| Description: | Summary:
The remote host is missing an update for the Debian 'libpng' package(s) announced via the DSA-2032-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2042
libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via 'out-of-bounds pixels' in the file.
CVE-2010-0205
libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file
For the stable distribution (lenny), these problems have been fixed in version 1.2.27-2+lenny3.
For the testing (squeeze) and unstable (sid) distribution, these problems have been fixed in version 1.2.43-1
We recommend that you upgrade your libpng package.
Affected Software/OS:
'libpng' package(s) on Debian 5.
Solution:
Please install the updated package(s).
CVSS Score:
4.3
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
