Mozilla Thunderbird 3.1.x < 3.1.19 'png_decompress_chunk' Integer Overflow
High Nessus Plugin ID 58008
SynopsisThe remote Windows host contains a mail client that is potentially affected by an integer overflow vulnerability.
DescriptionThe installed version of Thunderbird 3.1.x is earlier than 3.1.19 and is, therefore, potentially affected by an integer overflow vulnerability.
An integer overflow error exists in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.
SolutionUpgrade to Thunderbird 3.1.19 or later.