CVE-2004-0421
CVSS5.0
发布时间 :2004-08-18 00:00:00
修订时间 :2016-10-17 22:45:14
NMCOPS    

[原文]The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.


[CNNVD]LibPNG不合法PNG越界访问拒绝服务漏洞(CNNVD-200408-166)

        
        libpng是多种应用程序使用的解析PNG图象格式的库。
        libpng不正确处理部分不合法PNG图象,远程攻击者可以利用这个漏洞对使用这库的应用程序进行拒绝服务攻击。
        攻击者构建特殊的PNG文件,可引起连接到libpng库的应用程序打开时,由于越界访问而导致崩溃,产生拒绝服务。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:greg_roelofs:libpng:1.0.13
cpe:/a:redhat:libpng:10.1.0.13.8::i386
cpe:/a:greg_roelofs:libpng:1.0.12
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/a:greg_roelofs:libpng3:1.2.2
cpe:/a:greg_roelofs:libpng:1.0.6
cpe:/a:greg_roelofs:libpng:1.0.14
cpe:/a:greg_roelofs:libpng:1.0.5
cpe:/a:greg_roelofs:libpng3:1.2.5
cpe:/a:greg_roelofs:libpng:1.0.11
cpe:/a:greg_roelofs:libpng:1.0.10
cpe:/a:greg_roelofs:libpng:1.0.9
cpe:/a:greg_roelofs:libpng:1.0.8
cpe:/a:greg_roelofs:libpng:1.0.7
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/a:redhat:libpng:1.2.2-20::i386_dev
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/a:redhat:libpng:1.2.2-16::i386_dev
cpe:/a:openpkg:openpkg:1.3OpenPKG 1.3
cpe:/a:redhat:libpng:1.2.2-16::i386
cpe:/a:openpkg:openpkg:2.0OpenPKG 2.0
cpe:/a:redhat:libpng:10.1.0.13.11::i386_dev
cpe:/a:redhat:libpng:10.1.0.13.11::i386
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/a:redhat:libpng:1.2.2-20::i386
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/a:greg_roelofs:libpng:1.0
cpe:/a:redhat:libpng:10.1.0.13.8::i386_dev
cpe:/a:greg_roelofs:libpng3:1.2.3
cpe:/a:greg_roelofs:libpng3:1.2.4
cpe:/a:greg_roelofs:libpng3:1.2.1
cpe:/a:greg_roelofs:libpng3:1.2.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:971libpng Malformed PNG Image Vulnerability
oval:org.mitre.oval:def:11710The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0421
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0421
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-166
(官方数据源) CNNVD

- 其它链接及资源

http://lists.apple.com/mhonarc/security-announce/msg00056.html
(UNKNOWN)  APPLE  APPLE-SA-2004-09-09
http://marc.info/?l=bugtraq&m=108334922320309&w=2
(UNKNOWN)  BUGTRAQ  20040429 [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png)
http://marc.info/?l=bugtraq&m=108335030208523&w=2
(UNKNOWN)  TRUSTIX  2004-0025
http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2
(UNKNOWN)  FEDORA  FEDORA-2004-105
http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2
(UNKNOWN)  FEDORA  FEDORA-2004-106
http://www.debian.org/security/2004/dsa-498
(UNKNOWN)  DEBIAN  DSA-498
http://www.mandriva.com/security/advisories?name=MDKSA-2004:040
(UNKNOWN)  MANDRAKE  MDKSA-2004:040
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
(UNKNOWN)  MANDRIVA  MDKSA-2006:212
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
(UNKNOWN)  MANDRIVA  MDKSA-2006:213
http://www.redhat.com/support/errata/RHSA-2004-180.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:180
http://www.redhat.com/support/errata/RHSA-2004-181.html
(UNKNOWN)  REDHAT  RHSA-2004:181
http://www.securityfocus.com/bid/10244
(VENDOR_ADVISORY)  BID  10244
http://xforce.iss.net/xforce/xfdb/16022
(VENDOR_ADVISORY)  XF  libpng-png-dos(16022)

- 漏洞信息

LibPNG不合法PNG越界访问拒绝服务漏洞
中危 其他
2004-08-18 00:00:00 2010-04-02 00:00:00
远程  
        
        libpng是多种应用程序使用的解析PNG图象格式的库。
        libpng不正确处理部分不合法PNG图象,远程攻击者可以利用这个漏洞对使用这库的应用程序进行拒绝服务攻击。
        攻击者构建特殊的PNG文件,可引起连接到libpng库的应用程序打开时,由于越界访问而导致崩溃,产生拒绝服务。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        
        http://www.debian.org/security/2004/dsa-498

