Update #3373 (04/13/2021)
1 new signature:
MEDIUM | HTTP:STC:DL:FOXIT-FILSELECT-UAF | HTTP: Foxit Reader and PhantomPDF Text Field fileSelect Use After Free |
1 updated signature:
HIGH | HTTP:STC:IMG:LIBPNG-ROWS | HTTP: libpng Image Rows Parsing Memory Corruption Remote Code Execution |
Details of the signatures included within this bulletin:
HTTP:STC:IMG:LIBPNG-ROWS - HTTP: libpng Image Rows Parsing Memory Corruption Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against the libpng library. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Apple safari 4.0.5
- Apple safari 4.0.5 For Windows
- Avaya messaging_storage_server 1.0
- Avaya messaging_storage_server 2.0
- Apple safari 5.0.2
- Apple safari 4.1.2
- Avaya messaging_storage_server 5.2
- Apple safari 5.0.2 for Windows
- Sun solaris 10 Sparc
- Apple itunes 10.1
- Vmware server 1.0.7
- Vmware server 1.0.7 Build 108231
- Apple safari 4.0.4 For Windows
- Ubuntu ubuntu_linux 9.04 Powerpc
- Apple ios 4.1
- Avaya intuity_audix_lx 1.0
- Apple safari 4.0.3 For Windows
- Apple safari 4.0.3
- Libpng libpng 1.0.12
- Research_in_motion blackberry_enterprise_server_express_for_exchange 5.0.2 MR1
- Research_in_motion blackberry_enterprise_server_express_for_domino 5.0.2 MR1
- Research_in_motion blackberry_enterprise_server_for_exchange 5.0.2 MR1
- Research_in_motion blackberry_enterprise_server_for_domino 5.0.2 MR1
- Apple itunes 9.2.1
- Apple mac_os_x 10.5.4
- Apple mac_os_x_server 10.5.4
- Mozilla thunderbird 3.0.2
- Research_in_motion blackberry_enterprise_server_for_exchange 5.0.3
- Apple safari 4.1.2 for Windows
- Avaya aura_conferencing 6.0 Standard
- Avaya aura_system_manager 1.0
- Ubuntu ubuntu_linux 9.10 Amd64
- Ubuntu ubuntu_linux 9.10 I386
- Mandriva corporate_server 4.0.0 X86 64
- Ubuntu ubuntu_linux 9.10 Powerpc
- Ubuntu ubuntu_linux 9.10 Sparc
- Slackware linux 9.1.0
- Mozilla firefox 3.6.4
- Apple iphone 3.0
- Vmware player 3.1
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Mandriva linux_mandrake 2010.0 X86 64
- Mandriva linux_mandrake 2010.0
- Apple mac_os_x 10.6.2
- Apple mac_os_x_server 10.6.2
- Avaya proactive_contact 4.1
- Vmware workstation 6.5.1
- Avaya intuity_audix_lx R1.1
- Vmware workstation 6.5.0 Build 118166
- Vmware player 2.5.0 Build 118166
- Vmware server 1.0.8 Build 126538
- Red_hat fedora 12
- Libpng libpng 1.2.36
- Libpng libpng 1.2.37
- Libpng libpng 1.0.10
- Libpng libpng 1.0.0
- Suse suse_linux_enterprise 11
- Avaya intuity_audix_r5
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_ws 3
- Avaya proactive_contact 4.1.1
- Apple iphone 3.2
- Apple iphone 3.2.1
- Apple iphone 4.0
- Apple iphone 4.0.1
- Apple ipod_touch 2.1
- Libpng libpng 1.2.13
- Avaya cms_server 15.0
- Avaya ir 3.0
- Avaya ir 4.0
- Apple safari 5.0.1
- Apple safari 4.1.1
- Apple iphone 2.1
- Apple tv 2.1
- Apple tv 2.0
- Suse suse_linux_enterprise_server 9
- Sun solaris 9 X86
- Avaya voice_portal 3.0
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 4
- Red_hat enterprise_linux Desktop Version 4
- Avaya message_networking MN 3.1
- Vmware player 2.5
- Vmware server 1.0.8
- Vmware server 2.0
- Avaya intuity LX
- Apple mac_os_x 10.5.5
- Apple mac_os_x_server 10.5.5
- Vmware server 2.0.1
- Vmware player 2.5.2
- Vmware workstation 6.5.2
- Slackware linux 13.1
- Slackware linux 13.1 X86 64
- Apple iphone 2.0
- Apple tv 2.2
- Avaya messaging_storage_server 3.1
- Avaya message_networking 3.1
- Avaya messaging_storage_server 3.1 SP1
- Apple safari 4
- Mozilla thunderbird 3.0.1
- Libpng libpng 1.0.53
- Avaya messaging_storage_server
- Avaya message_networking
- Libpng libpng 1.4.2
- Debian linux 5.0 Mipsel
- Debian linux 5.0 Powerpc
- Vmware workstation 6.5.0
- Vmware server 1.0.5
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
- Libpng libpng 1.0.18
- Apple mac_os_x 10.5
- Apple mac_os_x 10.6
- Apple mac_os_x_server 10.6
- Vmware workstation 6.5.3
- Vmware workstation 6.5.3 Build 185404
- Vmware player 2.5.3 Build 185404
- Vmware player 2.5.3
- Slackware linux 13.0
- Slackware linux 13.0 X86 64
- Avaya intuity_audix_lx 2.0 SP1
- Avaya intuity_audix_lx 2.0 SP2
- Slackware linux 12.1
- Vmware server 1.0.4 Build 56528
- Ubuntu ubuntu_linux 9.10 Lpia
- Avaya voice_portal 5.0
- Apple iphone 2.2
- Apple ipod_touch 2.2
- Apple mac_os_x 10.6.3
- Apple mac_os_x_server 10.6.3
- Apple itunes 9.0.1.8
- Vmware workstation 7.1
- Apple ipod_touch 2.2.1
- Apple ipod_touch 3.0
- Vmware server 1.0.10
- Vmware server 2.0.2
- Apple apple_tv 2.0.1
- Avaya intuity_audix 5.1.46
- Avaya voice_portal 5.0 SP1
- Avaya messaging_storage_server 5.0
- Debian linux 5.0
- Debian linux 5.0 Alpha
- Debian linux 5.0 Amd64
- Debian linux 5.0 Arm
- Debian linux 5.0 Hppa
- Debian linux 5.0 Ia-32
- Apple itunes 9.1
- Debian linux 5.0 M68k
- Debian linux 5.0 Mips
- Mozilla firefox 3.6.2
- Debian linux 5.0 S/390
- Debian linux 5.0 Sparc
- Apple iphone 4.1
- Avaya aura_session_manager 1.0
- Avaya aura_system_platform 1.1
- Avaya aura_system_manager 5.2
- Debian linux 5.0 Ia-64
- Ubuntu ubuntu_linux 9.04 Amd64
- Ubuntu ubuntu_linux 9.04 I386
- Ubuntu ubuntu_linux 9.04 Lpia
- Research_in_motion blackberry_enterprise_server_express_for_domino 5.0.2
- Ubuntu ubuntu_linux 9.04 Sparc
- Avaya intuity AUDIX
- Apple iphone 3.1
- Apple ipod_touch 3.1.1
- Libpng libpng 1.0.42
- Libpng libpng 1.2.35
- Libpng libpng 1.2.34
- Mozilla firefox 3.5.3
- Mozilla firefox 3.6.3
- Apple apple_tv 2.0.0
- Apple mac_os_x_server 10.6.1
- Apple mac_os_x 10.6.1
- Research_in_motion blackberry_enterprise_server_for_exchange 5.0.3 MR2
- Research_in_motion blackberry_enterprise_server_for_novell_groupwise 5.0.1 MR3
- Research_in_motion blackberry_enterprise_server_for_domino 5.0.3 MR3
- Libpng libpng 1.0.43
- Ubuntu ubuntu_linux 6.06 LTS I386
- Suse suse_linux_enterprise 10 SP3
- Slackware linux X86 64 -Current
- Avaya voice_portal 4.0
- Avaya voice_portal 4.1
- Slackware linux 11.0
- Vmware server 1.0.1 Build 29996
- Slackware linux 10.0.0
- Vmware server 1.0.1
- Apple iphone 3.1.2
- Apple iphone 3.1.3
- Apple ipod_touch 3.1.2
- Apple ipod_touch 3.1.3
- Debian linux 5.0 Armel
- Apple mac_os_x 10.5.1
- Apple mac_os_x_server 10.5
- Apple mac_os_x_server 10.5.1
- Avaya messaging_storage_server 5.1
- Apple safari 4 For Windows
- Vmware workstation 6.5.4 Build 246459
- Vmware player 2.5.4 Build 246459
- Apple iphone 2.2.1
- Avaya intuity LX 2.0
- Mandriva linux_mandrake 2009.1
- Mandriva linux_mandrake 2009.1 X86 64
- Apple safari 4.0.1
- Libpng libpng 1.2.8
- Apple itunes 9.0.1
- Apple itunes 9.0.0
- Avaya proactive_contact 3.0.3
- Mozilla firefox 3.5.7
- Apple mac_os_x_server 10.5.0
- Vmware player 2.5.4
- Apple apple_tv 2.1
- Mozilla firefox 3.5.5
- Vmware server 1.0.3
- Vmware server 1.0.2
- Apple apple_tv 2.0.2
- Slackware linux 9.0.0
- Mozilla firefox 3.5.6
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Avaya voice_portal 5.0 SP2
- Apple ios 4.0.1
- Apple safari 4.1
- Apple safari 5.0
- Apple safari 5.0 For Windows
- Avaya voice_portal 4.1 SP1
- Avaya voice_portal 4.1 SP2
- Apple mac_os_x 10.5.3
- Apple mac_os_x_server 10.5.3
- Apple safari 4.0.2
- Apple safari 4.0.2 For Windows
- Mozilla firefox 3.5.0
- Apple safari 5.0.1 for Windows
- Libpng libpng 1.0.15
- Libpng libpng 1.0.16
- Libpng libpng 1.0.17
- Vmware server 1.0.4
- Avaya cms_server 16.0
- Suse suse_linux_enterprise_sdk 11
- Suse suse_linux_enterprise_sdk 11 SP1
- Avaya aura_system_platform SP1.1
- Avaya message_networking 5.2
- Avaya cms_server 16.1
- Mandriva enterprise_server 5
- Mandriva linux_mandrake 2009.0
- Mandriva linux_mandrake 2009.0 X86 64
- Apple mac_os_x 10.5.7
- Apple mac_os_x_server 10.5.7
- Slackware linux 8.1.0
- Slackware linux 12.0
- Libpng libpng 1.0.25
- Libpng libpng 1.2.17
- Avaya aura_system_platform 6.0
- Apple ios 3.2.2
- Apple ipad 3.2
- Apple ipad 3.2.1
- Suse suse_linux_enterprise_desktop 11 SP1
- Apple ios 3.2.1
- Mozilla firefox 3.5.8
- Mozilla seamonkey 2.0.2
- Mozilla seamonkey 2.0.3
- Gentoo linux
- Mozilla firefox 3.6
- Red_hat desktop 3.0.0
- Libpng libpng 1.2.16
- Libpng libpng 1.0.24
- Avaya cms_server 16.2
- Apple safari 4.1.3 for Windows
- Apple safari 5.0.3 for Windows
- Apple safari 5.0.3
- Apple safari 4.1.3
- Apple itunes 10
- Suse suse_linux_enterprise_server 11 SP1
- Apple mac_os_x 10.5.6
- Apple mac_os_x_server 10.5.6
- Vmware server 1.0.6
- Suse suse_linux_enterprise_server 11
- Red_hat fedora 13
- Avaya aura_session_manager 5.2
- Vmware server 1.0.6 Build 91891
- Mozilla thunderbird 3.0
- Suse suse_linux_enterprise 11 SP1
- Avaya messaging_storage_server MM3.0
- Research_in_motion blackberry_enterprise_server_express_for_exchange 5.0.3
- Research_in_motion blackberry_enterprise_server_express_for_domino 5.0.3
- Apple apple_tv 4.0
- Apple ipad 3.2.2
- Avaya proactive_contact 3.0.2
- Avaya proactive_contact 4.1.2
- Mozilla firefox 3.5.1
- Apple mac_os_x 10.6.4
- Apple mac_os_x_server 10.6.4
- Avaya iq 5.1
- Slackware linux 12.2
- Apple itunes 9.2
- Pardus linux_2009
- Avaya proactive_contact 3.0
- Avaya proactive_contact 4.0
- Vmware server 1.0
- Red_hat enterprise_linux_desktop 5 Client
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Red_hat enterprise_linux_optional_productivity_application 5 Server
- Mozilla seamonkey 2.0.1
- Vmware server 1.0.5 Build 80187
- Apple safari 4.0.4
- Slackware linux 10.2.0
- Mandriva linux_mandrake 2010.1 X86 64
- Mandriva linux_mandrake 2010.1
- Apple ios 4.0.2
- Apple mac_os_x 10.5.2
- Apple mac_os_x_server 10.5.2
- Apple ios 3.2
- Avaya aura_session_manager 6.0
- Avaya aura_system_manager 6.0 SP1
- Apple ios 4.2 beta
- Apple iphone 2.0.2
- Slackware linux 10.1.0
- Sun solaris 9 Sparc
- Avaya aura_session_manager 1.1
- Vmware workstation 6.5.2 Build 156735
- Vmware player 2.5.2 Build 156735
- Vmware server 2.0.1 Build 156745
- Vmware server 1.0.9 Build 156507
- Mandriva enterprise_server 5 X86 64
- Suse suse_linux_enterprise_desktop 11
- Apple safari 4.0
- Apple safari 4.0 Beta
- Vmware player 2.5.1
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Avaya intuity_audix_lx 2.0
- Vmware server 1.0.9
- Suse suse_linux_enterprise_sdk 10 SP3
- Suse suse_linux_enterprise_desktop 10 SP3
- Suse suse_linux_enterprise_server 10 SP3
- Avaya aura_session_manager 5.2 SP1
- Avaya aura_session_manager 5.2 SP2
- Libpng libpng 1.4.1
- Libpng libpng 1.4.0
- Libpng libpng 1.2.43
- Libpng libpng 1.2.42
- Blue_coat_systems proxyav 3.4.1.0
- Libpng libpng 1.0.52
- Sun solaris 10 X86
- Avaya iq 5
- Apple mac_os_x 10.5.0
- Research_in_motion blackberry_enterprise_server_express_for_exchange 5.0.1
- Mandriva corporate_server 4.0
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux 5 Server
- Libpng libpng 1.0.32
- Libpng libpng 1.2.26
- Libpng libpng 1.4.0 Beta01
- Libpng libpng 1.4.0 Beta19
- Libpng libpng 1.2.27
- Libpng libpng 1.0.33
- Libpng libpng 1.2.27 Beta01
- Libpng libpng 1.0.14
- Apple iphone 3.0.1
- Libpng libpng 1.0.13
- Libpng libpng 1.0.9
- Libpng libpng 1.0.8
- Libpng libpng 1.0.7
- Libpng libpng 1.0.6
- Libpng libpng 1.0.5
- Libpng libpng 1.0.11
- Vmware server 1.0.10 Build 203137
- Vmware server 2.0.2 Build 203138
- Mozilla firefox 3.5.4
- Mozilla seamonkey 2.0
- Libpng libpng 0.90
- Research_in_motion blackberry_enterprise_server_for_domino 5.0.3
- Ubuntu ubuntu_linux 10.04 Amd64
- Ubuntu ubuntu_linux 10.04 I386
- Ubuntu ubuntu_linux 10.04 Powerpc
- Ubuntu ubuntu_linux 10.04 Sparc
- Mozilla firefox 3.5.2
- Research_in_motion blackberry_enterprise_server_express_for_exchange 5.0.2
- Research_in_motion blackberry_enterprise_server_for_exchange 5.0.2
- Research_in_motion blackberry_enterprise_server_for_exchange 5.0.1
- Research_in_motion blackberry_enterprise_server_for_domino 5.0.1
- Research_in_motion blackberry_enterprise_server_for_domino 5.0.2
- Research_in_motion blackberry_enterprise_server_for_novell_groupwise 5.0.1
- Research_in_motion blackberry_enterprise_server_for_novell_groupwise 4.1.7
- Apple ios 4
- Apple iphone 2.0.1
- Libpng libpng 1.2.18
- Libpng libpng 1.2.19
- Libpng libpng 1.2.20
- Libpng libpng 1.2.21
- Libpng libpng 1.2.22 Rc1
- Slackware linux Current
- Apple mac_os_x 10.5.8
- Apple mac_os_x_server 10.5.8
- Suse opensuse 11.3
- Avaya messaging_storage_server 4.0
- Avaya proactive_contact
- Apple itunes 9.0.2
HTTP:STC:DL:FOXIT-FILSELECT-UAF - HTTP: Foxit Reader and PhantomPDF Text Field fileSelect Use After Free
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Foxit Reader and PhantomPDF. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Foxitsoftware foxit_reader 10.1.0.37527