Signature Detail
Short Name |
HTTP:STC:IMG:LIBPNG-CHUNK-OV |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Libpng Chunk Overflow |
Release Date |
2012/03/20 |
Update Number |
2101 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Libpng Chunk Overflow
This signature detects attempts to exploit a known vulnerability in libpng. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Extended Description
libpng is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to crash applications that use the affected library. Attackers may also be able to run arbitrary code within the context of the vulnerable applications.
Affected Products
- Avaya Aura Application Server 5300 SIP Core 2.0
- Avaya Aura Application Server 5300 SIP Core 2.1
- Avaya Aura Communication Manager Utility Services 6.0
- Avaya Aura Communication Manager Utility Services 6.1
- Avaya Aura Communication Manager Utility Services 6.2
- Avaya Aura Conferencing 6.0 Standard
- Avaya Aura Experience Portal 6.0
- Avaya Aura Presence Services 6.0
- Avaya Aura Presence Services 6.1
- Avaya Aura Presence Services 6.1.1
- Avaya Aura Session Manager 1.0
- Avaya Aura Session Manager 1.1
- Avaya Aura Session Manager 5.2
- Avaya Aura Session Manager 5.2 SP1
- Avaya Aura Session Manager 5.2 SP2
- Avaya Aura Session Manager 6.0
- Avaya Aura Session Manager 6.0 SP1
- Avaya Aura Session Manager 6.1
- Avaya Aura Session Manager 6.1.1
- Avaya Aura Session Manager 6.1.2
- Avaya Aura Session Manager 6.1.3
- Avaya Aura Session Manager 6.1 Sp1
- Avaya Aura Session Manager 6.1 SP2
- Avaya Aura Session Manager 6.2
- Avaya Aura Session Manager 6.2.1
- Avaya Aura System Manager 5.2
- Avaya Aura System Manager 6.0
- Avaya Aura System Manager 6.0 SP1
- Avaya Aura System Manager 6.1
- Avaya Aura System Manager 6.1.1
- Avaya Aura System Manager 6.1.2
- Avaya Aura System Manager 6.1.3
- Avaya Aura System Manager 6.1 Sp1
- Avaya Aura System Manager 6.1 SP2
- Avaya Aura System Manager 6.2
- Avaya Aura System Platform 1.1
- Avaya Aura System Platform 6.0
- Avaya Aura System Platform 6.0.1
- Avaya Aura System Platform 6.0.2
- Avaya Aura System Platform 6.0 SP2
- Avaya Aura System Platform 6.0 SP3
- Avaya Communication Server 1000E 6.0
- Avaya Communication Server 1000E 7.0
- Avaya Communication Server 1000E 7.5
- Avaya Communication Server 1000E Signaling Server 6.0
- Avaya Communication Server 1000E Signaling Server 7.0
- Avaya Communication Server 1000E Signaling Server 7.5
- Avaya Communication Server 1000M 6.0
- Avaya Communication Server 1000M 7.0
- Avaya Communication Server 1000M 7.5
- Avaya Communication Server 1000M Signaling Server 6.0
- Avaya Communication Server 1000M Signaling Server 7.0
- Avaya Communication Server 1000M Signaling Server 7.5
- Avaya IP Office Application Server 8.0
- Avaya IQ 5
- Avaya IQ 5.1
- Avaya IQ 5.1.1
- Avaya IQ 5.2
- Avaya Proactive Contact 5.0
- Avaya Voice Portal 5.0
- Avaya Voice Portal 5.0 SP1
- Avaya Voice Portal 5.0 SP2
- Avaya Voice Portal 5.1
- Avaya Voice Portal 5.1
- Avaya Voice Portal 5.1.1
- Avaya Voice Portal 5.1.2
- Avaya Voice Portal 5.1 SP1
- Debian Linux 6.0 amd64
- Debian Linux 6.0 arm
- Debian Linux 6.0 ia-32
- Debian Linux 6.0 ia-64
- Debian Linux 6.0 mips
- Debian Linux 6.0 powerpc
- Debian Linux 6.0 s/390
- Debian Linux 6.0 sparc
- Gentoo Linux
- Google Chrome 17.0.963.83
- libpng 1.4.10
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2010.1
- Mandriva Linux Mandrake 2010.1 X86 64
- Mandriva Linux Mandrake 2011
- Mandriva Linux Mandrake 2011 x86_64
- Oracle Enterprise Linux 5
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop 6
- Red Hat Enterprise Linux Desktop Optional 6
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux HPC Node 6
- Red Hat Enterprise Linux HPC Node Optional 6
- Red Hat Enterprise Linux Server 6
- Red Hat Enterprise Linux Server Optional 6
- Red Hat Enterprise Linux Workstation 6
- Red Hat Enterprise Linux Workstation Optional 6
- Red Hat Fedora 15
- Red Hat Fedora 16
- Red Hat Fedora 17
- Slackware Linux 10.0.0
- Slackware Linux 10.1.0
- Slackware Linux 10.2.0
- Slackware Linux 11.0
- Slackware Linux 12.0
- Slackware Linux 12.1
- Slackware Linux 12.2
- Slackware Linux 13.0
- Slackware Linux 13.0 X86 64
- Slackware Linux 13.1
- Slackware Linux 13.1 X86 64
- Slackware Linux 13.37
- Slackware Linux 13.37 x86_64
- Slackware Linux 8.1.0
- Slackware Linux 9.0.0
- Slackware Linux 9.1.0
- Slackware Linux -Current
- Slackware Linux X86 64 -Current
- SuSE openSUSE 12.1
- Ubuntu Ubuntu Linux 10.04 Amd64
- Ubuntu Ubuntu Linux 10.04 ARM
- Ubuntu Ubuntu Linux 10.04 I386
- Ubuntu Ubuntu Linux 10.04 Powerpc
- Ubuntu Ubuntu Linux 10.04 Sparc
- Ubuntu Ubuntu Linux 10.10 amd64
- Ubuntu Ubuntu Linux 10.10 ARM
- Ubuntu Ubuntu Linux 10.10 i386
- Ubuntu Ubuntu Linux 10.10 powerpc
- Ubuntu Ubuntu Linux 11.04 amd64
- Ubuntu Ubuntu Linux 11.04 ARM
- Ubuntu Ubuntu Linux 11.04 i386
- Ubuntu Ubuntu Linux 11.04 powerpc
- Ubuntu Ubuntu Linux 11.10 amd64
- Ubuntu Ubuntu Linux 11.10 i386
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
References
- BugTraq: 52049
- BugTraq: 52453
- CVE: CVE-2011-3026
- CVE: CVE-2011-3045
- URL: http://www.libpng.org/pub/png/src/libpng-1.5.9-README.txt