        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:040)以及相应补丁:
        MDKSA-2004:040:Updated libpng packages fix vulnerability
        链接:
        http://www.linux-mandrake.com/en/security/2004/2004-040.php

        补丁下载:
        Updated Packages:
        Mandrakelinux 10.0:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libpng3-1.2.5-10.2.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libpng3-devel-1.2.5-10.2.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libpng3-static-devel-1.2.5-10.2.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/libpng-1.2.5-10.2.100mdk.src.rpm
        Corporate Server 2.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libpng3-1.2.4-3.4.C21mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.4.C21mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.4.C21mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/libpng-1.2.4-3.4.C21mdk.src.rpm
        Corporate Server 2.1/x86_64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/libpng3-1.2.4-3.4.C21mdk.x86_64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/libpng3-devel-1.2.4-3.4.C21mdk.x86_64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/libpng3-static-devel-1.2.4-3.4.C21mdk.x86_64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/libpng-1.2.4-3.4.C21mdk.src.rpm
        Mandrakelinux 9.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libpng3-1.2.5-2.2.91mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libpng3-devel-1.2.5-2.2.91mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libpng3-static-devel-1.2.5-2.2.91mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/libpng-1.2.5-2.2.91mdk.src.rpm
        Mandrakelinux 9.1/PPC:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libpng3-1.2.5-2.2.91mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libpng3-devel-1.2.5-2.2.91mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libpng3-static-devel-1.2.5-2.2.91mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/libpng-1.2.5-2.2.91mdk.src.rpm
        Mandrakelinux 9.2:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libpng3-1.2.5-7.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libpng3-devel-1.2.5-7.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libpng3-static-devel-1.2.5-7.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/libpng-1.2.5-7.2.92mdk.src.rpm
        Mandrakelinux 9.2/AMD64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64png3-1.2.5-7.2.92mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64png3-devel-1.2.5-7.2.92mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64png3-static-devel-1.2.5-7.2.92mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/libpng-1.2.5-7.2.92mdk.src.rpm
        Multi Network Firewall 8.2:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/RPMS/libpng3-1.2.4-3.4.M82mdk.i586.rpm
        

- 漏洞信息 (F33220)

dsa-498.txt (PacketStormID:F33220)
2004-05-03 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2004-0421
[点击下载]

Debian Security Advisory DSA 492-1 - Steve Grubb discovered a problem in the Portable Network Graphics library libpng which is utilized in several applications. When processing a broken PNG image, the error handling routine will access memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 498-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 30th, 2004                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libpng, libpng3
Vulnerability  : out of bound access
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0421

Steve Grubb discovered a problem in the Portable Network Graphics
library libpng which is utilised in several applications.  When
processing a broken PNG image, the error handling routine will access
memory that is out of bounds when creating an error message.
Depending on machine architecture, bounds checking and other
protective measures, this problem could cause the program to crash if
a defective or intentionally prepared PNG image file is handled by
libpng.

This could be used as a denial of service attack against various
programs that link against this library.  The following commands will
show you which packages utilise this library and whose programs should
probably restarted after an upgrade:

   apt-cache showpkg libpng2
   apt-cache showpkg libpng3

The following security matrix explains which package versions will
contain a correction.

Package      stable (woody)          unstable (sid)
libpng     1.0.12-3.woody.5          1.0.15-5
libpng3    1.2.1-1.1.woody.5         1.2.5.0-6

We recommend that you upgrade your libpng and related packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.dsc
      Size/MD5 checksum:      579 bb372469c10598bdab815584a793012e
    http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.diff.gz
      Size/MD5 checksum:     8544 eb859ba53f11527e17f9ee6f841dea51
    http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
      Size/MD5 checksum:   481387 3329b745968e41f6f9e55a4d04a4964c

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.dsc
      Size/MD5 checksum:      582 474b8919fcd3913c2c0e269a4341cacb
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.diff.gz
      Size/MD5 checksum:     8948 ec0d3a12f3fff3b54e0473832e8b4264
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
      Size/MD5 checksum:   493105 75a21cbfae566158a0ac6d9f39087c4d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_alpha.deb
      Size/MD5 checksum:   129804 ba59e28e96642d247c49dec5b490df90
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_alpha.deb
      Size/MD5 checksum:   270048 5a0c90a374ec854b5245db92c64e18c0

