SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   libpng Vendors:   libpng.sourceforge.net
libpng Buffer Offset Calculation Overflow May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1010871
SecurityTracker URL:  http://securitytracker.com/id/1010871
CVE Reference:   CAN-2004-0768   (Links to External Site)
Date:  Aug 5 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Prior to 1.2.6rc1, 1.0.16rc1
Description:   A buffer overflow vulnerability was reported in libpng. A remote user may be able to cause arbitrary code to be executed by an application using libpng.

The vendor reported that libpng contains a buffer overflow vulnerability similar to that reported in CVE CAN-2002-1363. The software does not properly calculate buffer offsets, which may allow for remote code execution.

The vendor has indicate that this flaw is "quite serious."

Impact:   A remote or local user may be able to cause arbitrary code to be executed by an application using libpng. The specific impact depends on the application using libpng.
Solution:   The vendor has issued a fixed version (libpng 1.2.6rc1, libpng-1.0.16rc1), available at:

http://www.libpng.org/pub/png/libpng.html

Vendor URL:  www.libpng.org/pub/png/libpng.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 5 2004 (Debian Issues Fix) libpng Buffer Offset Calculation Overflow May Let Remote Users Execute Arbitrary Code   (Matt Zimmerman <mdz@debian.org>)
Debian has released a fix.
Aug 5 2004 (Trustix Issues Fix) libpng Buffer Offset Calculation Overflow May Let Remote Users Execute Arbitrary Code   (Trustix Security Advisor <tsl@trustix.org>)
Trustix has released a fix.
Oct 13 2004 (SCO Issues Fix) libpng Buffer Offset Calculation Overflow May Let Remote Users Execute Arbitrary Code   (please_reply_to_security@sco.com)
SCO issued a fix for UnixWare.



 Source Message Contents

Date:  Thu, 05 Aug 2004 01:53:49 -0400
Subject:  CAN-2004-0768


Debian reported that libpng contains a buffer overflow vulnerability similar to that 
reported in CVE CAN-2002-1363.  The software does not properly calculate buffer offsets, 
which may allow for remote code execution.

CVE:  CAN-2004-0768

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC