Critical Nessus Plugin ID 14206
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:023 (libpng).
Several different security vulnerabilities were found in the PNG library which is used by applications to support the PNG image format.
A remote attacker would be able to execute arbitrary code by triggering a buffer overflow due to the incorrect handling of the length of transparency chunk data and in other pathes of image processing.
A special PNG image can be used to cause an application crashing due to NULL pointer dereference in the function png_handle_iCPP() (and other locations).
Integer overflows were found in png_handle_sPLT(), png_read_png() functions and other locations. These bugs may at least crash an application.