Mandriva Linux Security Advisory : libpng (MDVSA-2010:133)

High Nessus Plugin ID 48192


The remote Mandriva Linux host is missing one or more security updates.


Multiple vulnerabilities has been found and corrected in libpng :

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file (CVE-2008-6218.

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row (CVE-2010-1205).

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks (CVE-2010-2249).

As a precaution htmldoc has been rebuilt to link against the system libpng library for CS4 and 2008.0. Latest xulrunner and mozilla-thunderbird has been patched as a precaution for 2008.0 wheres on 2009.0 and up the the system libpng library is used instead of the bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is therefore also being provided with this advisory.

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: 90

The updated packages have been patched to correct these issues.


Update the affected packages.

Plugin Details

Severity: High

ID: 48192

File Name: mandriva_MDVSA-2010-133.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2010/07/30

Modified: 2013/06/01

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:htmldoc, p-cpe:/a:mandriva:linux:htmldoc-nogui, p-cpe:/a:mandriva:linux:lib64png-devel, p-cpe:/a:mandriva:linux:lib64png-static-devel, p-cpe:/a:mandriva:linux:lib64png3, p-cpe:/a:mandriva:linux:lib64xulrunner-devel, p-cpe:/a:mandriva:linux:lib64xulrunner1.9.2.6, p-cpe:/a:mandriva:linux:libpng-devel, p-cpe:/a:mandriva:linux:libpng-source, p-cpe:/a:mandriva:linux:libpng-static-devel, p-cpe:/a:mandriva:linux:libpng3, p-cpe:/a:mandriva:linux:libxulrunner-devel, p-cpe:/a:mandriva:linux:libxulrunner1.9.2.6, p-cpe:/a:mandriva:linux:mozilla-thunderbird, p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail, p-cpe:/a:mandriva:linux:nsinstall, p-cpe:/a:mandriva:linux:xulrunner, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2009.1, cpe:/o:mandriva:linux:2010.0, cpe:/o:mandriva:linux:2010.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/07/15

Reference Information

CVE: CVE-2008-6218, CVE-2010-1205, CVE-2010-2249

BID: 31920, 41174

MDVSA: 2010:133

CWE: 399