CVE-2006-0481
CVSS5.0
发布时间 :2006-01-31 13:03:00
修订时间 :2011-10-17 00:00:00
NMCOPS    

[原文]Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.


[CNNVD]Libpng Graphics Library PNG_Set_Strip_Alpha缓冲区溢出漏洞(CNNVD-200601-389)

        libpng 1.2.7的alpha除去功能中基于数据堆的缓冲区溢出,依赖于上下文的攻击者在使用png_do_strip_filler函数将alpha通道从映像中除去时,使系统拒绝服务(崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10780Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (cr...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0481
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0481
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-389
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16626
(PATCH)  BID  16626
http://www.redhat.com/support/errata/RHSA-2006-0205.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0205
http://securitytracker.com/id?1015617
(PATCH)  SECTRACK  1015617
http://securitytracker.com/id?1015615
(PATCH)  SECTRACK  1015615
http://secunia.com/advisories/18863
(VENDOR_ADVISORY)  SECUNIA  18863
http://secunia.com/advisories/18654
(VENDOR_ADVISORY)  SECUNIA  18654
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455
http://xforce.iss.net/xforce/xfdb/24396
(UNKNOWN)  XF  libpng-pngsetstripalpha-bo(24396)
http://www.vupen.com/english/advisories/2006/0393
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0393
http://security.gentoo.org/glsa/glsa-200812-15.xml
(UNKNOWN)  GENTOO  GLSA-200812-15
http://secunia.com/advisories/33137
(VENDOR_ADVISORY)  SECUNIA  33137
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt
(UNKNOWN)  CONFIRM  ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.8-README.txt

- 漏洞信息

Libpng Graphics Library PNG_Set_Strip_Alpha缓冲区溢出漏洞
中危 缓冲区溢出
2006-01-31 00:00:00 2009-01-23 00:00:00
远程  
        libpng 1.2.7的alpha除去功能中基于数据堆的缓冲区溢出,依赖于上下文的攻击者在使用png_do_strip_filler函数将alpha通道从映像中除去时,使系统拒绝服务(崩溃)。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        libpng libpng 1.0.16
        libpng libpng-1.2.8.tar.bz2
        http://prdownloads.sourceforge.net/libpng/libpng-1.2.8.tar.bz2?downloa d
        libpng libpng 1.0.17
        libpng libpng-1.2.8.tar.bz2
        http://prdownloads.sourceforge.net/libpng/libpng-1.2.8.tar.bz2?downloa d
        libpng libpng3 1.2.6
        libpng libpng-1.2.8.tar.bz2
        http://prdownloads.sourceforge.net/libpng/libpng-1.2.8.tar.bz2?downloa d
        libpng libpng3 1.2.7
        libpng libpng-1.2.8.tar.bz2
        http://prdownloads.sourceforge.net/libpng/libpng-1.2.8.tar.bz2?downloa d
        

- 漏洞信息 (F72968)

Gentoo Linux Security Advisory 200812-15 (PacketStormID:F72968)
2008-12-15 00:00:00
Gentoo  security.gentoo.org
advisory,arbitrary
linux,gentoo
CVE-2004-0768,CVE-2006-0481,CVE-2006-3334,CVE-2008-1382,CVE-2008-3964
[点击下载]

Gentoo Linux Security Advisory GLSA 200812-15 - POV-Ray includes a version of libpng that might allow for the execution of arbitrary code when reading a specially crafted PNG file POV-Ray uses a statically linked copy of libpng to view and output PNG files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in POV-Ray's build system caused it to load the old version when your installed copy of libpng was >=media-libs/libpng-1.2.10. Versions less than 3.6.1-r4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200812-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                              http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
       Title: POV-Ray: User-assisted execution of arbitrary code
        Date: December 14, 2008
        Bugs: #153538
          ID: 200812-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

POV-Ray includes a version of libpng that might allow for the execution
of arbitrary code when reading a specially crafted PNG file

Background
==========

POV-Ray is a well known open-source ray tracer.

Affected packages
=================

      -------------------------------------------------------------------
       Package           /  Vulnerable  /                     Unaffected
      -------------------------------------------------------------------
    1  media-gfx/povray     < 3.6.1-r4                       >= 3.6.1-r4

Description
===========

POV-Ray uses a statically linked copy of libpng to view and output PNG
files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964,
CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in
POV-Ray's build system caused it to load the old version when your
installed copy of libpng was >=media-libs/libpng-1.2.10.

Impact
======

An attacker could entice a user to load a specially crafted PNG file as
a texture, resulting in the execution of arbitrary code with the
permissions of the user running the application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All POV-Ray users should upgrade to the latest version:

      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-gfx/povray-3.6.1-r4"

References
==========

    [ 1 ] CVE-2004-0768
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0768
    [ 2 ] CVE-2006-0481
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0481
    [ 3 ] CVE-2006-3334
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
    [ 4 ] CVE-2008-1382
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
    [ 5 ] CVE-2008-3964
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200812-15.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


    

- 漏洞信息

22850
libpng PNG Processing png_set_strip_alpha() Function Overflow
Context Dependent Input Manipulation
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

libpng contains an overflow condition in the handling of PNG files. The issue is triggered as user-supplied input is not properly sanitized in the 'png_set_strip_alpha()' function within the handling of PNG files containing alpha channels. With a specially crafted PNG file, a context-dependent attacker can cause a heap-based buffer overflow to cause a denial of service or potentially execute arbitrary code.

- 时间线

2006-01-31 Unknow
Unknow 2004-12-03

- 解决方案

Upgrade to version 1.0.18, 1.2.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Libpng Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
Boundary Condition Error 16626
Yes Yes
2006-02-13 12:00:00 2008-12-15 04:11:00
The vendor disclosed this vulnerability.

- 受影响的程序版本

RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
libpng libpng3 1.2.7
+ Trustix Secure Enterprise Linux 2.0
libpng libpng3 1.2.6
libpng libpng 1.0.17
libpng libpng 1.0.16
Gentoo Linux
libpng libpng3 1.2.8
+ Slackware Linux 10.2
+ Slackware Linux 10.1
+ Slackware Linux 10.1
+ Trustix Secure Linux 3.0.5
+ Trustix Secure Linux 3.0
+ Trustix Secure Linux 2.2

- 不受影响的程序版本

libpng libpng3 1.2.8
+ Slackware Linux 10.2
+ Slackware Linux 10.1
+ Slackware Linux 10.1
+ Trustix Secure Linux 3.0.5
+ Trustix Secure Linux 3.0
+ Trustix Secure Linux 2.2

- 漏洞讨论

Libpng is reported prone to a buffer-overflow vulnerability. The library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Attackers may exploit this vulnerability to execute attacker-supplied code in the context of an application that relies on the affected library.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

The vendor has released libpng 1.2.8 to address this issue. Please see the referenced advisories for details.


libpng libpng 1.0.16

libpng libpng 1.0.17

libpng libpng3 1.2.6

libpng libpng3 1.2.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站