SUSE-SA:2004:023: libpng

critical Nessus Plugin ID 14206

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2004:023 (libpng).


Several different security vulnerabilities were found in the PNG library which is used by applications to support the PNG image format.

A remote attacker would be able to execute arbitrary code by triggering a buffer overflow due to the incorrect handling of the length of transparency chunk data and in other pathes of image processing.

A special PNG image can be used to cause an application crashing due to NULL pointer dereference in the function png_handle_iCPP() (and other locations).

Integer overflows were found in png_handle_sPLT(), png_read_png() functions and other locations. These bugs may at least crash an application.

Solution

http://www.suse.de/security/2004_23_libpng.html

Plugin Details

Severity: Critical

ID: 14206

File Name: suse_SA_2004_023.nasl

Version: 1.12

Agent: unix

Published: 8/4/2004

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2004-0597, CVE-2004-0598, CVE-2004-0599