Sun Patch: GNOME 2.0.2: 64bit libpng Patch
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | May 03, 2006 | May 03, 2006 | May 30, 2016 |
Description
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- APPLE-APPLE-SA-2008-03-18
- APPLE-APPLE-SA-2008-05-28
- APPLE-APPLE-SA-2008-09-15
- APPLE-APPLE-SA-2009-05-12
- APPLE-APPLE-SA-2009-06-08-1
- APPLE-APPLE-SA-2009-06-17-1
- APPLE-APPLE-SA-2009-08-05-1
- BID-24000
- BID-24023
- BID-25956
- BID-25957
- BID-28276
- BID-28770
- BID-31049
- BID-33827
- BID-33990
- CERT-TA08-150A
- CERT-TA08-260A
- CERT-TA09-133A
- CERT-TA09-218A
- CERT-VN-649212
- CERT-VN-684664
- CERT-VN-889484
- CVE-2007-2445
- CVE-2007-5266
- CVE-2007-5267
- CVE-2007-5268
- CVE-2007-5269
- CVE-2008-1382
- CVE-2008-3964
- CVE-2009-0040
- DEBIAN-DSA-1613
- DEBIAN-DSA-1750
- DEBIAN-DSA-1830
- OVAL-OVAL10094
- OVAL-OVAL10316
- OVAL-OVAL10326
- OVAL-OVAL10614
- OVAL-OVAL6275
- OVAL-OVAL6458
- REDHAT-RHSA-2007:0356
- REDHAT-RHSA-2007:0992
- REDHAT-RHSA-2009:0315
- REDHAT-RHSA-2009:0325
- REDHAT-RHSA-2009:0333
- REDHAT-RHSA-2009:0340
- SUNPATCH-114822-06
- SUSE-SUSE-SA:2009:012
- SUSE-SUSE-SA:2009:023
- URL-ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
- URL: http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
- URL: http://bugs.gentoo.org/show_bug.cgi?id=195261
- URL: http://docs.info.apple.com/article.html?artnum=307562
- URL: http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt
- URL: http://irrlicht.sourceforge.net/changes.txt
- URL: http://libpng.sourceforge.net/Advisory-1.2.26.txt
- URL: http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
- URL: http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- URL: http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- URL: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
- URL: http://lists.vmware.com/pipermail/security-announce/2008/000008.html
- URL: http://lists.vmware.com/pipermail/security-announce/2009/000062.html
- URL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10094
- URL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10316
- URL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10326
- URL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10614
- URL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6275
- URL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6458
- URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650
- URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323
- URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247
- URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
- URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
- URL: http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement
- URL: http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement
- URL: http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement
- URL: http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement
- URL: http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net
- URL: http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBDFFCC090D1FF0400EBC5%40MERCMBX07.na.sas.com
- URL: http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com
- URL: http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com
- URL: http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441
- URL: http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=624517
- URL: http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624
- URL: http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624
- URL: http://sourceforge.net/project/shownotes.php?release_id=624518
- URL: http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624
- URL: http://support.apple.com/kb/HT3549
- URL: http://support.apple.com/kb/HT3613
- URL: http://support.apple.com/kb/HT3639
- URL: http://support.apple.com/kb/HT3757
- URL: http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
- URL: http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm
- URL: http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
- URL: http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
- URL: http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
- URL: http://wiki.rpath.com/Advisories:rPSA-2009-0046
- URL: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151
- URL: http://www.coresecurity.com/?action=item&id=2148
- URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:116
- URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:217
- URL: http://www.mandriva.com/security/advisories?name=MDVSA-2008:156
- URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
- URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
- URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
- URL: http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt
- URL: http://www.ocert.org/advisories/ocert-2008-003.html
- URL: http://www.openwall.com/lists/oss-security/2008/09/09/3
- URL: http://www.openwall.com/lists/oss-security/2008/09/09/8
