120.NASL
    descriptionthe embedded copy of libpng was prone to a heap based buffer overflow
    last seen2020-06-05
    modified2014-06-13
    plugin id74549
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74549
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-xulrunner192 / etc (openSUSE-2012-120)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0143.NASL
    descriptionFrom Red Hat Security Advisory 2012:0143 : Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen2020-04-18
    modified2013-07-12
    plugin id68465
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68465
    titleOracle Linux 5 / 6 : xulrunner (ELSA-2012-0143)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0141.NASL
    descriptionUpdated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-3026) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-04-18
    modified2012-02-17
    plugin id57983
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57983
    titleCentOS 4 : seamonkey (CESA-2012:0141)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0142.NASL
    descriptionAn updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. A heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3026) All Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2012-02-17
    plugin id57994
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57994
    titleRHEL 4 : firefox (RHSA-2012:0142)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1922.NASL
    descriptionFix nasty buffer overrun bug, CVE-2011-3026 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-21
    plugin id58051
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58051
    titleFedora 16 : libpng-1.2.46-2.fc16 (2012-1922)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLA-XULRUNNER192-120220.NASL
    descriptionMozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),
    last seen2020-06-05
    modified2012-02-24
    plugin id58114
    published2012-02-24
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58114
    titleSuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 5840)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1794.NASL
    descriptionFixes a libpng flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-29
    plugin id58149
    published2012-02-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58149
    titleFedora 17 : thunderbird-10.0.1-2.fc17 (2012-1794)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB
    last seen2020-06-01
    modified2020-06-02
    plugin id62214
    published2012-09-20
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62214
    titleMac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2410.NASL
    descriptionJueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.
    last seen2020-03-17
    modified2012-02-16
    plugin id57964
    published2012-02-16
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57964
    titleDebian DSA-2410-1 : libpng - integer overflow
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-1856.NASL
    descriptionFix for the libpng security flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-02-20
    plugin id58020
    published2012-02-20
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58020
    titleFedora 16 : xulrunner-10.0.1-3.fc16 (2012-1856)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_10_0_2.NASL
    descriptionThe installed version of Firefox is earlier than 10.0.2 and is, therefore, potentially affected by an integer overflow vulnerability in libpng, a library used by this application. When decompressing certain PNG image files, this could be exploited to crash the application or even execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id58074
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58074
    titleFirefox < 10.0.2 png_decompress_chunk Integer Overflow (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-137.NASL
    descriptionlibpng was prone to a heap based buffer overflow vulnerability (bnc#747311)
    last seen2020-06-05
    modified2014-06-13
    plugin id74559
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74559
    titleopenSUSE Security Update : libpng12 / libpng14 (openSUSE-2012-137)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0140.NASL
    descriptionAn updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG (Portable Network Graphics) images. An HTML mail message or remote content containing a specially crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3026) All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2012-02-17
    plugin id57992
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57992
    titleRHEL 6 : thunderbird (RHSA-2012:0140)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_3119.NASL
    descriptionThe installed version of Thunderbird 3.1.x is earlier than 3.1.19 and is, therefore, potentially affected by an integer overflow vulnerability. An integer overflow error exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id58008
    published2012-02-17
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58008
    titleMozilla Thunderbird 3.1.x < 3.1.19 'png_decompress_chunk' Integer Overflow
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7981.NASL
    descriptionMozilla Firefox was updated to 3.6.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code (CVE-2011-3026),
    last seen2020-06-05
    modified2012-02-24
    plugin id58116
    published2012-02-24
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58116
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7981)

Oval

accepted2014-04-07T04:01:54.963-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
descriptionInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
familywindows
idoval:org.mitre.oval:def:15032
statusaccepted
submitted2012-02-22T08:20:58.000-05:00
titleInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
version50

