GLSA-201206-15 : libpng: Multiple vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201206-15
(libpng: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in libpng:
The &ldquo
embedded_profile_len()&rdquo
function in pngwutil.c does not
check for negative values, resulting in a memory leak (CVE-2009-5063).
The &ldquo
png_format_buffer()&rdquo
function in pngerror.c contains an
off-by-one error (CVE-2011-2501).
The &ldquo
png_rgb_to_gray()&rdquo
function in pngrtran.c contains an
integer overflow error (CVE-2011-2690).
The &ldquo
png_err()&rdquo
function in pngerror.c contains a NULL pointer
dereference error (CVE-2011-2691).
The &ldquo
png_handle_sCAL()&rdquo
function in pngrutil.c improperly handles
malformed sCAL chunks(CVE-2011-2692).
The &ldquo
png_decompress_chunk()&rdquo
function in pngrutil.c contains an
integer overflow error (CVE-2011-3026).
The &ldquo
png_inflate()&rdquo
function in pngrutil.c contains and out of
bounds error (CVE-2011-3045).
The &ldquo
png_set_text_2()&rdquo
function in pngset.c contains an error
which could result in memory corruption (CVE-2011-3048).
The &ldquo
png_formatted_warning()&rdquo
function in pngerror.c contains an
off-by-one error (CVE-2011-3464).

Impact :

An attacker could exploit these vulnerabilities to execute arbitrary
code with the permissions of the user running the vulnerable program,
which could be the root user, or to cause programs linked against the
library to crash.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-201206-15.xml

Solution :

All libpng 1.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.10'
All libpng 1.2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.49'
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false