openSUSE 10 Security Update : libpng (libpng-2322)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The sPLT chunk handling in libpng was incorrect and a handcrafted PNG
file could be use to cause an out-of-bounds read, effectively crashing
the PNG viewer or webbrowser. (CVE-2006-5793)

Additionaly a 2 byte stackoverflow was fixed which we do not believe
to be exploitable. It will cause an abort of the viewer or webbrowser
in SUSE Linux 10.0 and newer due to string overflow checking.
(CVE-2006-3334)

Solution :

Update the affected libpng packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27329 ()

Bugtraq ID:

CVE ID: CVE-2006-3334
CVE-2006-5793

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now