MiracleLinux 4 : libpng-1.2.49-1.AXS4 (AXSA:2012-541:03)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux host has libpng 1.2.49-1.AXS4 affected by advisory AXSA-2012-541:03 and CVE-2011-3048.

Reporter	Title	Published	Views	Family All 123
IBM Security Bulletins	Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS	3 Jun 202214:32	–	ibm
FreeBSD	png -- memory corruption/possible remote code execution	29 Mar 201200:00	–	freebsd
Tenable Nessus	Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities	21 Sep 201200:00	–	nessus
Tenable Nessus	Apple iOS < 6.0 Multiple Vulnerabilities	24 Sep 201200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libpng (ALAS-2012-68)	4 Sep 201300:00	–	nessus
Tenable Nessus	Apple TV < 5.1 Multiple Vulnerabilities	27 Sep 201200:00	–	nessus
Tenable Nessus	Apple iOS < 6.0 Multiple Vulnerabilities	24 Sep 201200:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : libpng (CESA-2012:0523)	26 Apr 201200:00	–	nessus
Tenable Nessus	Debian DSA-2446-1 : libpng - incorrect memory handling	5 Apr 201200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)	14 May 201900:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/3038
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2012-541:03.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(283933);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id("CVE-2011-3048");

  script_name(english:"MiracleLinux 4 : libpng-1.2.49-1.AXS4 (AXSA:2012-541:03)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the
AXSA:2012-541:03 advisory.

    The libpng package contains a library of functions for creating and manipulating PNG (Portable Network
    Graphics) image format files.  PNG is a bit-mapped graphics format similar to the GIF format.  PNG was
    created to replace the GIF format, since GIF uses a patented data compression algorithm.
    Libpng should be installed if you need to manipulate PNG format image files.
    Security issues fixed with this release:
    CVE-2011-3048
    No description available at the time of writing, please use the CVE link below.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3038");
  script_set_attribute(attribute:"solution", value:
"Update the affected libpng and / or libpng-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3048");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libpng");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:libpng-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'libpng-1.2.49-1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libpng-1.2.49-1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libpng-devel-1.2.49-1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'libpng-devel-1.2.49-1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpng / libpng-devel');
}

14 Jan 2026 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 26.8

EPSS0.16887