VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
JVNDB-2010-001730     ( CVE-2010-1205 | CVE-2010-1205 )
libpng に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001730.html

Original

libpng には、PNG ファイルの処理に脆弱性が存在します。 libpng には、細工された PNG ファイルを処理する際にバッファオーバーフローが発生する脆弱性が存在します。 PNG Development Group によると: Several versions of libpng through 1.4.2 (and through 1.2.43 in the older series) contain a bug whereby progressive applications such as web browsers (or the rpng2 demo app included in libpng) could receive an extra row of image data beyond the height reported in the header, potentially leading to an out-of-bounds write to memory (depending on how the application is written) and the possibility of execution of an attacker's code with the privileges of the libpng user (including remote compromise in the case of a libpng-based browser visiting a hostile web site).

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
JVN iPedia
First Published:
2010-07-27
Source Information Category:
Advisory, Alert
Last Updated:
2010-07-27




Affected Product Tags
cpe:/a:fenrir:pictbear
cpe:/a:libpng:libpng
cpe:/a:mozilla:firefox
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:thunderbird
cpe:/o:misc:miraclelinux_asianux_server:3::x86
cpe:/o:misc:miraclelinux_asianux_server:3::x86-64
cpe:/o:misc:miraclelinux_linux:3.0
cpe:/o:misc:miraclelinux_linux:3.0::x86-64
cpe:/o:misc:miraclelinux_linux:4.0
cpe:/o:misc:miraclelinux_linux:4.0::x86-64
cpe:/o:redhat:enterprise_linux:3::as
cpe:/o:redhat:enterprise_linux:3::es
cpe:/o:redhat:enterprise_linux:3::ws
cpe:/o:redhat:enterprise_linux:4.8::as
cpe:/o:redhat:enterprise_linux:4.8::es
cpe:/o:redhat:enterprise_linux:4::as
cpe:/o:redhat:enterprise_linux:4::es
cpe:/o:redhat:enterprise_linux:4::ws
cpe:/o:redhat:enterprise_linux:5::server
cpe:/o:redhat:enterprise_linux_desktop:3.0
cpe:/o:redhat:enterprise_linux_desktop:4.0
cpe:/o:redhat:enterprise_linux_desktop:5.0::client
cpe:/o:redhat:rhel_desktop_workstation:5::client
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives
Common Vulnerabilities and Exposures (CVE) CVE-2010-1205




National Vulnerability Database (NVD) CVE-2010-1205








References
Asianux Technical Support Network libpng-1.2.10-7.1.3.0.1.AXS3




ISS X-Force Database 59815




JVN JVNVU#643615




MIRACLE LINUX アップデート情報 2078




MIRACLE LINUX アップデート情報 2079




Mozilla Foundation Security Advisory MFSA 2010-41




Mozilla Foundation セキュリティアドバイザリ MFSA 2010-41




Red Hat Security Advisory RHSA-2010:0547




Red Hat Security Advisory RHSA-2010:0546




Secunia Advisory SA40302




Secunia Advisory SA40642




Secunia Advisory SA40688




Secunia Advisory SA39925




SecurityFocus 41174




US-CERT Vulnerability Note VU#643615




VUPEN Security VUPEN/ADV-2010-1612




VUPEN Security VUPEN/ADV-2010-1859




libpng.org libpng Home Page




フェンリル株式会社 pictbear




共通脆弱性タイプ一覧 (CWE) バッファエラー (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.