Detections
Analytics
Debian DSA-498-1 : libpng - out of bound access
medium Nessus Plugin ID 15335
Synopsis
The remote Debian host is missing a security-related update.Description
Steve Grubb discovered a problem in the Portable Network Graphics library libpng which is utilised in several applications. When processing a broken PNG image, the error handling routine will access memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng.This could be used as a denial of service attack against various programs that link against this library. The following commands will show you which packages utilise this library and whose programs should probably restarted after an upgrade :
apt-cache showpkg libpng2 apt-cache showpkg libpng3
The following security matrix explains which package versions will contain a correction.
Package stable (woody) unstable (sid) libpng 1.0.12-3.woody.5 1.0.15-5 libpng3 1.2.1-1.1.woody.5 1.2.5.0-6
Solution
Upgrade the libpng and related packages.See Also
Plugin Details
Severity: Medium
ID: 15335
File Name: debian_DSA-498.nasl
Version: 1.22
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 9/29/2004
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:libpng, p-cpe:/a:debian:debian_linux:libpng3, cpe:/o:debian:debian_linux:3.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 4/30/2004
Vulnerability Publication Date: 4/30/2004
Reference Information
CVE: CVE-2004-0421
BID: 10244
DSA: 498