Lucene search

K

Gentoo FoundationGLSA-200805-10

HistoryMay 11, 2008 - 12:00 a.m.

Pngcrush: User-assisted execution of arbitrary code

2008-05-1100:00:00

Gentoo Foundation

security.gentoo.org

13

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

Background

Pngcrush is a multi platform optimizer for PNG (Portable Network Graphics) files.

Description

It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption (GLSA 200804-15).

Impact

A remote attacker could entice a user to process a specially crafted PNG image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Pngcrush users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-gfx/pngcrush-1.6.4-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/pngcrush< 1.6.4-r1UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

Related for GLSA-200805-10

openvas60 veracode1 fedora11 nessus35 freebsd1 gentoo3 securityvulns7 slackware1 ubuntucve1 cve2 prion2 seebug1 centos2 redhat1 oraclelinux2 vmware1 ubuntu1 debian1 osv1