Detections
Analytics

FreeBSD : pngcheck -- Buffer-overrun vulnerability (13ca36b8-6141-11eb-8a36-7085c2fb2c14)

high Nessus Plugin ID 145560

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The libpng project reports :

pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun bugs related to the sPLT and PPLT chunks (the latter is a MNG-only chunk, but it gets noticed even in PNG files if the -s option is used). Both bugs are fixed in version 3.0.1, released on 24 January 2021. Again, while all known vulnerabilities are fixed in this version, the code is quite crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.

Solution

Update the affected package.

See Also

http://www.libpng.org/pub/png/apps/pngcheck.html

http://www.nessus.org/u?a2986b46

Plugin Details

Severity: High

ID: 145560

File Name: freebsd_pkg_13ca36b8614111eb8a367085c2fb2c14.nasl

Version: 1.1

Type: local

Published: 1/29/2021

Updated: 1/29/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:pngcheck, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/28/2021

Vulnerability Publication Date: 1/24/2021