IBM Informix Genero < 2.41 png_decompress_chunk Integer Overflow

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is potentially affected by
an integer overflow vulnerability.

Description :

The installed version of IBM Informix Genero is earlier than 2.41 and
is, therefore, potentially affected by an integer overflow vulnerability
in the libpng library used by this application. When decompressing
certain PNG image files, this could be exploited to crash the
application or even execute arbitrary code.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21620982
http://www.nessus.org/u?b0c30d9c

Solution :

Upgrade to IBM Informix Genero 2.41 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 64379 ()

Bugtraq ID: 52049

CVE ID: CVE-2011-3026

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now