CVE-2002-0660
CVSS7.5
发布时间 :2002-08-12 00:00:00
修订时间 :2016-10-17 22:21:10
NMCOS    

[原文]Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.


[CNNVD]LibPNG超阔页边空白图象处理内存破坏漏洞(CNNVD-200208-195)

        
        libPNG是一款绘图程序库,用于显示PNG图象格式文件。
        libPNG在处理超宽的页边空行图象时存在问题,远程攻击者可以利用这个漏洞破坏内存信息,可能导致以服务器程序进程的权限执行任意指令。
        攻击者可以发送包含超宽的页边空行设置的PNG图象,当libPNG库处理的时候,可导致内存破坏,精心构建页边空行数据可能以服务器程序进程的权限执行任意指令。不过没有得到证实。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:greg_roelofs:libpng:1.0.12
cpe:/a:greg_roelofs:libpng3:1.2.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0660
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0660
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-195
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=102858558321355&w=2
(UNKNOWN)  DEBIAN  DSA-140
http://rhn.redhat.com/errata/RHSA-2002-151.html
(UNKNOWN)  REDHAT  RHSA-2002:151
http://rhn.redhat.com/errata/RHSA-2002-152.html
(UNKNOWN)  REDHAT  RHSA-2002:152

- 漏洞信息

LibPNG超阔页边空白图象处理内存破坏漏洞
高危 边界条件错误
2002-08-12 00:00:00 2006-09-20 00:00:00
远程  
        
        libPNG是一款绘图程序库,用于显示PNG图象格式文件。
        libPNG在处理超宽的页边空行图象时存在问题,远程攻击者可以利用这个漏洞破坏内存信息,可能导致以服务器程序进程的权限执行任意指令。
        攻击者可以发送包含超宽的页边空行设置的PNG图象,当libPNG库处理的时候,可导致内存破坏,精心构建页边空行数据可能以服务器程序进程的权限执行任意指令。不过没有得到证实。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-140-2)以及相应补丁:
        DSA-140-2:New libpng packages fix potential buffer overflow
        链接:
        http://www.debian.org/security/2002/dsa-140

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.dsc

        Size/MD5 checksum: 579 6fa91023a699b539f8406572acabcd45
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.diff.gz

        Size/MD5 checksum: 7914 5e876cff104633b6ded3930b3c16aaa6
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz

        Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.dsc

        Size/MD5 checksum: 582 1ad71907a2745b4a4c66ba57399b7f12
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.diff.gz

        Size/MD5 checksum: 8303 e72f6a3a38b4cace1971ca1c0b5bc20a
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz

        Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_alpha.deb

        Size/MD5 checksum: 276344 6ef427edc12b2b6f1c1cb9f70e9922f8
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_alpha.deb

        Size/MD5 checksum: 129748 c9c8197d16b91ad721d92c53de44d640
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_alpha.deb

        Size/MD5 checksum: 270238 4c6cf35a90dbbe8f7d781a6f0d7d5583
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_alpha.deb

        Size/MD5 checksum: 133154 220f5cd5020a19ed67b40208d5ece6c8
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_arm.deb

        Size/MD5 checksum: 247430 69afbfe0aeb0e3c08a334a84b3e8cb77
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_arm.deb

        Size/MD5 checksum: 108224 e1707faafae8955ebeae6ef3cbf70c9a
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_arm.deb

        Size/MD5 checksum: 241200 98a7ce949f1c89161a002516042d9ebd
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_arm.deb

        Size/MD5 checksum: 111508 791721c2c467b7c0b6fe666b9299a2d4
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_i386.deb

        Size/MD5 checksum: 233094 f9889af54e78f47eebe1fa5a60ef33cb
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_i386.deb

        Size/MD5 checksum: 106636 c9369f9eb9ae747365cdccf40acc3c2d
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_i386.deb

        Size/MD5 checksum: 227308 4c452324c7308dcd268128fbe4b6439f
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_i386.deb

        Size/MD5 checksum: 109802 8694e5afdb6f0c0c9e13b9f24aac8f63
        Intel IA-64 architecture:
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_ia64.deb

        Size/MD5 checksum: 278606 4e66108c22e624861a905bc5e5b55626
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_ia64.deb

        Size/MD5 checksum: 146174 91852036ba0ebff0f3734b9333a07388
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_ia64.deb

        Size/MD5 checksum: 271448 ac0dcd865700840d0efd2c36df1a217a
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_ia64.deb

        Size/MD5 checksum: 150852 f95379f323df7cd53c0fee8c8dfdde3d
        HP Precision architecture:
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_hppa.deb

        Size/MD5 checksum: 269384 48798cfcd2fce8157bb25e34b3b3bfc3
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_hppa.deb

        Size/MD5 checksum: 128266 85ff01a845db01cbdb5146c008f1a03d
        
        http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_hppa.deb

        Size/MD5 checksum: 262318 2dff123a3e2df906b66b02885048d412
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_hppa.deb

        Size/MD5 checksum: 132326 d3a294616ae7e5c710686d058641c7a8
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_m68

- 漏洞信息

14431
libpng PNG Width Handling Overflow
Context Dependent Input Manipulation
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

libpng contains an overflow condition in the handling of PNG files. The issue is triggered as user-supplied input is not properly sanitized when handling PNG files. With a specially crafted PNG file containing a malformed wide parameter, a context-dependent attacker can cause a buffer overflow to cause a denial of service or potentially execute arbitrary code.

