This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in libpng :
The png_format_buffer function in pngerror.c in libpng allows remote
attackers to cause a denial of service (application crash) via a
crafted PNG image that triggers an out-of-bounds read during the
copying of error-message data. NOTE: this vulnerability exists because
of a CVE-2004-0421 regression (CVE-2011-2501).
Buffer overflow in libpng, when used by an application that calls the
png_rgb_to_gray function but not the png_set_expand function, allows
remote attackers to overwrite memory with an arbitrary amount of data,
and possibly have unspecified other impact, via a crafted PNG image
The png_err function in pngerror.c in libpng makes a function call
using a NULL pointer argument instead of an empty-string argument,
which allows remote attackers to cause a denial of service
(application crash) via a crafted PNG image (CVE-2011-2691). NOTE:
This does not affect the binary packages in Mandriva, but could affect
users if PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.??
The png_handle_sCAL function in pngrutil.c in libpng does not properly
handle invalid sCAL chunks, which allows remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly have unspecified other impact via a crafted PNG image that
triggers the reading of uninitialized memory (CVE-2011-2692).
The updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false