This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been found and corrected in libpng :
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng
before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers
to cause a denial of service (memory exhaustion) via a crafted PNG
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before
1.4.3, as used in progressive applications, might allow remote
attackers to execute arbitrary code via a PNG image that triggers an
additional data row (CVE-2010-1205).
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
1.4.3, allows remote attackers to cause a denial of service (memory
consumption and application crash) via a PNG image containing
malformed Physical Scale (aka sCAL) chunks (CVE-2010-2249).
As a precaution htmldoc has been rebuilt to link against the system
libpng library for CS4 and 2008.0. Latest xulrunner and
mozilla-thunderbird has been patched as a precaution for 2008.0 wheres
on 2009.0 and up the the system libpng library is used instead of the
bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is
therefore also being provided with this advisory.
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 48192 (mandriva_MDVSA-2010-133.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now