Detections
Analytics
RHEL 2.1 : libpng (RHSA-2003:007)
high Nessus Plugin ID 12348
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated libpng packages are available which fix a buffer overflow vulnerability.[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1
The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format.
Unpatched versions of libpng 1.2.1 and earlier do not correctly calculate offsets, which leads to a buffer overflow and the possibility of arbitrary code execution. This could be exploited by an attacker creating a carefully crafted PNG file which could execute arbitrary code when the victim views it.
Packages within Red Hat Linux Advanced Server, such as Mozilla, make use of the shared libpng library. All users are advised to upgrade to the errata packages, which contain libpng 1.0.14 with a backported patch that corrects this issue.
Solution
Update the affected libpng and / or libpng-devel packages.See Also
Plugin Details
Severity: High
ID: 12348
File Name: redhat-RHSA-2003-007.nasl
Version: 1.24
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 7/6/2004
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:libpng, p-cpe:/a:redhat:enterprise_linux:libpng-devel, cpe:/o:redhat:enterprise_linux:2.1
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 2/5/2003
Vulnerability Publication Date: 12/26/2002
Reference Information
CVE: CVE-2002-1363
RHSA: 2003:007