Debian DSA-2072-1 : libpng - several vulnerabilities
High Nessus Plugin ID 47767
The remote Debian host is missing a security-related update.
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1205 It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. - CVE-2010-2249 It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Upgrade the libpng package. For the stable distribution (lenny), these problems have been fixed in version 1.2.27-2+lenny4.