OpenPKG Security Advisory
OpenPKG-SA-2004.017
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2004.017 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2004.017 Advisory Published: 2008-11-21 22:37 UTC Issue Id (internal): OpenPKG-SI-20040429.01 Issue First Created: 2004-04-29 Issue Last Modified: 2006-11-28 Issue Revision: 05
Subject Name: libpng Subject Summary: PNG Image Format with Lossless Compression Subject Home: http://www.libpng.org/pub/png/ Subject Versions: * <= 1.2.5 Vulnerability Id: CVE-2004-0421 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: denial of service Description: Steve Grubb discovered that the Portable Network Graphics (PNG) library libpng [1] accesses memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng. This can even lead to a Denial of Service (DoS) situation. References: [1] http://www.libpng.org/pub/png/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0421 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.3/UPD/png-1.2.5-1.3.1.src.rpm [6] ftp://ftp.openpkg.org/release/2.0/UPD/png-1.2.5-2.0.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.3/UPD/ [8] ftp://ftp.openpkg.org/release/2.0/UPD/ [9] http://www.openpkg.org/security.html#signature
Primary Package Name: png Primary Package Home: http://openpkg.org/go/package/png Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 1.3-SOLID analog-5.32-1.3.0 OpenPKG Community 1.3-SOLID doxygen-1.3.3-1.3.0 OpenPKG Community 1.3-SOLID ghostscript-8.10-1.3.0 OpenPKG Community 1.3-SOLID pdflib-5.0.1-1.3.0 OpenPKG Community 2.0-SOLID analog-5.32-2.0.0 OpenPKG Community 2.0-SOLID doxygen-1.3.6-2.0.0 OpenPKG Community 2.0-SOLID ghostscript-8.13-2.0.0 OpenPKG Community 2.0-SOLID mozilla-1.6-2.0.0 OpenPKG Community 2.0-SOLID pdflib-5.0.3-2.0.0 OpenPKG Community CURRENT abiword-2.1.1-20040406 OpenPKG Community CURRENT analog-5.32-20040207 OpenPKG Community CURRENT doxygen-1.3.6-20040212 OpenPKG Community CURRENT firefox-0.8-20040210 OpenPKG Community CURRENT ghostscript-8.14-20040220 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 1.3-SOLID analog-5.32-1.3.1 OpenPKG Community 1.3-SOLID doxygen-1.3.3-1.3.1 OpenPKG Community 1.3-SOLID ghostscript-8.10-1.3.1 OpenPKG Community 1.3-SOLID pdflib-5.0.1-1.3.1 OpenPKG Community 2.0-SOLID analog-5.32-2.0.1 OpenPKG Community 2.0-SOLID doxygen-1.3.6-2.0.1 OpenPKG Community 2.0-SOLID ghostscript-8.13-2.0.1 OpenPKG Community 2.0-SOLID mozilla-1.6-2.0.1 OpenPKG Community 2.0-SOLID pdflib-5.0.3-2.0.1 OpenPKG Community CURRENT abiword-2.1.2-20040429 OpenPKG Community CURRENT analog-5.32-20040429 OpenPKG Community CURRENT doxygen-1.3.6-20040429 OpenPKG Community CURRENT firefox-0.8-20040429 OpenPKG Community CURRENT ghostscript-8.14-20040429