- URL: http://www.securityfocus.com/archive/1/archive/1/468910/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/483582/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/489739/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/490823/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/491424/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/501767/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/503912/100/0/threaded
- URL: http://www.securityfocus.com/archive/1/archive/1/505990/100/0/threaded
- URL: http://www.trustix.org/errata/2007/0019/
- URL: http://www.ubuntu.com/usn/usn-472-1
- URL: http://www.ubuntu.com/usn/usn-538-1
- URL: http://www.vmware.com/security/advisories/VMSA-2008-0005.html
- URL: http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- URL: http://www.vmware.com/security/advisories/VMSA-2009-0007.html
- URL: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- URL: http://www.vmware.com/support/player/doc/releasenotes_player.html
- URL: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- URL: http://www.vmware.com/support/server/doc/releasenotes_server.html
- URL: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- URL: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- URL: http://www.vupen.com/english/advisories/2007/1838
- URL: http://www.vupen.com/english/advisories/2007/2385
- URL: http://www.vupen.com/english/advisories/2007/3390
- URL: http://www.vupen.com/english/advisories/2007/3391
- URL: http://www.vupen.com/english/advisories/2008/0905/references
- URL: http://www.vupen.com/english/advisories/2008/0924/references
- URL: http://www.vupen.com/english/advisories/2008/1225/references
- URL: http://www.vupen.com/english/advisories/2008/1697
- URL: http://www.vupen.com/english/advisories/2008/2466
- URL: http://www.vupen.com/english/advisories/2008/2512
- URL: http://www.vupen.com/english/advisories/2008/2584
- URL: http://www.vupen.com/english/advisories/2009/0469
- URL: http://www.vupen.com/english/advisories/2009/0473
- URL: http://www.vupen.com/english/advisories/2009/0632
- URL: http://www.vupen.com/english/advisories/2009/1297
- URL: http://www.vupen.com/english/advisories/2009/1451
- URL: http://www.vupen.com/english/advisories/2009/1462
- URL: http://www.vupen.com/english/advisories/2009/1522
- URL: http://www.vupen.com/english/advisories/2009/1560
- URL: http://www.vupen.com/english/advisories/2009/1621
- URL: http://www.vupen.com/english/advisories/2009/2172
- URL: https://bugzilla.redhat.com/show_bug.cgi?id=327791
- URL: https://bugzilla.redhat.com/show_bug.cgi?id=337461
- URL: https://issues.rpath.com/browse/RPL-1381
- URL: https://issues.rpath.com/browse/RPL-1814
- URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
- URL: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
- XF-34340
- XF-41800
- XF-44928
- XF-48819
Solution
sunpatch-solaris-114822Related Vulnerabilities
- HP System Management Homepage - HPSBMA02250 (CVE-2006-2937): Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)
- Cent OS: CVE-2009-0771: CESA-2009:0315 (firefox)
- SUSE Linux Security Advisory: SUSE-SU-2014:1100-1
- MFSA2009-07 Firefox: Crashes with evidence of memory corruption (rv:1.9.0.7) (CVE-2009-0773)
- Gentoo Linux: CVE-2007-5269: VMware Player, Server, Workstation: Multiple vulnerabilities
- Sun Patch: SunOS 5.4: /dev/qec should protect against being opened directly
- OS X security update 2006-007 for OpenSSL (CVE-2006-4339)
- Gentoo Linux: CVE-2006-2937: OpenSSL: Multiple vulnerabilities
- SUSE Linux Security Advisory: SUSE-SR:2007:013
- VMware Workstation: Updated OpenSSL library to address various security vulnerabilities (VMSA-2008-0005) (CVE-2006-4339)
- ELSA-2007-0356 Moderate: Enterprise Linux libpng security update
- HP System Management Homepage - HPSBMA02250 (CVE-2006-4339): Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)
- Gentoo Linux: CVE-2007-2445: libpng: Denial of Service
- Oracle Linux: CVE-2006-2940: ELSA-2016-3558 - openssl security update
- ELSA-2009-0004 Important: Enterprise Linux openssl security update
- FreeBSD: png -- DoS crash vulnerability (CVE-2007-2445)
- RHSA-2007:0992: libpng security update
- ELSA-2009-0333 Moderate: Enterprise Linux libpng security update
- VMware Player: Updated OpenSSL library to address various security vulnerabilities (VMSA-2008-0005) (CVE-2006-2937)
- Sun Patch: N1 Grid Engine 6.0_x86: maintenance patch
- VMware Player: DHCP denial of service vulnerability (VMSA-2008-0005) (CVE-2008-1364)
- MFSA2009-07 SeaMonkey: Crashes with evidence of memory corruption (rv:1.9.0.7) (CVE-2009-0773)
- USN-741-1: Thunderbird vulnerabilities
- VMware Player: Windows 2000 based hosted products privilege escalation vulnerability (VMSA-2008-0005) (CVE-2007-5618)
- VMware Player: Local Privilege Escalation on Windows based platforms by Hijacking VMware VMX configuration file (VMSA-2008-0005) (CVE-2008-1363)
