FreeBSD : png -- libpng decompression buffer overflow (edef3f2f-82cf-11df-bcce-0018f3e2eb82)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The PNG project describes the problem in an advisory :

Several versions of libpng through 1.4.2 (and through 1.2.43 in the
older series) contain a bug whereby progressive applications such as
web browsers (or the rpng2 demo app included in libpng) could receive
an extra row of image data beyond the height reported in the header,
potentially leading to an out-of-bounds write to memory (depending on
how the application is written) and the possibility of execution of an
attacker's code with the privileges of the libpng user (including
remote compromise in the case of a libpng-based browser visiting a
hostile web site).

See also :

http://www.libpng.org/pub/png/libpng.html
http://www.nessus.org/u?705d91e0

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 47155 (freebsd_pkg_edef3f2f82cf11dfbcce0018f3e2eb82.nasl)

Bugtraq ID: 41174

CVE ID: CVE-2010-1205

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now