libpng file offset buffer overflow

libpng-file-offset-bo (10925)

High Risk

Description:

libpng is vulnerable to a buffer overflow, caused by incorrect offset calculation when modifying or creating PNG files. A remote or local attacker could exploit this vulnerability by creating a specially-crafted PNG file to overflow a buffer in pngrtran.c and cause the system to crash or execute arbitrary code on the system with elevated privileges.

Platforms Affected:

• Conectiva, Linux 6.0
• Conectiva, Linux 7.0
• Conectiva, Linux 8.0
• Debian, Debian Linux 2.2
• Debian, Debian Linux 3.0
• Gentoo, Linux
• libpng, libpng 1.2.5 and prior
• MandrakeSoft, Mandrake Linux 10.0 AMD64
• MandrakeSoft, Mandrake Linux 10.0
• MandrakeSoft, Mandrake Linux 2006
• MandrakeSoft, Mandrake Linux 2006 X86_64
• MandrakeSoft, Mandrake Linux 2007
• MandrakeSoft, Mandrake Linux 2007 X86_64
• MandrakeSoft, Mandrake Linux 7.2
• MandrakeSoft, Mandrake Linux 8.0
• MandrakeSoft, Mandrake Linux 8.0 PPC
• MandrakeSoft, Mandrake Linux 8.1
• MandrakeSoft, Mandrake Linux 8.1 IA64
• MandrakeSoft, Mandrake Linux 8.2
• MandrakeSoft, Mandrake Linux 8.2 PPC
• MandrakeSoft, Mandrake Linux 9.0
• MandrakeSoft, Mandrake Linux 9.1 PPC
• MandrakeSoft, Mandrake Linux 9.1
• MandrakeSoft, Mandrake Linux 9.2
• MandrakeSoft, Mandrake Linux 9.2 AMD64
• MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 2.1
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 4.0
• MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
• MandrakeSoft, Mandrake Multi Network Firewall 8.2
• MandrakeSoft, Mandrake Single Network Firewall 7.2
• Novell, UnitedLinux 1.0
• OpenPKG, OpenPKG 1.0
• OpenPKG, OpenPKG 1.1
• OpenPKG, OpenPKG 1.3
• OpenPKG, OpenPKG 2.0
• OpenPKG, OpenPKG CURRENT
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 3 Desktop
• RedHat, Linux 3.0
• RedHat, Linux 6.2
• RedHat, Linux 7
• RedHat, Linux 7.1
• RedHat, Linux 7.1 for iSeries
• RedHat, Linux 7.1 for pSeries
• RedHat, Linux 7.2
• RedHat, Linux 7.3
• RedHat, Linux 8.0
• RedHat, Linux Advanced Workstation 2.1 Itanium
• SuSE, Linux Enterprise Server 8
• SuSE, SuSE eMail Server 3.1
• SuSE, SuSE eMail Server III
• SuSE, SuSE Linux 7.0
• SuSE, SuSE Linux 7.1
• SuSE, SuSE Linux 7.2
• SuSE, SuSE Linux 7.3
• SuSE, SuSE Linux 8.0
• SuSE, SuSE Linux 8.1
• SuSE, SuSE Linux 8.2
• SuSE, SuSE Linux 9.0
• SuSE, SuSE Linux 9.1
• SuSE, SuSE Linux Connectivity Server
• SuSE, SuSE Linux Database Server
• SuSE, SuSE Linux Enterprise Server 7.0
• SuSE, SuSE Linux Firewall
• SuSE, SuSE Linux Office Server

Remedy:

For Debian GNU/Linux:
Upgrade to the latest versions of libpng, libpng2, or libpng3 package, as listed below. Refer to DSA-213-1 for more information. See References.

libpng and libpng2:
Debian GNU/Linux 2.2 (potato): 1.0.5-1.1 or later Debian GNU/Linux 3.0 (woody): 1.0.12-3.woody.3 or later

libpng3:
Debian GNU/Linux 3.0 (woody): 1.2.1-1.1.woody.3 or later

For Gentoo Linux:
Upgrade to the latest version of libpng (1.2.5-r7 or later), as listed in Gentoo Linux Security Announcement GLSA 200407-06. See References.

For SuSE Linux:
Upgrade to the latest libpng package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2003:0004 for more information. See References.

SuSE Linux 8.1 (Intel): 1.2.4-58 or later
SuSE Linux 8.0 and 7.3 (Intel): 2.1.0.12-160 or later
SuSE Linux 7.2 (Intel): 2.1.0.10-57 or later
SuSE Linux 7.1 (Intel): 2.1.0.8-17 or later
SuSE Linux 7.3 (Sparc): 2.1.0.12-99 or later
SuSE Linux 7.1 (AXP): 2.1.0.8-24 or later
SuSE Linux 7.0 (AXP): 2.1.0-246 or later
SuSE Linux 7.3 (PPC): 2.1.0.12-131 or later
SuSE Linux 7.1 (PPC): 2.1.0.8-22 or later

For OpenPKG:
Upgrade to the latest png package, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2004.030 for more information. See References.

