English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.52430
Categoría:FreeBSD Local Security Checks
Título:FreeBSD Ports: ImageMagick, ImageMagick-nox11
Resumen:The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

ImageMagick
ImageMagick-nox11

CVE-2004-0597
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in
multiple products, allow remote attackers to execute arbitrary code
via malformed PNG images in which (1) the png_handle_tRNS function
does not properly validate the length of transparency chunk (tRNS)
data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do
not perform sufficient bounds checking.

CVE-2004-0598
The png_handle_iCCP function in libpng 1.2.5 and earlier allows
remote attackers to cause a denial of service (application crash)
via a certain PNG image that triggers a null dereference.

CVE-2004-0599
Multiple integer overflows in the (1) png_read_png in pngread.c
or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive
display image reading capability in libpng 1.2.5 and earlier allow
remote attackers to cause a denial of service (application crash)
via a malformed PNG image.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0597
http://lists.apple.com/mhonarc/security-announce/msg00056.html
BugTraq ID: 10857
http://www.securityfocus.com/bid/10857
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
Bugtraq: 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) (Google Search)
http://marc.info/?l=bugtraq&m=109163866717909&w=2
Bugtraq: 20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit (Google Search)
http://marc.info/?l=bugtraq&m=110796779903455&w=2
Cert/CC Advisory: TA04-217A
http://www.us-cert.gov/cas/techalerts/TA04-217A.html
Cert/CC Advisory: TA05-039A
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
CERT/CC vulnerability note: VU#388984
http://www.kb.cert.org/vuls/id/388984
CERT/CC vulnerability note: VU#817368
http://www.kb.cert.org/vuls/id/817368
Conectiva Linux advisory: CLA-2004:856
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856
Debian Security Information: DSA-536 (Google Search)
http://www.debian.org/security/2004/dsa-536
https://bugzilla.fedora.us/show_bug.cgi?id=1943
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml
http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml
HPdes Security Advisory: SSRT4778
http://marc.info/?l=bugtraq&m=109181639602978&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2004:079
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
http://scary.beasts.org/security/CESA-2004-001.txt
http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10
Microsoft Security Bulletin: MS05-009
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709
http://www.redhat.com/support/errata/RHSA-2004-402.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.redhat.com/support/errata/RHSA-2004-429.html
SCO Security Bulletin: SCOSA-2004.16
http://marc.info/?l=bugtraq&m=109761239318458&w=2
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/22957
http://secunia.com/advisories/22958
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1
SuSE Security Announcement: SUSE-SA:2004:023 (Google Search)
http://www.novell.com/linux/security/advisories/2004_23_libpng.html
http://www.trustix.net/errata/2004/0040/
XForce ISS Database: libpng-pnghandle-bo(16894)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16894
Common Vulnerability Exposure (CVE) ID: CVE-2004-0598
CERT/CC vulnerability note: VU#236656
http://www.kb.cert.org/vuls/id/236656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2572
XForce ISS Database: libpng-pnghandleiccp-dos(16895)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16895
Common Vulnerability Exposure (CVE) ID: CVE-2004-0599
CERT/CC vulnerability note: VU#160448
http://www.kb.cert.org/vuls/id/160448
CERT/CC vulnerability note: VU#286464
http://www.kb.cert.org/vuls/id/286464
CERT/CC vulnerability note: VU#477512
http://www.kb.cert.org/vuls/id/477512
Debian Security Information: DSA-570 (Google Search)
http://www.debian.org/security/2004/dsa-570
Debian Security Information: DSA-571 (Google Search)
http://www.debian.org/security/2004/dsa-571
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10938
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1479
XForce ISS Database: lilbpng-integer-bo(16896)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16896
CopyrightCopyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.