SUSE-SA:2004:023: libpng

Critical Nessus Plugin ID 14206


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:023 (libpng).

Several different security vulnerabilities were found in the PNG library which is used by applications to support the PNG image format.

A remote attacker would be able to execute arbitrary code by triggering a buffer overflow due to the incorrect handling of the length of transparency chunk data and in other pathes of image processing.

A special PNG image can be used to cause an application crashing due to NULL pointer dereference in the function png_handle_iCPP() (and other locations).

Integer overflows were found in png_handle_sPLT(), png_read_png() functions and other locations. These bugs may at least crash an application.


Plugin Details

Severity: Critical

ID: 14206

File Name: suse_SA_2004_023.nasl

Version: $Revision: 1.8 $

Agent: unix

Published: 2004/08/04

Modified: 2013/11/14

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2004-0597, CVE-2004-0598, CVE-2004-0599