Redhat

advisories
  • bugzilla
    id790737
    titleCVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentthunderbird is earlier than 0:3.1.18-2.el6_2
        ovaloval:com.redhat.rhsa:tst:20120140001
      • commentthunderbird is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20100896002
    rhsa
    idRHSA-2012:0140
    released2012-02-16
    severityCritical
    titleRHSA-2012:0140: thunderbird security update (Critical)
  • bugzilla
    id790737
    titleCVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentseamonkey-devel is earlier than 0:1.0.9-79.el4
            ovaloval:com.redhat.rhsa:tst:20120141001
          • commentseamonkey-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609010
        • AND
          • commentseamonkey-chat is earlier than 0:1.0.9-79.el4
            ovaloval:com.redhat.rhsa:tst:20120141003
          • commentseamonkey-chat is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609004
        • AND
          • commentseamonkey-mail is earlier than 0:1.0.9-79.el4
            ovaloval:com.redhat.rhsa:tst:20120141005
          • commentseamonkey-mail is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609012
        • AND
          • commentseamonkey-dom-inspector is earlier than 0:1.0.9-79.el4
            ovaloval:com.redhat.rhsa:tst:20120141007
          • commentseamonkey-dom-inspector is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609008
        • AND
          • commentseamonkey-js-debugger is earlier than 0:1.0.9-79.el4
            ovaloval:com.redhat.rhsa:tst:20120141009
          • commentseamonkey-js-debugger is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609002
        • AND
          • commentseamonkey is earlier than 0:1.0.9-79.el4
            ovaloval:com.redhat.rhsa:tst:20120141011
          • commentseamonkey is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609006
    rhsa
    idRHSA-2012:0141
    released2012-02-16
    severityCritical
    titleRHSA-2012:0141: seamonkey security update (Critical)
  • bugzilla
    id790737
    titleCVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentfirefox is earlier than 0:3.6.26-3.el4
        ovaloval:com.redhat.rhsa:tst:20120142001
      • commentfirefox is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060200002
    rhsa
    idRHSA-2012:0142
    released2012-02-16
    severityCritical
    titleRHSA-2012:0142: firefox security update (Critical)
  • bugzilla
    id790737
    titleCVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentxulrunner-devel is earlier than 0:1.9.2.26-2.el5_7
            ovaloval:com.redhat.rhsa:tst:20120143001
          • commentxulrunner-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080569006
        • AND
          • commentxulrunner is earlier than 0:1.9.2.26-2.el5_7
            ovaloval:com.redhat.rhsa:tst:20120143003
          • commentxulrunner is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080569004
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentxulrunner-devel is earlier than 0:1.9.2.26-2.el6_2
            ovaloval:com.redhat.rhsa:tst:20120143006
          • commentxulrunner-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100861004
        • AND
          • commentxulrunner is earlier than 0:1.9.2.26-2.el6_2
            ovaloval:com.redhat.rhsa:tst:20120143008
          • commentxulrunner is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100861002
    rhsa
    idRHSA-2012:0143
    released2012-02-16
    severityCritical
    titleRHSA-2012:0143: xulrunner security update (Critical)
  • bugzilla
    id790737
    titleCVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentlibpng-devel is earlier than 2:1.2.7-9.el4
            ovaloval:com.redhat.rhsa:tst:20120317001
          • commentlibpng-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060205004
        • AND
          • commentlibpng is earlier than 2:1.2.7-9.el4
            ovaloval:com.redhat.rhsa:tst:20120317003
          • commentlibpng is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060205002
        • AND
          • commentlibpng10 is earlier than 0:1.0.16-10.el4
            ovaloval:com.redhat.rhsa:tst:20120317005
          • commentlibpng10 is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070356006
        • AND
          • commentlibpng10-devel is earlier than 0:1.0.16-10.el4
            ovaloval:com.redhat.rhsa:tst:20120317007
          • commentlibpng10-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070356008
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentlibpng-devel is earlier than 2:1.2.10-15.el5_7
            ovaloval:com.redhat.rhsa:tst:20120317010
          • commentlibpng-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070356013
        • AND
          • commentlibpng is earlier than 2:1.2.10-15.el5_7
            ovaloval:com.redhat.rhsa:tst:20120317012
          • commentlibpng is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070356011
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentlibpng-devel is earlier than 2:1.2.46-2.el6_2
            ovaloval:com.redhat.rhsa:tst:20120317015
          • commentlibpng-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111105002
        • AND
          • commentlibpng-static is earlier than 2:1.2.46-2.el6_2
            ovaloval:com.redhat.rhsa:tst:20120317017
          • commentlibpng-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111105004
        • AND
          • commentlibpng is earlier than 2:1.2.46-2.el6_2
            ovaloval:com.redhat.rhsa:tst:20120317019
          • commentlibpng is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111105006
    rhsa
    idRHSA-2012:0317
    released2012-02-20
    severityImportant
    titleRHSA-2012:0317: libpng security update (Important)
rpms
  • thunderbird-0:3.1.18-2.el6_2
  • thunderbird-debuginfo-0:3.1.18-2.el6_2
  • seamonkey-0:1.0.9-79.el4
  • seamonkey-chat-0:1.0.9-79.el4
  • seamonkey-debuginfo-0:1.0.9-79.el4
  • seamonkey-devel-0:1.0.9-79.el4
  • seamonkey-dom-inspector-0:1.0.9-79.el4
  • seamonkey-js-debugger-0:1.0.9-79.el4
  • seamonkey-mail-0:1.0.9-79.el4
  • firefox-0:3.6.26-3.el4
  • firefox-debuginfo-0:3.6.26-3.el4
  • xulrunner-0:1.9.2.26-2.el5_7
  • xulrunner-0:1.9.2.26-2.el6_2
  • xulrunner-debuginfo-0:1.9.2.26-2.el5_7
  • xulrunner-debuginfo-0:1.9.2.26-2.el6_2
  • xulrunner-devel-0:1.9.2.26-2.el5_7
  • xulrunner-devel-0:1.9.2.26-2.el6_2
  • libpng-2:1.2.10-15.el5_7
  • libpng-2:1.2.46-2.el6_2
  • libpng-2:1.2.7-9.el4
  • libpng-debuginfo-2:1.2.10-15.el5_7
  • libpng-debuginfo-2:1.2.46-2.el6_2
  • libpng-debuginfo-2:1.2.7-9.el4
  • libpng-devel-2:1.2.10-15.el5_7
  • libpng-devel-2:1.2.46-2.el6_2
  • libpng-devel-2:1.2.7-9.el4
  • libpng-static-2:1.2.46-2.el6_2
  • libpng10-0:1.0.16-10.el4
  • libpng10-debuginfo-0:1.0.16-10.el4
  • libpng10-devel-0:1.0.16-10.el4

References