ID

VAR-200611-0210

CVE

CVE-2006-5793

TITLE

libpng of png_set_sPLT() Denial of service in function (DoS) Vulnerability

DESCRIPTION

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. PNG (Portable Network Graphics) Format image processing library libpng In png_set_sPLT() In the function sPLT In the chunk processing code section, PNG There is a problem that memory access violation occurs due to image processing.Web Pre-crafted, installed on site or attached to email png By browsing the file, service operation interruption (DoS) May be in a state. The 'libpng' graphics library is reported prone to a denial-of-service vulnerability. The library fails to perform proper bounds-checking of user-supplied input, which leads to an out-of-bounds read error. Attackers may exploit this vulnerability to crash an application that relies on the affected library. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng: Denial of Service Date: November 17, 2006 Bugs: #154380 ID: 200611-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images. Background ========== libpng is a free ANSI C library used to process and manipulate PNG images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libpng < 1.2.13 >= 1.2.13 Description =========== Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to read out of bounds. Impact ====== A remote attacker could craft an image that when processed or viewed by an application using libpng causes the application to terminate abnormally. Workaround ========== There is no known workaround at this time. Resolution ========== All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.13" References ========== [ 1 ] CVE-2006-5793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200611-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:210 http://www.mandriva.com/security/ _______________________________________________________________________ Package : syslinux Date : November 16, 2006 Affected: 2007.0 _______________________________________________________________________ Problem Description: SYSLINUX is a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem. (CVE-2006-3334) It is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12. (CVE-2006-5793) Packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: a2d0440a0b3a9c931479800703a2d60e 2007.0/i586/pxelinux-3.20-3.1mdv2007.0.i586.rpm 1dcefe1c500d17ddc430c9990b202c2b 2007.0/i586/syslinux-3.20-3.1mdv2007.0.i586.rpm 4c973128add1460edb19f4826a1bad7a 2007.0/i586/syslinux-devel-3.20-3.1mdv2007.0.i586.rpm 3893ea9327016ffbd67429924376378d 2007.0/SRPMS/syslinux-3.20-3.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: f8a364fb18e1a5a17d9112738925555c 2007.0/x86_64/pxelinux-3.20-3.1mdv2007.0.i586.rpm dc169368f3b24012fd34030a82de0367 2007.0/x86_64/syslinux-3.20-3.1mdv2007.0.i586.rpm e4ef6f30ce1ff80b91e21e883eff1d27 2007.0/x86_64/syslinux-devel-3.20-3.1mdv2007.0.i586.rpm 3893ea9327016ffbd67429924376378d 2007.0/SRPMS/syslinux-3.20-3.1mdv2007.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFXL0smqjQ0CJFipgRAqzxAJ0fyu38ObU0+wHBeH3kLfqQ6fhcawCguuCn mZJ/xzQhnNYYezkK2W6pYqo= =N+cq -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: FUJITSU Interstage Products Apache Tomcat Security Bypass SECUNIA ADVISORY ID: SA32234 VERIFY ADVISORY: http://secunia.com/advisories/32234/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Interstage Application Server 6.x http://secunia.com/advisories/product/13693/ Interstage Application Server 7.x http://secunia.com/advisories/product/13692/ Interstage Application Server 8.x http://secunia.com/advisories/product/13685/ Interstage Application Server 9.x http://secunia.com/advisories/product/15986/ Interstage Apworks 6.x http://secunia.com/advisories/product/13688/ Interstage Apworks 7.x http://secunia.com/advisories/product/13689/ Interstage Studio 8.x http://secunia.com/advisories/product/13690/ Interstage Studio 9.x http://secunia.com/advisories/product/15610/ Interstage Business Application Server 8.x http://secunia.com/advisories/product/13687/ Interstage Job Workload Server 8.x http://secunia.com/advisories/product/13686/ DESCRIPTION: A security issue has been reported in various FUJITSU Interstage products, which potentially can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to a synchronisation problem when checking IP addresses and can be exploited to bypass a filter valve that extends "RemoteFilterValve" and potentially gain access to protected contexts. SOLUTION: Patches are scheduled for release. Use a proxy or firewall to protect resources. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: FUJITSU: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html JVN: http://jvn.jp/en/jp/JVN30732239/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-5793 [2] to the problem. ________________________________________________________________________ References: [0] http://www.libpng.org/pub/png/ [1] http://www.libpng.org/pub/png/libpng.html [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) which you can retrieve from http://openpkg.org/openpkg.org.pgp. Follow the instructions on http://openpkg.org/security/signatures/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <openpkg@openpkg.org> iD8DBQFFXXaWgHWT4GPEy58RAhKOAJwMnHAAuITUWPEiMFaGMiBK9DattACeKq+J T9O+2CcdG0iwbDjXV1/Sl40= =6FRk -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Tavis Ormandy from the Gentoo Linux Security Auditing Team discovered this vulnerability.

SOURCES

LAST UPDATE DATE

2025-09-28T21:56:51.599000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE