|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200607-06] libpng: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
libpng: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200607-06
(libpng: Buffer overflow)
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow.
Impact
By enticing a user to load a maliciously crafted PNG image, a possible hacker
could execute arbitrary code with the rights of the user, or crash the
application using the libpng library, such as the
emul-linux-x86-baselibs.
Workaround
There is no known workaround at this time.
References:
http://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12-README.txt
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
Solution:
All libpng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.12"
All AMD64 emul-linux-x86-baselibs users should also upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-baselibs-2.5.1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
