Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
FreeBSD Ports: png
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Insight
Insight
The following packages are affected: png linux-png firefox thunderbird linux-mozilla linux-mozilla-devel mozilla mozilla-gtk1 netscape-communicator netscape-navigator linux-netscape-communicator linux-netscape-navigator ko-netscape-navigator-linux ko-netscape-communicator-linux ja-netscape-communicator-linux ja-netscape-navigator-linux netscape7 ja-netscape7 pt_BR-netscape7 fr-netscape7 de-netscape7 CVE-2004-0597 Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. CVE-2004-0598 The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. CVE-2004-0599 Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.
Solution
Solution
Update your system with the appropriate patches or software upgrades.
Common Vulnerabilities and Exposures (CVE)
References
- http://scary.beasts.org/security/CESA-2004-001.txt
- http://secunia.com/advisories/12219
- http://secunia.com/advisories/12232
- http://bugzilla.mozilla.org/show_bug.cgi?id=251381
- http://dl.sourceforge.net/sourceforge/libpng/ADVISORY.txt
- http://www.vuxml.org/freebsd/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html