Vulnerabilities > CVE-2011-3328 - Unspecified vulnerability in Greg Roelofs Libpng 1.5.4
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Gain a shell remotely NASL id APPLETV_5_1.NASL description According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 62357 published 2012-09-27 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62357 title Apple TV < 5.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62357); script_version("1.18"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id( "CVE-2011-1167", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3026", "CVE-2011-3048", "CVE-2011-3328", "CVE-2011-3919", "CVE-2011-4599", "CVE-2012-0682", "CVE-2012-0683", "CVE-2012-1173", "CVE-2012-3589", "CVE-2012-3590", "CVE-2012-3591", "CVE-2012-3592", "CVE-2012-3678", "CVE-2012-3679", "CVE-2012-3722", "CVE-2012-3725", "CVE-2012-3726" ); script_bugtraq_id( 46951, 48056, 49279, 49658, 49744, 51006, 51300, 52049, 52830, 52891, 54680, 56264, 56268, 56273 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2012-09-24-1"); script_name(english:"Apple TV < 5.1 Multiple Vulnerabilities"); script_summary(english:"Checks version in banner"); script_set_attribute(attribute:"synopsis", value: "The remote device is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167) - Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution. (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328) - A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution. (CVE-2012-3726) - An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution. (CVE-2012-1173) - A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution. (CVE-2011-4599) - Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution. (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919) - Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution. (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT202614"); script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2012/Sep/msg00006.html"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524229/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Upgrade the Apple TV to iOS 5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/27"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Gain a shell remotely"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("appletv_detect.nasl"); script_require_keys("www/appletv"); script_require_ports(3689); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = 3689; banner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE); if ( "DAAP-Server: iTunes/" >!< banner && "RIPT-Server: iTunesLib/" >!< banner ) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes'); pat = "^DAAP-Server: iTunes/([0-9][0-9.]+)[a-z]([0-9]+) \((Mac )?OS X\)"; if ( "DAAP-Server: iTunes/" >< banner && !egrep(pattern:pat, string:banner) ) exit(0, "The web server listening on port "+port+" does not appear to be from iTunes on an Apple TV."); fixed_major = "11.0"; fixed_minor = "46"; report = ""; # Check first for 3rd gen and recent 2nd gen models. matches = egrep(pattern:pat, string:banner); if (matches) { foreach line (split(matches, keep:FALSE)) { match = eregmatch(pattern:pat, string:line); if (!isnull(match)) { major = match[1]; minor = match[2]; if ( ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 || ( ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 && int(minor) < int(fixed_minor) ) ) { report = '\n Source : ' + line + '\n Installed iTunes version : ' + major + 'd' + minor + '\n Fixed iTunes version : ' + fixed_major + 'd' + fixed_minor + '\n'; } break; } } } else { pat2 = "^RIPT-Server: iTunesLib/([0-9]+)\."; matches = egrep(pattern:pat2, string:banner); if (matches) { foreach line (split(matches, keep:FALSE)) { match = eregmatch(pattern:pat2, string:line); if (!isnull(match)) { major = int(match[1]); if (major < 4) exit(0, "The web server listening on port "+port+" is from iTunes on a 1st generation Apple TV, which is no longer supported."); else if (major >= 4 && major <= 9) { report = '\n Source : ' + line + '\n'; } break; } } } } if (report) { if (report_verbosity > 0) security_hole(port:0, extra:report); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_3.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57797 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57797 title Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs. include("compat.inc"); if (description) { script_id(57797); script_version("1.20"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2011-1148", "CVE-2011-1167", "CVE-2011-1657", "CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921", "CVE-2011-1938", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-2895", "CVE-2011-2937", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3246", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3256", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-3348", "CVE-2011-3389", "CVE-2011-3422", "CVE-2011-3441", "CVE-2011-3444", "CVE-2011-3446", "CVE-2011-3447", "CVE-2011-3448", "CVE-2011-3449", "CVE-2011-3450", "CVE-2011-3452", "CVE-2011-3453", "CVE-2011-3457", "CVE-2011-3458", "CVE-2011-3459", "CVE-2011-3460", "CVE-2011-3462", "CVE-2011-3463" ); script_bugtraq_id( 46843, 46951, 47950, 48091, 48259, 48434, 49124, 49229, 49241, 49249, 49252, 49376, 49429, 49616, 49744, 49778, 50115, 50155, 50400, 50401, 50404, 50641, 51807, 51808, 51809, 51810, 51811, 51812, 51813, 51814, 51815, 51816, 51817, 51818, 51819, 51832 ); script_xref(name:"CERT", value:"403593"); script_xref(name:"CERT", value:"410281"); script_xref(name:"CERT", value:"864643"); script_xref(name:"ZDI", value:"ZDI-12-058"); script_xref(name:"ZDI", value:"ZDI-12-103"); script_xref(name:"ZDI", value:"ZDI-12-130"); script_name(english:"Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)"); script_summary(english:"Check the version of Mac OS X."); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11" ); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-058/"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-103/"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-130/"); script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2012/Aug/59"); script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/tls-cbc.txt"); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT5130" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.7.3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/02"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"in_the_news", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing."); if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X."); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (ereg(pattern:"Mac OS X 10\.7($|\.[0-2]([^0-9]|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-002.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components : - curl - Directory Service - ImageIO - libarchive - libsecurity - libxml - Quartz Composer - QuickTime - Ruby - Samba - Security Framework last seen 2020-06-01 modified 2020-06-02 plugin id 59067 published 2012-05-10 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59067 title Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)
References
- http://libpng.org/pub/png/libpng.html
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624
- http://support.apple.com/kb/HT5130
- http://support.apple.com/kb/HT5281
- http://support.apple.com/kb/HT5503
- http://www.kb.cert.org/vuls/id/477046
- https://bugzilla.redhat.com/show_bug.cgi?id=740864