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_alpha.deb
      Size/MD5 checksum:   276140 2a1277e1e48c0b04c09d1d6907458bb6
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_alpha.deb
      Size/MD5 checksum:   133120 e5aae07a6504392c3af924f0516594a5

  ARM architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_arm.deb
      Size/MD5 checksum:   108432 ccde2f056e0573decab54dc9b5863a03
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_arm.deb
      Size/MD5 checksum:   241164 37f7b9a7e70f8ada93ef4144f3a7b112

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_arm.deb
      Size/MD5 checksum:   247362 9a03e85528176935ee656412d1d39f5c
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_arm.deb
      Size/MD5 checksum:   111638 61a50fb248af723cd7e7a8359531335f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_i386.deb
      Size/MD5 checksum:   106928 5ebba610b5ea04e708b4b859a421e94d
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_i386.deb
      Size/MD5 checksum:   227334 4faf9b8916bbc2def04b0e15f4933c24

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_i386.deb
      Size/MD5 checksum:   233082 6a38ed52250de4c76eba02aef5fcb54d
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_i386.deb
      Size/MD5 checksum:   110082 4de92f1660f871372e1fad392ef03df0

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_ia64.deb
      Size/MD5 checksum:   146464 29a93c7fb358885d31607e68b796d70d
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_ia64.deb
      Size/MD5 checksum:   271462 c959b40f0e77635aaf9c24b8be1cf6bf

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_ia64.deb
      Size/MD5 checksum:   278608 1e09c2aaf8eeda61581891f6e3ffdaba
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_ia64.deb
      Size/MD5 checksum:   151148 ccbd7ac3077ea446070cde5d0717fee8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_hppa.deb
      Size/MD5 checksum:   128434 415d56bb9afd5344b2bfadf70554119b
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_hppa.deb
      Size/MD5 checksum:   262252 dc6c82d209413d8200a1828de709f040

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_hppa.deb
      Size/MD5 checksum:   269434 e20f5d2fdb4cadea4010c47e6b4ce680
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_hppa.deb
      Size/MD5 checksum:   132630 e8ddf5e195465930111de2edafe3a1cb

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_m68k.deb
      Size/MD5 checksum:   103546 912b49f931e2c46730747da0f9aaf3d4
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_m68k.deb
      Size/MD5 checksum:   220492 3b0469efbda0028f53540c636ee3707a

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_m68k.deb
      Size/MD5 checksum:   226160 bef7a94af6aef0b3ef3379496e5e6f68
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_m68k.deb
      Size/MD5 checksum:   106560 1e5ba78b848a81e90a63b803e75be1de

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mips.deb
      Size/MD5 checksum:   108554 c1e1f090aa49be62d693892b9e6681a1
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mips.deb
      Size/MD5 checksum:   240312 e8e1fcacba1452118884dc3472405ff7

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mips.deb
      Size/MD5 checksum:   246804 4f4cd388a577ff7e9d7b1ea646fdc820
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mips.deb
      Size/MD5 checksum:   111908 cbff4d8f1bc4a8636bc2cdda221a8f4e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mipsel.deb
      Size/MD5 checksum:   108436 8a0dcd7bd57c59353824b91fedcb3d1a
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mipsel.deb
      Size/MD5 checksum:   240178 204f4660f50b943e111a152a7c7a2c23

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mipsel.deb
      Size/MD5 checksum:   246732 462742addee5f47e8488698bf30c365c
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mipsel.deb
      Size/MD5 checksum:   111836 74db6d7fca696098b1470b93a9490895

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_powerpc.deb
      Size/MD5 checksum:   109962 a7fe7934ed97f30e8d7e86f21ffd5f46
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_powerpc.deb
      Size/MD5 checksum:   234432 a087736296563bb163fe7167eb157b6e

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_powerpc.deb
      Size/MD5 checksum:   240508 7ef271695467ea719eb29fe880300b9d
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_powerpc.deb
      Size/MD5 checksum:   113010 4163eb938e5f3b898debc77b700a9174

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_s390.deb
      Size/MD5 checksum:   110036 62680709ae57096ef5fe9a7c76da614d
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_s390.deb
      Size/MD5 checksum:   229300 f0203f50d15d203ce70dce008e1f671d

