Debian DSA-140-2 : libpng - buffer overflow

high Nessus Plugin ID 14977

Synopsis

The remote Debian host is missing a security-related update.

Description

Developers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications which could potentially allow an attacker to execute malicious code. Programs such as Galeon, Konqueror and various others make use of these libraries.

In addition to that, the packages below fix another potential buffer overflow. The PNG libraries implement a safety margin which is also included in a newer upstream release. Thanks to Glenn Randers-Pehrson for informing us.

To find out which packages depend on this library, you may want to execute the following commands :

apt-cache showpkg libpng2 apt-cache showpkg libpng3

Solution

Upgrade the libpng packages immediately and restart programs and daemons that link to these libraries and read external data, such as web browsers.

This problem has been fixed in version 1.0.12-3.woody.2 of libpng and version 1.2.1-1.1.woody.2 of libpng3 for the current stable distribution (woody) and in version 1.0.12-4 of libpng and version 1.2.1-2 of libpng3 for the unstable distribution (sid). The potato release of Debian does not seem to be vulnerable.

See Also

http://www.debian.org/security/2002/dsa-140

Plugin Details

Severity: High

ID: 14977

File Name: debian_DSA-140.nasl

Version: 1.17

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libpng3, cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:libpng

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 8/5/2002

Reference Information

CVE: CVE-2002-0660, CVE-2002-0728

DSA: 140