Debian DSA-1750-1 : libpng - several vulnerabilities

High Nessus Plugin ID 35988

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-2445 The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

- CVE-2007-5269 Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations.

- CVE-2008-1382 libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length 'unknown' chunks, which trigger an access of uninitialized memory.

- CVE-2008-5907 The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords.

- CVE-2008-6218 A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.

- CVE-2009-0040 libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

Solution

Upgrade the libpng packages.

For the old stable distribution (etch), these problems have been fixed in version 1.2.15~beta5-1+etch2.

For the stable distribution (lenny), these problems have been fixed in version 1.2.27-2+lenny2. (Only CVE-2008-5907, CVE-2008-5907 and CVE-2009-0040 affect the stable distribution.)

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446308

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476669

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516256

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512665

https://security-tracker.debian.org/tracker/CVE-2007-2445

https://security-tracker.debian.org/tracker/CVE-2007-5269

https://security-tracker.debian.org/tracker/CVE-2008-1382

https://security-tracker.debian.org/tracker/CVE-2008-5907

https://security-tracker.debian.org/tracker/CVE-2008-6218

https://security-tracker.debian.org/tracker/CVE-2009-0040

https://security-tracker.debian.org/tracker/CVE-2008-5907

https://security-tracker.debian.org/tracker/CVE-2008-5907

https://security-tracker.debian.org/tracker/CVE-2009-0040

https://www.debian.org/security/2009/dsa-1750

Plugin Details

Severity: High

ID: 35988

File Name: debian_DSA-1750.nasl

Version: 1.16

Type: local

Agent: unix

Published: 2009/03/23

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libpng, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/03/22

Reference Information

CVE: CVE-2007-2445, CVE-2007-5269, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2009-0040

BID: 25956, 28276, 28770, 31920, 33827, 33990

DSA: 1750

CWE: 20, 94, 189, 399