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_s390.deb
      Size/MD5 checksum:   234926 a0c5bd8af72b5e8acdec0b4b8c286300
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_s390.deb
      Size/MD5 checksum:   113080 10c4fdf29f8cd673424341f7d53e4c4f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_sparc.deb
      Size/MD5 checksum:   109966 0b5f9a9e01934411c61ccbf5062a136c
    http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_sparc.deb
      Size/MD5 checksum:   231840 2c2a9b0892a2188264bddf54487de82f

    http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_sparc.deb
      Size/MD5 checksum:   237652 913dd15af5d3fb1a5cdb88aeb3cb2715
    http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_sparc.deb
      Size/MD5 checksum:   113390 f55bf3b2794d8f3370fae6ef82362d88


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAkisGW5ql+IAeqTIRAqsaAJ9ovOyIpU9q9DEvXS/Ni/X9DPL6dQCeI1Y6
hFoO20hkBrRLym0DR1u/2yo=
=KGJN
-----END PGP SIGNATURE-----
    

- 漏洞信息

5726
libpng Malformed PNG Image Error Handling DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

libpng contains a flaw that may allow a remote denial of service. The issue is triggered when the library process a malformed PNG image and attempts to use memory it has not allocated for an error message. The application using the libpng library will crash resulting in loss of availability.

- 时间线

2004-04-30 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

LibPNG Broken PNG Out Of Bounds Access Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 10244
Yes No
2004-04-30 12:00:00 2007-01-11 09:50:00
Discovery of this vulnerability is credited to Steve Grubb.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Workstation 6.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Server 6.5
Turbolinux Turbolinux Server 6.1
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux Advanced Server 6.0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Enterprise Linux 2.0
RedHat libpng10-devel-1.0.13-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat libpng10-devel-1.0.13-11.i386.rpm
+ RedHat Linux 9.0 i386
RedHat libpng10-1.0.13-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat libpng10-1.0.13-11.i386.rpm
+ RedHat Linux 9.0 i386
RedHat libpng-devel-1.2.2-20.i386.rpm
+ RedHat Linux 9.0 i386
RedHat libpng-devel-1.2.2-16.i386.rpm
+ RedHat Linux 9.0 i386
RedHat libpng-1.2.2-20.i386.rpm
+ RedHat Linux 9.0 i386
RedHat libpng-1.2.2-16.i386.rpm
+ RedHat Linux 9.0 i386
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1
OpenPKG OpenPKG 2.0
OpenPKG OpenPKG 1.3
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
libpng libpng3 1.2.5
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Red Hat Fedora Core1
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 9.0
+ Slackware Linux -current
+ Slackware Linux -current
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
libpng libpng3 1.2.4
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ S.u.S.E. Linux 8.1
libpng libpng3 1.2.3
libpng libpng3 1.2.2
+ RedHat Linux 8.0 i386
libpng libpng3 1.2.1
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Slackware Linux 8.1
libpng libpng3 1.2 .0
+ Conectiva Linux 8.0
libpng libpng 1.0.14
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 6.2 i386
libpng libpng 1.0.13
libpng libpng 1.0.12
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1.1
- Caldera OpenLinux Workstation 3.1
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
libpng libpng 1.0.11
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
libpng libpng 1.0.10
+ S.u.S.E. Linux 7.2
libpng libpng 1.0.9
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
libpng libpng 1.0.8
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
- Ximian GNOME 1.4
libpng libpng 1.0.7
libpng libpng 1.0.6
libpng libpng 1.0.5
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 7.1
libpng libpng 1.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.4
Apple Mac OS X 10.2.8
Apple Mac OS X Server 10.3.5
Apple Mac OS X 10.3.5

- 不受影响的程序版本

Apple Mac OS X Server 10.3.5
Apple Mac OS X 10.3.5

- 漏洞讨论

The libpng graphics library is reported prone to a denial-of-service vulnerability when handling certain types of broken images.

Presumably, this issue will cause an access violation on certain systems if software that is linked to the vulnerable library is used to handle a malicious broken PNG image that is sufficient to trigger the vulnerability.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

- 解决方案

Please see the referenced advisories for more information.


RedHat libpng10-1.0.13-11.i386.rpm

RedHat libpng10-devel-1.0.13-11.i386.rpm

RedHat libpng-devel-1.2.2-20.i386.rpm

RedHat libpng-1.2.2-20.i386.rpm

Mandriva Linux Mandrake 2007.0

MandrakeSoft Corporate Server 4.0

libpng libpng 1.0.12

libpng libpng 1.0.5

libpng libpng 1.0.8

libpng libpng3 1.2.1

libpng libpng3 1.2.4

libpng libpng3 1.2.5

Mandriva Linux Mandrake 2006.0

MandrakeSoft Corporate Server 3.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站