For Red Hat Linux:
Upgrade to the latest libpng package, as listed below. Refer to RHSA-2003:006-06. See References.

Red Hat 6.2: libpng-1.0.14-0.6x.4 or later
Red Hat 7.0: libpng-1.0.14-0.70.2 or later
Red Hat 7.1, 7.2, and 7.3: libpng-1.0.14-0.7x.4 or later
Red Hat 8.0: libpng-1.2.2-8 or later

Upgrade to the latest libpng package, as listed below. Refer to RHSA-2004:249-07 for more information. See References.

Red Hat Enterprise Linux AS (v. 3), ES (v. 3), WS (v. 3), Desktop: 1.2.2-24.x86_64 or later

For Mandrake Linux:
Upgrade to the latest libpng package as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:008 for more information. See References.

Mandrake Linux 7.2 and Single Network Firewall 7.2: 1.0.8-2.2mdk or later
Mandrake Linux 8.0: 1.0.9-1.2mdk or later
Mandrake Linux 8.1: 1.0.12-2.2mdk or later
Mandrake Linux 8.2 and 9.0 : 1.2.4-3.2mdk or later

Refer to MandrakeSoft Security Advisory MDKSA-2004:063 : libpng for more information. See References.

Mandrake Linux 9.1: 1.2.5-2.3.91mdk or later
Mandrake Linux 9.2: 1.2.5-7.3.92mdk or later
Mandrake Linux Multi Network Firewall 8.2: 1.2.4-3.5.M82mdk or later
Mandrake Linux Corporate Server 2.1: 1.2.4-3.5.C21mdk or later
Mandrake Linux 10.0: 1.2.5-10.3.100mdk or later

For Conectiva Linux containing the libpng package:
Upgrade to the latest libpng package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:564 for more information. See References.

Conectiva Linux 6.0 and 7.0: 1.0.14-1U60_2cl.i386 or later
Conectiva Linux 8.0: 1.0.14-1U80_2cl.i386 or later

For Conectiva Linux containing the libpng3 package:
Upgrade to the latest libpng3 package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:564 for more information. See References.

Conectiva Linux 8.0: 1.2.4-1U80_2cl.i386 or later

For Mandriva Linux:
Refer to Mandriva Linux Security Advisory MDKSA-2006:213 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux:
Refer to Mandriva Linux Security Advisory MDKSA-2006:212 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• CIAC Information Bulletin O-165, Red Hat Updated libpng Packages Fix Security Issue at http://www.ciac.org/ciac/bulletins/o-165.shtml.
• CIAC Information Bulletin O-165, Red Hat Updated libpng Packages Fix Security Issue [REVISED 4 Aug 2004] at http://www.ciac.org/ciac/bulletins/o-165.shtml.
• CIAC Information Bulletin O-192, "libpng" Package Vulnerabilities at http://www.ciac.org/ciac/bulletins/o-192.shtml.
• CIAC Information Bulletin O-212, Apple Security Update at http://www.ciac.org/ciac/bulletins/o-212.shtml.
• Conectiva Linux Security Announcement CLSA-2003:564, libpng -- Buffer overflow vulnerability at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000564.
• Gentoo Linux Security Announcement 200301-7, libpng buffer overflow at http://www.linuxsecurity.com/content/view/104487/104/. (From LinuxSecurity archive)
• libpng Web site, libpng at http://www.libpng.org/pub/png/libpng.html.
• BID-6431: LibPNG Incorrect Offset Calculation Buffer Overflow Vulnerability
• CVE-2002-1363: Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.
• DSA-213: libpng -- buffer overflow
• GLSA-200407-06: libpng: Buffer overflow on row buffers
• MDKSA-2003:008: Updated libpng packages fix potential remote compromise
• MDKSA-2004:063: Updated libpng packages fix potential remote compromise
• MDKSA-2006:212: Updated doxygen packages to fix embedded libpng vulnerabilities
• MDKSA-2006:213: Updated chromium packages to fix embedded libpng vulnerabilities
• OpenPKG-SA-2003.001: libpng
• OpenPKG-SA-2004.030: libpng
• RHSA-2003-006: Updated libpng packages fix buffer overflow
• RHSA-2003-007: libpng security update
• RHSA-2003-157: Updated libpng packages fix vulnerabilities
• RHSA-2004-249: libpng security update
• RHSA-2004-402: libpng security update
• SUSE-SA:2003:0004: libpng: possible remote compromise
• SUSE-SA:2004:020: kernel: local privilege escalation

Reported:

Dec 19, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page