GLSA-200804-15 : libpng: Execution of arbitrary code

High Nessus Plugin ID 31962

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200804-15 (libpng: Execution of arbitrary code)

Tavis Ormandy of the Google Security Team discovered that libpng does not handle zero-length unknown chunks in PNG files correctly, which might lead to memory corruption in applications that call png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks().
Impact :

A remote attacker could entice a user or automated system to process a specially crafted PNG image in an application using libpng and possibly execute arbitrary code with the privileges of the user running the application. Note that processing of unknown chunks is disabled by default in most PNG applications, but some such as ImageMagick are affected.
Workaround :

There is no known workaround at this time.

Solution

All libpng users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.26-r1'

See Also

https://security.gentoo.org/glsa/200804-15

Plugin Details

Severity: High

ID: 31962

File Name: gentoo_GLSA-200804-15.nasl

Version: 1.15

Type: local

Published: 2008/04/17

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:libpng, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/04/15

Reference Information

CVE: CVE-2008-1382

BID: 28770

GLSA: 200804-15

CWE: 189