Main Menu
-
Products
-
InsightIDR
User Behavior Analytics & SIEM -
InsightVM
Vulnerability Management -
InsightAppSec
Dynamic Application Security Testing -
InsightConnect
Orchestration & Automation -
InsightOps
Log Management -
Metasploit
Penetration Testing -
AppSpider
Application Security On-Premise -
tCell by Rapid7
Application Monitoring & Protection
-
-
Services
-
Partners
-
Research
-
Products
The Rapid7 Insight Cloud
Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.
Insight Products -
Services
Rapid7 Global Services
Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.
- Partners
- Research
- Home
- Vulnerability & Exploit Database
- Vulnerabilities
Rapid7 VulnDB
Sun Patch: GNOME 2.0.2: 64bit libpng Patch
Sun Patch: GNOME 2.0.2: 64bit libpng Patch
8
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
05/03/2006
07/25/2018
05/03/2006
05/30/2016
Description
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Solution(s)
- sunpatch-solaris-114822
Related Vulnerabilities
- APPLE-SA-2008-03-18
- APPLE-SA-2008-05-28
- APPLE-SA-2008-09-15
- APPLE-SA-2009-05-12
- APPLE-SA-2009-06-08-1
- APPLE-SA-2009-06-17-1
- APPLE-SA-2009-08-05-1
- 24000
- 24023
- 25956
- 25957
- 28276
- 28770
- 31049
- 33827
- 33990
- TA08-150A
- TA08-260A
- TA09-133A
- TA09-218A
- 649212
- 684664
- 889484
- CVE - 2007-2445
- CVE - 2007-5266
- CVE - 2007-5267
- CVE - 2007-5268
- CVE - 2007-5269
- CVE - 2008-1382
- CVE - 2008-3964
- CVE - 2009-0040
- DSA-1613
- DSA-1750
- DSA-1830
- OVAL10094
- OVAL10316
- OVAL10326
- OVAL10614
- OVAL6275
- OVAL6458
- RHSA-2007:0356
- RHSA-2007:0992
- RHSA-2009:0315
- RHSA-2009:0325
- RHSA-2009:0333
- RHSA-2009:0340
- 114822-06
- SUSE-SA:2009:012
- SUSE-SA:2009:023
- ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
- http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
- http://bugs.gentoo.org/show_bug.cgi?id=195261
- http://docs.info.apple.com/article.html?artnum=307562
- http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt
- http://irrlicht.sourceforge.net/changes.txt
- http://libpng.sourceforge.net/Advisory-1.2.26.txt
- http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
- http://lists.vmware.com/pipermail/security-announce/2008/000008.html
- http://lists.vmware.com/pipermail/security-announce/2009/000062.html
- http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10094
- http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10316
- http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10326
- http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10614
- http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6275
- http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6458
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
- http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement
- http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement
- http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement
- http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement
- http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net
- http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com
- http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com
- http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com
- http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441
- http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517
- http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624
- http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624
- http://sourceforge.net/project/shownotes.php?release_id=624518
- http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624
- http://support.apple.com/kb/HT3549
- http://support.apple.com/kb/HT3613
- http://support.apple.com/kb/HT3639
- http://support.apple.com/kb/HT3757
- http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
- http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm
- http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
- http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
- http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
- http://wiki.rpath.com/Advisories:rPSA-2009-0046
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151
- http://www.coresecurity.com/?action=item&id=2148
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:116
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:217
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:156
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
- http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt
- http://www.ocert.org/advisories/ocert-2008-003.html
- http://www.openwall.com/lists/oss-security/2008/09/09/3
- http://www.openwall.com/lists/oss-security/2008/09/09/8
- http://www.securityfocus.com/archive/1/archive/1/468910/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/483582/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/490823/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/491424/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/501767/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/503912/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/505990/100/0/threaded
- http://www.trustix.org/errata/2007/0019/
- http://www.ubuntu.com/usn/usn-472-1
- http://www.ubuntu.com/usn/usn-538-1
- http://www.vmware.com/security/advisories/VMSA-2008-0005.html
- http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- http://www.vmware.com/security/advisories/VMSA-2009-0007.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.vupen.com/english/advisories/2007/1838
- http://www.vupen.com/english/advisories/2007/2385
- http://www.vupen.com/english/advisories/2007/3390
- http://www.vupen.com/english/advisories/2007/3391
- http://www.vupen.com/english/advisories/2008/0905/references
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/1225/references
- http://www.vupen.com/english/advisories/2008/1697
- http://www.vupen.com/english/advisories/2008/2466
- http://www.vupen.com/english/advisories/2008/2512
- http://www.vupen.com/english/advisories/2008/2584
- http://www.vupen.com/english/advisories/2009/0469
- http://www.vupen.com/english/advisories/2009/0473
- http://www.vupen.com/english/advisories/2009/0632
- http://www.vupen.com/english/advisories/2009/1297
- http://www.vupen.com/english/advisories/2009/1451
- http://www.vupen.com/english/advisories/2009/1462
- http://www.vupen.com/english/advisories/2009/1522
- http://www.vupen.com/english/advisories/2009/1560
- http://www.vupen.com/english/advisories/2009/1621
- http://www.vupen.com/english/advisories/2009/2172
- https://bugzilla.redhat.com/show_bug.cgi?id=327791
- https://bugzilla.redhat.com/show_bug.cgi?id=337461
- https://issues.rpath.com/browse/RPL-1381
- https://issues.rpath.com/browse/RPL-1814
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
- 34340
- 41800
- 44928
- 48819
View more
References
- sunpatch-solaris-114822
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center