RHEL 2.1 : libpng (RHSA-2003:007)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated libpng packages are available which fix a buffer overflow

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format.

Unpatched versions of libpng 1.2.1 and earlier do not correctly
calculate offsets, which leads to a buffer overflow and the
possibility of arbitrary code execution. This could be exploited by an
attacker creating a carefully crafted PNG file which could execute
arbitrary code when the victim views it.

Packages within Red Hat Linux Advanced Server, such as Mozilla, make
use of the shared libpng library. All users are advised to upgrade to
the errata packages, which contain libpng 1.0.14 with a backported
patch that corrects this issue.

See also :


Solution :

Update the affected libpng and / or libpng-devel packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12348 ()

Bugtraq ID:

CVE ID: CVE-2002-1363

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial