Linux Security
    Linux Security
    Linux Security

    Debian: libpng, libpng3 Out of bounds access vulnerability

    Date 30 Apr 2004
    Posted By LinuxSecurity Advisories
    This problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng.
    Debian Security Advisory DSA 498-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    April 30th, 2004               
    - --------------------------------------------------------------------------
    Package        : libpng, libpng3
    Vulnerability  : out of bound access
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0421
    Steve Grubb discovered a problem in the Portable Network Graphics
    library libpng which is utilised in several applications.  When
    processing a broken PNG image, the error handling routine will access
    memory that is out of bounds when creating an error message.
    Depending on machine architecture, bounds checking and other
    protective measures, this problem could cause the program to crash if
    a defective or intentionally prepared PNG image file is handled by
    This could be used as a denial of service attack against various
    programs that link against this library.  The following commands will
    show you which packages utilise this library and whose programs should
    probably restarted after an upgrade:
       apt-cache showpkg libpng2
       apt-cache showpkg libpng3
    The following security matrix explains which package versions will
    contain a correction.
    Package      stable (woody)          unstable (sid)
    libpng     1.0.12-3.woody.5          1.0.15-5
    libpng3    1.2.1-1.1.woody.5
    We recommend that you upgrade your libpng and related packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      579 bb372469c10598bdab815584a793012e
          Size/MD5 checksum:     8544 eb859ba53f11527e17f9ee6f841dea51
          Size/MD5 checksum:   481387 3329b745968e41f6f9e55a4d04a4964c
          Size/MD5 checksum:      582 474b8919fcd3913c2c0e269a4341cacb
          Size/MD5 checksum:     8948 ec0d3a12f3fff3b54e0473832e8b4264
          Size/MD5 checksum:   493105 75a21cbfae566158a0ac6d9f39087c4d
      Alpha architecture:
          Size/MD5 checksum:   129804 ba59e28e96642d247c49dec5b490df90
          Size/MD5 checksum:   270048 5a0c90a374ec854b5245db92c64e18c0
          Size/MD5 checksum:   276140 2a1277e1e48c0b04c09d1d6907458bb6
          Size/MD5 checksum:   133120 e5aae07a6504392c3af924f0516594a5
      ARM architecture:
          Size/MD5 checksum:   108432 ccde2f056e0573decab54dc9b5863a03
          Size/MD5 checksum:   241164 37f7b9a7e70f8ada93ef4144f3a7b112
          Size/MD5 checksum:   247362 9a03e85528176935ee656412d1d39f5c
          Size/MD5 checksum:   111638 61a50fb248af723cd7e7a8359531335f
      Intel IA-32 architecture:
          Size/MD5 checksum:   106928 5ebba610b5ea04e708b4b859a421e94d
          Size/MD5 checksum:   227334 4faf9b8916bbc2def04b0e15f4933c24
          Size/MD5 checksum:   233082 6a38ed52250de4c76eba02aef5fcb54d
          Size/MD5 checksum:   110082 4de92f1660f871372e1fad392ef03df0
      Intel IA-64 architecture:
          Size/MD5 checksum:   146464 29a93c7fb358885d31607e68b796d70d
          Size/MD5 checksum:   271462 c959b40f0e77635aaf9c24b8be1cf6bf
          Size/MD5 checksum:   278608 1e09c2aaf8eeda61581891f6e3ffdaba
          Size/MD5 checksum:   151148 ccbd7ac3077ea446070cde5d0717fee8
      HP Precision architecture:
          Size/MD5 checksum:   128434 415d56bb9afd5344b2bfadf70554119b
          Size/MD5 checksum:   262252 dc6c82d209413d8200a1828de709f040
          Size/MD5 checksum:   269434 e20f5d2fdb4cadea4010c47e6b4ce680
          Size/MD5 checksum:   132630 e8ddf5e195465930111de2edafe3a1cb
      Motorola 680x0 architecture:
          Size/MD5 checksum:   103546 912b49f931e2c46730747da0f9aaf3d4
          Size/MD5 checksum:   220492 3b0469efbda0028f53540c636ee3707a
          Size/MD5 checksum:   226160 bef7a94af6aef0b3ef3379496e5e6f68
          Size/MD5 checksum:   106560 1e5ba78b848a81e90a63b803e75be1de
      Big endian MIPS architecture:
          Size/MD5 checksum:   108554 c1e1f090aa49be62d693892b9e6681a1
          Size/MD5 checksum:   240312 e8e1fcacba1452118884dc3472405ff7
          Size/MD5 checksum:   246804 4f4cd388a577ff7e9d7b1ea646fdc820
          Size/MD5 checksum:   111908 cbff4d8f1bc4a8636bc2cdda221a8f4e
      Little endian MIPS architecture:
          Size/MD5 checksum:   108436 8a0dcd7bd57c59353824b91fedcb3d1a
          Size/MD5 checksum:   240178 204f4660f50b943e111a152a7c7a2c23
          Size/MD5 checksum:   246732 462742addee5f47e8488698bf30c365c
          Size/MD5 checksum:   111836 74db6d7fca696098b1470b93a9490895
      PowerPC architecture:
          Size/MD5 checksum:   109962 a7fe7934ed97f30e8d7e86f21ffd5f46
          Size/MD5 checksum:   234432 a087736296563bb163fe7167eb157b6e
          Size/MD5 checksum:   240508 7ef271695467ea719eb29fe880300b9d
          Size/MD5 checksum:   113010 4163eb938e5f3b898debc77b700a9174
      IBM S/390 architecture:
          Size/MD5 checksum:   110036 62680709ae57096ef5fe9a7c76da614d
          Size/MD5 checksum:   229300 f0203f50d15d203ce70dce008e1f671d
          Size/MD5 checksum:   234926 a0c5bd8af72b5e8acdec0b4b8c286300
          Size/MD5 checksum:   113080 10c4fdf29f8cd673424341f7d53e4c4f
      Sun Sparc architecture:
          Size/MD5 checksum:   109966 0b5f9a9e01934411c61ccbf5062a136c
          Size/MD5 checksum:   231840 2c2a9b0892a2188264bddf54487de82f
          Size/MD5 checksum:   237652 913dd15af5d3fb1a5cdb88aeb3cb2715
          Size/MD5 checksum:   113390 f55bf3b2794d8f3370fae6ef82362d88
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.