FreeBSDF9E3E60B-E650-11D8-9B0A-000347A4FA7Dlibpng stack-based buffer overflow and other code concerns
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.6%
Chris Evans has discovered multiple vulnerabilities in libpng,
which can be exploited by malicious people to compromise a
vulnerable system or cause a DoS (Denial of Service).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | png | <= 1.2.5_7 | UNKNOWN |
| FreeBSD | any | noarch | linux-png | <= 1.0.14_3 | UNKNOWN |
| FreeBSD | any | noarch | firefox | < 0.9.3 | UNKNOWN |
| FreeBSD | any | noarch | thunderbird | < 0.7.3 | UNKNOWN |
| FreeBSD | any | noarch | linux-mozilla | < 1.7.2 | UNKNOWN |
| FreeBSD | any | noarch | linux-mozilla-devel | < 1.7.2 | UNKNOWN |
| FreeBSD | any | noarch | mozilla | < 1.7.2,2 | UNKNOWN |
| FreeBSD | any | noarch | mozilla-gtk1 | < 1.7.2 | UNKNOWN |
| FreeBSD | any | noarch | netscape-communicator | <= 4.78 | UNKNOWN |
| FreeBSD | any | noarch | netscape-navigator | <= 4.78 | UNKNOWN |
References
bugzilla.mozilla.org/show_bug.cgi?id=251381
dl.sourceforge.net/sourceforge/libpng/ADVISORY.txt
scary.beasts.org/security/CESA-2004-001.txt
secunia.com/advisories/12219
secunia.com/advisories/12232
www.osvdb.org/8312
www.osvdb.org/8313
www.osvdb.org/8314
www.osvdb.org/8315
www.osvdb.org/8316
www.securityfocus.com/archive/1/370853
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.6%