LibPNG超阔页边空白图象处理内存破坏漏洞

admin
admin
admin
0
文章
0
评论
2022-07-14 10:58:52 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

LibPNG超阔页边空白图象处理内存破坏漏洞

  • CNNVD编号:CNNVD-200208-195
  • 危害等级: 高危
  • CVE编号: CVE-2002-0660
  • 漏洞类型: 边界条件错误
  • 发布时间: 2002-06-19
  • 威胁类型: 远程
  • 更新时间: 2006-09-20
  • 厂        商: greg_roelofs
  • 漏洞来源: Debian Security Ad...

漏洞简介

libPNG是一款绘图程序库,用于显示PNG图象格式文件。 libPNG在处理超宽的页边空行图象时存在问题,远程攻击者可以利用这个漏洞破坏内存信息,可能导致以服务器程序进程的权限执行任意指令。 攻击者可以发送包含超宽的页边空行设置的PNG图象,当libPNG库处理的时候,可导致内存破坏,精心构建页边空行数据可能以服务器程序进程的权限执行任意指令。不过没有得到证实。

漏洞公告

厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-140-2)以及相应补丁:

DSA-140-2:New libpng packages fix potential buffer overflow

链接: http://www.debian.org/security/2002/dsa-140

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.dsc

Size/MD5 checksum: 579 6fa91023a699b539f8406572acabcd45

http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.diff.gz

Size/MD5 checksum: 7914 5e876cff104633b6ded3930b3c16aaa6

http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz

Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.dsc

Size/MD5 checksum: 582 1ad71907a2745b4a4c66ba57399b7f12

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.diff.gz

Size/MD5 checksum: 8303 e72f6a3a38b4cace1971ca1c0b5bc20a

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz

Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d

Alpha architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_alpha.deb

Size/MD5 checksum: 276344 6ef427edc12b2b6f1c1cb9f70e9922f8

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_alpha.deb

Size/MD5 checksum: 129748 c9c8197d16b91ad721d92c53de44d640

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_alpha.deb

Size/MD5 checksum: 270238 4c6cf35a90dbbe8f7d781a6f0d7d5583

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_alpha.deb

Size/MD5 checksum: 133154 220f5cd5020a19ed67b40208d5ece6c8

ARM architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_arm.deb

Size/MD5 checksum: 247430 69afbfe0aeb0e3c08a334a84b3e8cb77

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_arm.deb

Size/MD5 checksum: 108224 e1707faafae8955ebeae6ef3cbf70c9a

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_arm.deb

Size/MD5 checksum: 241200 98a7ce949f1c89161a002516042d9ebd

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_arm.deb

Size/MD5 checksum: 111508 791721c2c467b7c0b6fe666b9299a2d4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_i386.deb

Size/MD5 checksum: 233094 f9889af54e78f47eebe1fa5a60ef33cb

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_i386.deb

Size/MD5 checksum: 106636 c9369f9eb9ae747365cdccf40acc3c2d

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_i386.deb

Size/MD5 checksum: 227308 4c452324c7308dcd268128fbe4b6439f

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_i386.deb

Size/MD5 checksum: 109802 8694e5afdb6f0c0c9e13b9f24aac8f63

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_ia64.deb

Size/MD5 checksum: 278606 4e66108c22e624861a905bc5e5b55626

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_ia64.deb

Size/MD5 checksum: 146174 91852036ba0ebff0f3734b9333a07388

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_ia64.deb

Size/MD5 checksum: 271448 ac0dcd865700840d0efd2c36df1a217a

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_ia64.deb

Size/MD5 checksum: 150852 f95379f323df7cd53c0fee8c8dfdde3d

HP Precision architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_hppa.deb

Size/MD5 checksum: 269384 48798cfcd2fce8157bb25e34b3b3bfc3

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_hppa.deb

Size/MD5 checksum: 128266 85ff01a845db01cbdb5146c008f1a03d

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_hppa.deb

Size/MD5 checksum: 262318 2dff123a3e2df906b66b02885048d412

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_hppa.deb

Size/MD5 checksum: 132326 d3a294616ae7e5c710686d058641c7a8

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_m68

参考网址

来源: DEBIAN 名称: DSA-140 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=102858558321355&w=2 来源: REDHAT 名称: RHSA-2002:152 链接:http://rhn.redhat.com/errata/RHSA-2002-152.HTML 来源: REDHAT 名称: RHSA-2002:151 链接:http://rhn.redhat.com/errata/RHSA-2002-151.HTML

受影响实体

  • Greg_roelofs Libpng:1.0.12  
  • Greg_roelofs Libpng3:1.2.1  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0