Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3166
HistoryApr 15, 2008 - 12:00 a.m.

Libpng库未知类型块处理远程代码执行漏洞

2008-04-1500:00:00
Root
www.seebug.org
83

0.032 Low

EPSS

Percentile

90.1%

JSON

BUGTRAQ ID: 28770
CVE(CAN) ID: CVE-2008-1382

libpng是多种应用程序所使用的解析PNG图形格式的函数库。

libpng库在处理畸形格式的PNG文件时存在漏洞,成功利用此漏洞允许本地攻击者读取敏感信息、导致拒绝服务或执行任意指令。

libpng库没有正确地处理未知类型的PNG块,如果使用该库的应用程序在特定情况下调用了png_set_read_user_chunk_fn()或png_set_keep_unknown_chunks()函数的话,长度为0的PNG块就会导致通过free()调用使用未初始化的内存。
0
libpng libpng 1.2.0 - 1.2.26
libpng libpng 1.0.6 - 1.0.32
libpng

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=http://downloads.sourceforge.net/libpng/libpng-1.2.27beta03.tar.bz2?modtime=1208169600&amp;big_mirror=0 target=_blank>http://downloads.sourceforge.net/libpng/libpng-1.2.27beta03.tar.bz2?modtime=1208169600&amp;big_mirror=0&lt;/a&gt;

Gentoo

Gentoo已经为此发布了一个安全公告(GLSA-200804-15)以及相应补丁:
GLSA-200804-15:libpng: Execution of arbitrary code
链接:<a href=http://security.gentoo.org/glsa/glsa-200804-15.xml target=_blank>http://security.gentoo.org/glsa/glsa-200804-15.xml&lt;/a&gt;

所有libpng用户都应升级到最新版本:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/libpng-1.2.26-r1&quot;

Related

securityvulns 7
fedora 11
nessus 35
openvas 47
slackware 1
ubuntucve 1
veracode 1
freebsd 1
gentoo 4
cve 2
prion 2
oraclelinux 2
centos 2
redhat 1
vmware 1
ubuntu 1
debian 1
osv 1
securityvulns
securityvulns
rPSA-2008-0151-1 libpng
2008-05-01 00:00:00
[ GLSA 200805-10 ] Pngcrush: User-assisted execution of arbitrary code
2008-05-13 00:00:00
libpng uninitialized memory reference
2008-04-14 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: libpng10-1.0.41-1.fc8
2008-11-13 03:37:56
[SECURITY] Fedora 9 Update: libpng10-1.0.41-1.fc9
2008-11-13 03:37:05
[SECURITY] Fedora 9 Update: libpng-1.2.29-1.fc9
2008-06-03 07:34:52
nessus
nessus
SuSE9 Security Update : libpng (YOU Patch Number 12141)
2009-09-24 00:00:00
GLSA-200805-10 : Pngcrush: User-assisted execution of arbitrary code
2008-05-13 00:00:00
Fedora 7 : libpng10-1.0.37-1.fc7 (2008-3979)
2008-05-29 00:00:00
openvas
openvas
SLES10: Security update for libpng
2009-10-13 00:00:00
Gentoo Security Advisory GLSA 200805-10 (pngcrush)
2008-09-24 00:00:00
Fedora Update for libpng10 FEDORA-2008-9379
2009-02-17 00:00:00
slackware
slackware
[slackware-security] libpng
2008-04-29 07:20:31
ubuntucve
ubuntucve
CVE-2008-1382
2008-04-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:35:45
freebsd
freebsd
png -- unknown chunk processing uninitialized memory access
2008-04-12 00:00:00
gentoo
gentoo
libpng: Execution of arbitrary code
2008-04-15 00:00:00
Pngcrush: User-assisted execution of arbitrary code
2008-05-11 00:00:00
POV-Ray: User-assisted execution of arbitrary code
2008-12-14 00:00:00
cve
cve
CVE-2008-1382
2008-04-14 16:05:00
CVE-2007-6070
2020-01-17 19:15:00
prion
prion
Design/Logic Flaw
2008-04-14 16:05:00
Design/Logic Flaw
2020-01-17 19:15:00
oraclelinux
oraclelinux
libpng security update
2009-03-04 00:00:00
libpng security update
2009-03-04 00:00:00
centos
centos
libpng, libpng10 security update
2009-03-05 18:16:07
libpng security update
2009-03-11 03:53:56
redhat
redhat
(RHSA-2009:0333) Moderate: libpng security update
2009-03-04 00:00:00
vmware
vmware
VMware Hosted products and ESX and ESXi patches resolve security issues
2009-05-28 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2009-03-06 00:00:00
debian
debian
[SECURITY] [DSA 1750-1] New libpng packages fix several vulnerabilities
2009-03-22 17:16:04
osv
osv
libpng - several vulnerabilities
2009-03-22 00:00:00

0.032 Low

EPSS

Percentile

90.1%

JSON
Related for SSV:3166
securityvulns7fedora11nessus35openvas47slackware1ubuntucve1veracode1freebsd1gentoo4cve2prion2oraclelinux2centos2redhat1vmware1ubuntu1debian1osv1