SUSE-SA:2004:023: libpng

critical Nessus Plugin ID 14206


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:023 (libpng).

Several different security vulnerabilities were found in the PNG library which is used by applications to support the PNG image format.

A remote attacker would be able to execute arbitrary code by triggering a buffer overflow due to the incorrect handling of the length of transparency chunk data and in other pathes of image processing.

A special PNG image can be used to cause an application crashing due to NULL pointer dereference in the function png_handle_iCPP() (and other locations).

Integer overflows were found in png_handle_sPLT(), png_read_png() functions and other locations. These bugs may at least crash an application.


Plugin Details

Severity: Critical

ID: 14206

File Name: suse_SA_2004_023.nasl

Version: 1.12

Agent: unix

Published: 8/4/2004

Updated: 1/14/2021

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Critical

Score: 9.2


Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2004-0597, CVE-2004-0598, CVE-2004-0599