Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19830
HistoryMay 13, 2008 - 12:00 a.m.

[ GLSA 200805-10 ] Pngcrush: User-assisted execution of arbitrary code

2008-05-1300:00:00
vulners.com
11
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gentoo Linux Security Advisory GLSA 200805-10

                                        http://security.gentoo.org/

Severity: Normal
Title: Pngcrush: User-assisted execution of arbitrary code
Date: May 11, 2008
Bugs: #219033
ID: 200805-10

Synopsis

A vulnerability in Pngcrush might result in user-assisted execution of
arbitrary code.

Background

Pngcrush is a multi platform optimizer for PNG (Portable Network
Graphics) files.

Affected packages

-------------------------------------------------------------------
 Package             /  Vulnerable  /                   Unaffected
-------------------------------------------------------------------

1 media-gfx/pngcrush < 1.6.4-r1 >= 1.6.4-r1

Description

It has been reported that Pngcrush includes a copy of libpng that is
vulnerable to a memory corruption (GLSA 200804-15).

Impact

A remote attacker could entice a user to process a specially crafted
PNG image, possibly resulting in the execution of arbitrary code with
the privileges of the user running the application, or a Denial of
Service.

Workaround

There is no known workaround at this time.

Resolution

All Pngcrush users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/pngcrush-1.6.4-r1&quot;

References

[ 1 ] CVE-2008-1382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
[ 2 ] GLSA 200804-15
http://www.gentoo.org/security/en/glsa/glsa-200804-15.xml

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200805-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIJ2jEuhJ+ozIKI5gRAvRlAJsE+uTJB71quUjsvbLBmCOLxMRxDQCgiDKG
LgG2O2wKtKMVI6/onkIuHKo=
=fp9X
-----END PGP SIGNATURE-----

Related

securityvulns 6
fedora 11
nessus 35
openvas 47
slackware 1
ubuntucve 1
gentoo 4
cve 2
veracode 1
freebsd 1
seebug 1
prion 2
oraclelinux 2
redhat 1
centos 2
vmware 1
ubuntu 1
debian 1
osv 1
securityvulns
securityvulns
rPSA-2008-0151-1 libpng
2008-05-01 00:00:00
libpng uninitialized memory reference
2008-04-14 00:00:00
[oCERT-2008-003] libpng zero-length chunks incorrect handling
2008-04-14 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: libpng10-1.0.41-1.fc8
2008-11-13 03:37:56
[SECURITY] Fedora 8 Update: libpng-1.2.29-1.fc8
2008-06-03 07:30:40
[SECURITY] Fedora 9 Update: libpng10-1.0.41-1.fc9
2008-11-13 03:37:05
nessus
nessus
SuSE9 Security Update : libpng (YOU Patch Number 12141)
2009-09-24 00:00:00
GLSA-200805-10 : Pngcrush: User-assisted execution of arbitrary code
2008-05-13 00:00:00
Fedora 9 : libpng10-1.0.37-1.fc9 (2008-3683)
2008-05-29 00:00:00
openvas
openvas
SLES10: Security update for libpng
2009-10-13 00:00:00
Gentoo Security Advisory GLSA 200805-10 (pngcrush)
2008-09-24 00:00:00
Fedora Update for libpng10 FEDORA-2008-9379
2009-02-17 00:00:00
slackware
slackware
[slackware-security] libpng
2008-04-29 07:20:31
ubuntucve
ubuntucve
CVE-2008-1382
2008-04-14 00:00:00
gentoo
gentoo
Pngcrush: User-assisted execution of arbitrary code
2008-05-11 00:00:00
libpng: Execution of arbitrary code
2008-04-15 00:00:00
POV-Ray: User-assisted execution of arbitrary code
2008-12-14 00:00:00
cve
cve
CVE-2008-1382
2008-04-14 16:05:00
CVE-2007-6070
2020-01-17 19:15:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:35:45
freebsd
freebsd
png -- unknown chunk processing uninitialized memory access
2008-04-12 00:00:00
seebug
seebug
LibpngεΊ“ζœͺηŸ₯η±»εž‹ε—ε€„η†θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2008-04-15 00:00:00
prion
prion
Design/Logic Flaw
2008-04-14 16:05:00
Design/Logic Flaw
2020-01-17 19:15:00
oraclelinux
oraclelinux
libpng security update
2009-03-04 00:00:00
libpng security update
2009-03-04 00:00:00
redhat
redhat
(RHSA-2009:0333) Moderate: libpng security update
2009-03-04 00:00:00
centos
centos
libpng, libpng10 security update
2009-03-05 18:16:07
libpng security update
2009-03-11 03:53:56
vmware
vmware
VMware Hosted products and ESX and ESXi patches resolve security issues
2009-05-28 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2009-03-06 00:00:00
debian
debian
[SECURITY] [DSA 1750-1] New libpng packages fix several vulnerabilities
2009-03-22 17:16:04
osv
osv
libpng - several vulnerabilities
2009-03-22 00:00:00
JSON
Related for SECURITYVULNS:DOC:19830
securityvulns6fedora11nessus35openvas47slackware1ubuntucve1gentoo4cve2veracode1freebsd1seebug1prion2oraclelinux2redhat1centos2vmware1ubuntu1debian1osv1