English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51206
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2003:007
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2003:007.

Updated libpng packages are available which fix a buffer overflow
vulnerability.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format.

Unpatched versions of libpng 1.2.1 and earlier do not correctly calculate
offsets, which leads to a buffer overflow and the possibility of arbitrary
code execution. This could be exploited by an attacker creating a
carefully crafted PNG file which could execute arbitrary code when the
victim views it.

Packages within Red Hat Linux Advanced Server, such as Mozilla, make use of
the shared libpng library. All users are advised to upgrade to the errata
packages, which contain libpng 1.0.14 with a backported patch that corrects
this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-007.html

Risk factor : High

CVSS Score:
7.5

Cross-Ref: BugTraq ID: 6431
Common Vulnerability Exposure (CVE) ID: CVE-2002-1363
http://www.securityfocus.com/bid/6431
Debian Security Information: DSA-213 (Google Search)
http://www.debian.org/security/2002/dsa-213
https://bugzilla.fedora.us/show_bug.cgi?id=1943
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:008
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3657
http://www.redhat.com/support/errata/RHSA-2003-006.html
http://www.redhat.com/support/errata/RHSA-2003-007.html
http://www.redhat.com/support/errata/RHSA-2003-119.html
http://www.redhat.com/support/errata/RHSA-2003-157.html
http://www.redhat.com/support/errata/RHSA-2004-249.html
http://www.redhat.com/support/errata/RHSA-2004-402.html
SuSE Security Announcement: SUSE-SA:2003:0004 (Google Search)
http://www.novell.com/linux/security/advisories/2003_004_libpng.html
XForce ISS Database: libpng-file-offset-bo(10925)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10925
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.