- 时间线

2002-08-06 Unknow
Unknow 2002-07-08

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 1.0.14, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

LibPNG Malformed PNG Image Memory Corruption Vulnerability
Boundary Condition Error 5059
Yes No
2002-06-19 12:00:00 2009-07-11 01:56:00
Discovered by Max <rusmir@tula.net>.

- 受影响的程序版本

Rit Research Labs The Bat! 2.0 3 Beta
Rit Research Labs The Bat! 2.0 1
Rit Research Labs The Bat! 2.0
Rit Research Labs The Bat! 1.101
Rit Research Labs The Bat! 1.53 d
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
Rit Research Labs The Bat! 1.52
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.51
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.49
Rit Research Labs The Bat! 1.48
Rit Research Labs The Bat! 1.47
Rit Research Labs The Bat! 1.46
Rit Research Labs The Bat! 1.45
Rit Research Labs The Bat! 1.44
Rit Research Labs The Bat! 1.43
Rit Research Labs The Bat! 1.42 f
Rit Research Labs The Bat! 1.42
Rit Research Labs The Bat! 1.41
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.39
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.36
Rit Research Labs The Bat! 1.35
Rit Research Labs The Bat! 1.34
Rit Research Labs The Bat! 1.33
Rit Research Labs The Bat! 1.32
Rit Research Labs The Bat! 1.31
Rit Research Labs The Bat! 1.22
Rit Research Labs The Bat! 1.21
Rit Research Labs The Bat! 1.19
Rit Research Labs The Bat! 1.18
Rit Research Labs The Bat! 1.17
Rit Research Labs The Bat! 1.15
Rit Research Labs The Bat! 1.14
Rit Research Labs The Bat! 1.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Rit Research Labs The Bat! 1.1
Rit Research Labs The Bat! 1.0 43
Rit Research Labs The Bat! 1.0 41
Rit Research Labs The Bat! 1.0 39
Rit Research Labs The Bat! 1.0 37
Rit Research Labs The Bat! 1.0 36
Rit Research Labs The Bat! 1.0 35
Rit Research Labs The Bat! 1.0 32
Rit Research Labs The Bat! 1.0 31
Rit Research Labs The Bat! 1.0 29
Rit Research Labs The Bat! 1.0 28
Rit Research Labs The Bat! 1.0 15
Rit Research Labs The Bat! 1.0 11
Rit Research Labs The Bat! 1.0 build 1349
Rit Research Labs The Bat! 1.0 build 1336
Opera Software Opera Web Browser 6.0.1 linux
libpng libpng3 1.2.3
libpng libpng3 1.2.2
+ RedHat Linux 8.0 i386
libpng libpng3 1.2.1
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Slackware Linux 8.1
libpng libpng3 1.2 .0
+ Conectiva Linux 8.0
libpng libpng 1.0.13
libpng libpng 1.0.12
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1.1
- Caldera OpenLinux Workstation 3.1
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
libpng libpng 1.0.11
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
libpng libpng 1.0.9
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
libpng libpng 1.0.8
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
- Ximian GNOME 1.4
libpng libpng 1.0.7
libpng libpng 1.0.6
libpng libpng 1.0.5
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 7.1
Konqueror Konqueror the web browser 2.2.2
libpng libpng3 1.2.4
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ S.u.S.E. Linux 8.1
libpng libpng 1.0.14
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 6.2 i386

- 不受影响的程序版本

libpng libpng3 1.2.4
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ S.u.S.E. Linux 8.1
libpng libpng 1.0.14
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 6.2 i386

- 漏洞讨论

The libpng graphics library is vulnerable to a memory corruption error when handling some malformed PNG images. This issue is due to a buffer overflow in functions related to progressive image loading. This may potentially be exploited to cause a denial of service in applications which use the vulnerable functions or theoretically to execute arbitrary code.

Some web browsers (such as Opera, Konqueror and Mozilla) rely on this library to handle PNG images.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Debian has reported that Debian 2.2 does not appear to be vulnerable.

Ximian GNOME on Solaris 7/8 platforms ship with libpng. Ximian GNOME on other platforms do not ship with the vulnerable library. Upgrades for Solaris have been made available.

Fixes are available:


libpng libpng 1.0.11

libpng libpng 1.0.12

libpng libpng 1.0.13

libpng libpng 1.0.5

libpng libpng 1.0.6

libpng libpng 1.0.7

libpng libpng 1.0.8

libpng libpng 1.0.9

libpng libpng3 1.2 .0

libpng libpng3 1.2.1

libpng libpng3 1.2.2

libpng libpng3 1.2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站