LibPNG超阔页边空白图象处理内存破坏漏洞

漏洞信息详情

LibPNG超阔页边空白图象处理内存破坏漏洞

• CNNVD编号：CNNVD-200208-195
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0660
  
• 漏洞类型：
  
  
  边界条件错误
  
• 发布时间：
  
  2002-06-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-20
  
• 厂        商：
  
  greg_roelofs
• 漏洞来源：
  Debian Security Ad…

libPNG是一款绘图程序库，用于显示PNG图象格式文件。
libPNG在处理超宽的页边空行图象时存在问题，远程攻击者可以利用这个漏洞破坏内存信息，可能导致以服务器程序进程的权限执行任意指令。
攻击者可以发送包含超宽的页边空行设置的PNG图象，当libPNG库处理的时候，可导致内存破坏，精心构建页边空行数据可能以服务器程序进程的权限执行任意指令。不过没有得到证实。

厂商补丁：
Debian
——
Debian已经为此发布了一个安全公告(DSA-140-2)以及相应补丁:

DSA-140-2：New libpng packages fix potential buffer overflow

链接：http://www.debian.org/security/2002/dsa-140” target=”_blank”>
http://www.debian.org/security/2002/dsa-140

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.dsc

Size/MD5 checksum: 579 6fa91023a699b539f8406572acabcd45

http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.diff.gz

Size/MD5 checksum: 7914 5e876cff104633b6ded3930b3c16aaa6

http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz

Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.dsc

Size/MD5 checksum: 582 1ad71907a2745b4a4c66ba57399b7f12

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.diff.gz

Size/MD5 checksum: 8303 e72f6a3a38b4cace1971ca1c0b5bc20a

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz

Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d

Alpha architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_alpha.deb

Size/MD5 checksum: 276344 6ef427edc12b2b6f1c1cb9f70e9922f8

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_alpha.deb

Size/MD5 checksum: 129748 c9c8197d16b91ad721d92c53de44d640

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_alpha.deb

Size/MD5 checksum: 270238 4c6cf35a90dbbe8f7d781a6f0d7d5583

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_alpha.deb

Size/MD5 checksum: 133154 220f5cd5020a19ed67b40208d5ece6c8

ARM architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_arm.deb

Size/MD5 checksum: 247430 69afbfe0aeb0e3c08a334a84b3e8cb77

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_arm.deb

Size/MD5 checksum: 108224 e1707faafae8955ebeae6ef3cbf70c9a

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_arm.deb

Size/MD5 checksum: 241200 98a7ce949f1c89161a002516042d9ebd

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_arm.deb

Size/MD5 checksum: 111508 791721c2c467b7c0b6fe666b9299a2d4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_i386.deb

Size/MD5 checksum: 233094 f9889af54e78f47eebe1fa5a60ef33cb

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_i386.deb

Size/MD5 checksum: 106636 c9369f9eb9ae747365cdccf40acc3c2d

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_i386.deb

Size/MD5 checksum: 227308 4c452324c7308dcd268128fbe4b6439f

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_i386.deb

Size/MD5 checksum: 109802 8694e5afdb6f0c0c9e13b9f24aac8f63

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_ia64.deb

Size/MD5 checksum: 278606 4e66108c22e624861a905bc5e5b55626

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_ia64.deb

Size/MD5 checksum: 146174 91852036ba0ebff0f3734b9333a07388

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_ia64.deb

Size/MD5 checksum: 271448 ac0dcd865700840d0efd2c36df1a217a

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_ia64.deb

Size/MD5 checksum: 150852 f95379f323df7cd53c0fee8c8dfdde3d

HP Precision architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_hppa.deb

Size/MD5 checksum: 269384 48798cfcd2fce8157bb25e34b3b3bfc3

http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_hppa.deb

Size/MD5 checksum: 128266 85ff01a845db01cbdb5146c008f1a03d

http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_hppa.deb

Size/MD5 checksum: 262318 2dff123a3e2df906b66b02885048d412

http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_hppa.deb

Size/MD5 checksum: 132326 d3a294616ae7e5c710686d058641c7a8

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_m68