Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12.

Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793)

Packages have been patched to correct these issues.

Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities :

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12.

Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793)

In addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599)

Packages have been patched to correct these issues.

The sPLT chunk handling in libpng was incorrect and a handcrafted PNG file could be use to cause an out-of-bounds read, effectively crashing the PNG viewer or webbrowser. (CVE-2006-5793)

Additionaly a 2 byte stackoverflow was fixed which we do not believe to be exploitable. It will cause an abort of the viewer or webbrowser in SUSE Linux 10.0 and newer due to string overflow checking.
(CVE-2006-3334)

The remote host is affected by the vulnerability described in GLSA-200607-06 (libpng: Buffer overflow)

    In pngrutil.c, the function png_decompress_chunk() allocates     insufficient space for an error message, potentially overwriting stack     data, leading to a buffer overflow.
  Impact :

    By enticing a user to load a maliciously crafted PNG image, an attacker     could execute arbitrary code with the rights of the user, or crash the     application using the libpng library, such as the     emul-linux-x86-baselibs.
  Workaround :

    There is no known workaround at this time.

SYSLINUX is a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities :

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12.

Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793)

Packages have been patched to correct these issues.

PXELINUX is a PXE bootloader. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities :

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12.

Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793)

Packages have been patched to correct these issues.

The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. 

This update contains several security fixes for a number of programs.

Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities :

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12.

In addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599)

Packages have been patched to correct these issues.

The remote host is affected by the vulnerability described in GLSA-200812-15 (POV-Ray: User-assisted execution of arbitrary code)

    POV-Ray uses a statically linked copy of libpng to view and output PNG     files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964,     CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in     POV-Ray's build system caused it to load the old version when your     installed copy of libpng was >=media-libs/libpng-1.2.10.
  Impact :

    An attacker could entice a user to load a specially crafted PNG file as     a texture, resulting in the execution of arbitrary code with the     permissions of the user running the application.
  Workaround :

    There is no known workaround at this time.

The sPLT chunk handling in libpng was incorrect and a handcrafted PNG file could be use to cause an out-of-bounds read, effectively crashing the PNG viewer or webbrowser. (CVE-2006-5793)

Additionally a 2 byte stackoverflow was fixed which we do not believe to be exploitable. It will cause an abort of the viewer or webbrowser in SUSE Linux 10.0 and newer due to string overflow checking.
(CVE-2006-3334)

ID	Name	Product	Family	Published	Updated	Severity
24594	Mandrake Linux Security Advisory : libpng (MDKSA-2006:209)	Nessus	Mandriva Local Security Checks	2/18/2007	1/6/2021	high
24597	Mandrake Linux Security Advisory : doxygen (MDKSA-2006:212)	Nessus	Mandriva Local Security Checks	2/18/2007	1/6/2021	critical
27329	openSUSE 10 Security Update : libpng (libpng-2322)	Nessus	SuSE Local Security Checks	10/17/2007	1/14/2021	high
22080	GLSA-200607-06 : libpng: Buffer overflow	Nessus	Gentoo Local Security Checks	7/20/2006	1/6/2021	high
24595	Mandrake Linux Security Advisory : syslinux (MDKSA-2006:210)	Nessus	Mandriva Local Security Checks	2/18/2007	1/6/2021	high
24596	Mandrake Linux Security Advisory : pxelinux (MDKSA-2006:211)	Nessus	Mandriva Local Security Checks	2/18/2007	1/6/2021	high
31605	Mac OS X Multiple Vulnerabilities (Security Update 2008-002)	Nessus	MacOS X Local Security Checks	3/19/2008	7/14/2018	critical
24598	Mandrake Linux Security Advisory : chromium (MDKSA-2006:213)	Nessus	Mandriva Local Security Checks	2/18/2007	1/6/2021	critical
35107	GLSA-200812-15 : POV-Ray: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	12/15/2008	1/6/2021	high
29507	SuSE 10 Security Update : libpng (ZYPP Patch Number 2325)	Nessus	SuSE Local Security Checks	12/13/2007	1/14/2021	high

Detections

Analytics

Plugins Search

high

critical

high

high

high

high

critical

critical

high

high