- RHSA-2008:0629: Red Hat Network Satellite Server Solaris client security update
- OS X update for ImageIO (CVE-2009-0040)
- VMware Player: Insecure named pipes (VMSA-2008-0005) (CVE-2008-1362)
- VMware Workstation: Insecure named pipes (VMSA-2008-0005) (CVE-2008-1362)
- FreeBSD: openoffice.org -- multiple vulnerabilities (Multiple CVEs)
- Sun Patch: SunOS 5.9: Kernel Patch
- SUSE-SA:2006:055: openssl,mozilla-nss RSA signature evasion
- Sun Patch: SunOS 5.10_x86: kernel patch
- F5 Networks: K6623 (CVE-2006-4339): OpenSSL signature vulnerability - CVE-2006-4339
- MFSA2009-07 Thunderbird: Crashes with evidence of memory corruption (rv:1.9.0.7) (CVE-2009-0773)
- Sun Patch: StarOffice 8 (Solaris): Update 18
- SUSE Linux Security Advisory: SUSE-SR:2009:005
- OS X update for ImageIO (CVE-2008-1382)
- FreeBSD: openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3) (FreeBSD-SA-06:19.openssl) (CVE-2006-4339)
- SUSE Linux Security Vulnerability: CVE-2009-0774
- OS X security update 2006-007 for OpenSSL (CVE-2006-2940)
- Sun Patch: StarSuite 8 (Solaris): Update 18
- Sun Patch: StarSuite 8 (Solaris_x86): Update 18
- OS X security update 2008-002 for X11 (CVE-2007-5269)
- SUSE-SR:2007:013:vuln5: libpng denial of service
- SUSE-SA:2006:061: opera
- Gentoo Linux: CVE-2009-0777: Mozilla Products: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2006-4343
- SUSE Linux Security Vulnerability: CVE-2009-0772
- RHSA-2008:0525: Red Hat Network Satellite Server Solaris client security update
- Gentoo Linux: CVE-2009-0771: Mozilla Products: Multiple vulnerabilities
- RHSA-2007:0356: libpng security update
- Gentoo Linux: CVE-2009-0775: Mozilla Products: Multiple vulnerabilities
- Cent OS: CVE-2009-0772: CESA-2009:0258 (thunderbird)
- FreeBSD: png -- unknown chunk processing uninitialized memory access (CVE-2008-1382)
- SUSE Linux Security Advisory: SUSE-SR:2008:010
- Sun Patch: GNOME 2.0.0_x86: libpng Patch
- VMware Player: Virtual Machine Communication Interface (VMCI) memory corruption resulting in denial of service (VMSA-2008-0005) (CVE-2008-1340)
- HP System Management Homepage - HPSBMA02250 (CVE-2006-2940): Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)
- FreeBSD: png -- multiple vulnerabilities (Multiple CVEs)
- MFSA2009-09 Firefox: XML data theft via RDFXMLDataSource and cross-domain redirect (CVE-2009-0776)
- Sun Patch: SunOS 5.9_x86: bootconfchk patch
- Oracle Linux: CVE-2006-4343: ELSA-2016-3558 - openssl security update
- Gentoo Linux: CVE-2008-1392: VMware Player, Server, Workstation: Multiple vulnerabilities
- RHSA-2006:0661: openssl security update
- VMware Workstation: Local Privilege Escalation on Windows based platforms by Hijacking VMware VMX configuration file (VMSA-2008-0005) (CVE-2008-1363)
- Cent OS: CVE-2009-0774: CESA-2009:0258 (thunderbird)
- VMware Player: Third Party Library libpng Updated to 1.2.35 (VMSA-2009-0010) (CVE-2009-0040)
- VMware Workstation: DHCP denial of service vulnerability (VMSA-2008-0005) (CVE-2008-1364)
- Apple Java security update for CVE-2006-4339
- OS X security update 2006-007 for OpenSSL (CVE-2006-2937)
- SUSE Linux Security Advisory: SUSE-SR:2006:026
- ELSA-2007-0992 Moderate: Enterprise Linux libpng security update
- OS X update for ImageIO (CVE-2007-5269)
- OS X security update 2008-002 for X11 (CVE-2007-2445)
- F5 Networks: K6734 (CVE-2006-2940): Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343
- FileZilla Server/OpenSSL Multiple Vulnerabilities
- Cent OS: CVE-2009-0040: CESA-2009:0315 (firefox)
- Gentoo Linux: CVE-2006-4339: OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
- Apple Safari security update for CVE-2009-0040
- Sun Patch: Web Server 6.1: Sun ONE Web Server 6.1 Patch WS61SP13
- Sun Patch: NSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
- VMware Player: Updated OpenSSL library to address various security vulnerabilities (VMSA-2008-0005) (CVE-2006-2940)
- ELSA-2009-0340 Moderate: Enterprise Linux libpng security update
- FreeBSD: opera -- RSA Signature Forgery (CVE-2006-4339)
- Gentoo Linux: CVE-2009-0040: VMware Player, Server, Workstation: Multiple vulnerabilities
- Sun Patch: N1 Grid Engine 6.0: maintenance patch
- RHSA-2009:0325: seamonkey security update
- OS X security update 2008-002 for X11 (CVE-2007-5268)
- Cent OS: CVE-2009-0775: CESA-2009:0258 (thunderbird)
- MFSA2009-09 Thunderbird: XML data theft via RDFXMLDataSource and cross-domain redirect (CVE-2009-0776)
- Gentoo Linux: CVE-2007-5266: AMD64 x86 emulation base libraries: Multiple vulnerabilities
- Sun Patch: SunOS 5.4: usr/bin/ps and usr/ucb/ps patch
- CESA-2007:0072: IBMJava2 security update
- VMware Workstation: Updated OpenSSL library to address various security vulnerabilities (VMSA-2008-0005) (CVE-2006-2940)
- Sun Patch: Security 3.3.4.8: NSPR 4.1.6 / NSS 3.3.4.8
- Sun Patch: SunOS 5.10: kernel patch
- Cent OS: CVE-2008-1382: CESA-2009:0333 (libpng)
- Sun Patch: SunOS 5.10_x86: libpng Patch
- USN-472-1: libpng vulnerability