The 'libpng' Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability

Bugtraq ID:	21078
Class:	Boundary Condition Error
CVE:	CVE-2006-5793
Remote:	Yes
Local:	No
Published:	Nov 14 2006 12:00AM
Updated:	Mar 19 2008 02:30AM
Credit:	Tavis Ormandy from the Gentoo Linux Security Auditing Team discovered this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 TransSoft Broker FTP Server 8.0 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise Desktop 10 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux 11.0 SGI ProPack 3.0 SP6 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Desktop 1.0 rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux Virtualization 5 server RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux Hardware Certification 5 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop Multi OS 5 client RedHat Enterprise Linux Desktop version 4 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Red Hat Fedora Core6 Red Hat Fedora Core5 Red Hat Enterprise Linux Supplementary 5 server Red Hat Enterprise Linux Desktop Supplementary 5 client Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux AS 2.1 IA64 Red Hat Enterprise Linux AS 2.1 Red Hat Enterprise Linux 5 Server OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 libpng libpng3 1.2.12 + Slackware Linux 11.0 libpng libpng3 1.2.11 libpng libpng3 1.2.10 libpng libpng 1.0.18 Google Android Software Development Kit (SDK) m3-rc37a Gentoo Linux Avaya SES 3.1.1 Avaya SES 3.0 Avaya SES 2.0 Avaya Messaging Storage Server MSS 3.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking MN 3.1 Avaya Message Networking Avaya Communication Manager 2.0.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 + Avaya Communication Manager Server S8700 Avaya Communication Manager 2.0 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 + Avaya Communication Manager Server S8700 Avaya CCS 3.1.1 Avaya CCS 3.0 Avaya CCS 2.0 Avaya Aura Application Enablement Services 3.1.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X 10.5.2
Not Vulnerable:	Google Android Software Development Kit (SDK) m5-rc15

The 'libpng' Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability

The 'libpng' graphics library is reported prone to a denial-of-service vulnerability. The library fails to perform proper bounds-checking of user-supplied input, which leads to an out-of-bounds read error.

Attackers may exploit this vulnerability to crash an application that relies on the affected library.

The 'libpng' Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

The 'libpng' Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability

Solution:
Please see the references for more information.


Slackware Linux 11.0

• Slackware libpng-1.2.14-i486-1_slack11.0.tgz
  Slackware 11.0:
  ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ libpng-1.2.14-i486-1_slack11.0.tgz

Redhat Fedora Core6

• RedHat Fedora Core6 noarch/libpng-1.2.10-9.fc6.src.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/noar ch/libpng-1.2.10-9.fc6.src.rpm


• RedHat Fedora Core6 SRPMS/libpng-1.2.10-9.fc6.src.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/SRPM S/libpng-1.2.10-9.fc6.src.rpm

libpng libpng 1.0.18

• Ubuntu libpng10-0_1.0.18-1ubuntu3.1_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0 .18-1ubuntu3.1_amd64.deb


• Ubuntu libpng10-0_1.0.18-1ubuntu3.1_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0 .18-1ubuntu3.1_i386.deb


• Ubuntu libpng10-0_1.0.18-1ubuntu3.1_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0 .18-1ubuntu3.1_powerpc.deb


• Ubuntu libpng10-0_1.0.18-1ubuntu3.1_sparc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0 .18-1ubuntu3.1_sparc.deb


• Ubuntu libpng10-dev_1.0.18-1ubuntu3.1_amd64.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1 .0.18-1ubuntu3.1_amd64.deb


• Ubuntu libpng10-dev_1.0.18-1ubuntu3.1_i386.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1 .0.18-1ubuntu3.1_i386.deb


• Ubuntu libpng10-dev_1.0.18-1ubuntu3.1_powerpc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1 .0.18-1ubuntu3.1_powerpc.deb


• Ubuntu libpng10-dev_1.0.18-1ubuntu3.1_sparc.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1 .0.18-1ubuntu3.1_sparc.deb


• Ubuntu libpng2-dev_1.0.18-1ubuntu3.1_all.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng2-dev_1. 0.18-1ubuntu3.1_all.deb


• Ubuntu libpng2_1.0.18-1ubuntu3.1_all.deb
  Ubuntu 5.10:
  http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng2_1. 0.18-1ubuntu3.1_all.deb

libpng libpng3 1.2.12

• Mandriva lib64png3-1.2.12-2.2mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva lib64png3-devel-1.2.12-2.2mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva lib64png3-static-devel-1.2.12-2.2mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libpng-1.2.12-2.2mdv2007.0.src.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libpng3-1.2.12-2.2mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libpng3-devel-1.2.12-2.2mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libpng3-static-devel-1.2.12-2.2mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• OpenPKG png-1.2.13-2.20061116
  2-STABLE
  ftp://ftp.openpkg.org/release


• OpenPKG png-1.2.13-2.20061116
  2-STABLE-20061018
  ftp://ftp.openpkg.org/release


• OpenPKG png-1.2.13-20061116
  CURRENT
  ftp://ftp.openpkg.org/release

Slackware Linux 10.0

• Slackware libpng-1.2.14-i486-1_slack10.0.tgz
  Slackware 10.0:
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ libpng-1.2.14-i486-1_slack10.0.tgz

Slackware Linux 10.1

• Slackware libpng-1.2.14-i486-1_slack10.1.tgz
  Slackware 10.1:
  ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ libpng-1.2.14-i486-1_slack10.1.tgz

Slackware Linux 10.2

• Slackware libpng-1.2.14-i486-1_slack10.2.tgz
  Slackware 10.2:
  ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ libpng-1.2.14-i486-1_slack10.2.tgz

Apple Mac OS X 10.5.2

• Apple SecUpd2008-002.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat= 57&platform=osx&method=sa/SecUpd2008-002.dmg

Apple Mac OS X Server 10.5.2

• Apple SecUpdSrvr2008-002.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat= 57&platform=osx&method=sa/SecUpdSrvr2008-002.dmg

Mandriva Linux Mandrake 2006.0

• Mandriva doxygen-1.4.4-1.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva doxygen-1.4.4-1.1.20060mdk.src.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva doxygen-1.4.4-1.1.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva pxelinux-3.11-1.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva pxelinux-3.11-1.1.20060mdk.src.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva pxelinux-devel-3.11-1.1.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 3.0

• Mandriva doxygen-1.3.5-2.1.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva doxygen-1.3.5-2.1.C30mdk.src.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva doxygen-1.3.5-2.1.C30mdk.x86_64.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download

Slackware Linux 8.1

• Slackware libpng-1.2.14-i386-1_slack8.1.tgz
  Slackware 8.1:
  ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/l ibpng-1.2.14-i386-1_slack8.1.tgz

Slackware Linux 9.0

• Slackware libpng-1.2.14-i386-1_slack9.0.tgz
  Slackware 9.0:
  ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/l ibpng-1.2.14-i386-1_slack9.0.tgz

Slackware Linux 9.1

• Slackware libpng-1.2.14-i486-1_slack9.1.tgz
  Slackware 9.1:
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/l ibpng-1.2.14-i486-1_slack9.1.tgz

The 'libpng' Graphics Library PNG_SET_SPLT Remote Denial of Service Vulnerability

References:

• Bugzilla Bug 154380 (Tavis Ormandy )
  
• libpng Homepage (libpng)
  
• ASA-2007-254 libpng security update (RHSA-2007-0356) (Avaya)
  
• libpng DoS in 1.2.12 CVE-2006-5793 (rPath)
  
• Red Hat Security Advisory RHSA-2007-0356: libpng security update (Red Hat )