Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM231E423B28752DD6263DBEC8D8F06E8A6EC0C4DA14543D958731A02C8193E5EE
HistoryJun 03, 2022 - 2:32 p.m.

Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS

2022-06-0314:32:29
www.ibm.com
20

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.664 Medium

EPSS

Percentile

98.0%

JSON

Summary

IBM Netezza Analytics for NPS uses gdal version 1.7.2. IBM Netezza Analytics for NPS has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2011-3045
**DESCRIPTION:**libpng is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the png_inflate() function. By persuading a victim to open a specially-crafted Portable Network Graphics (PNG) image file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/74000 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID:CVE-2013-6629
**DESCRIPTION:**Google Chrome could allow a remote attacker to obtain sensitive information, caused by an error in the get_sos() function within the libjpeg and libjpeg-turbo libraries. An attacker could exploit this vulnerability to read uninitialized memory and obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88783 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2017-15232
**DESCRIPTION:**libjpeg-turbo is vulnerable to a denial of service, caused by a NULL pointer dereference in jdpostct.c and jquant1.c. By persuading a victim to open a specially crafted JPEG file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133309 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2012-2806
**DESCRIPTION:**libjpeg-turbo is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the get_sos() function. By persuading a victim to open a specially-crafted JPEG image, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/76952 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID:CVE-2013-6630
**DESCRIPTION:**Google Chrome could allow a remote attacker to obtain sensitive information, caused by an error in the get_dht() function within the libjpeg and libjpeg-turbo libraries. An attacker could exploit this vulnerability to read uninitialized memory and obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88784 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID:CVE-2011-3048
**DESCRIPTION:**libpng could allow a remote attacker to execute arbitrary code on the system, caused by an error in the png_set_text_2() function. By persuading a victim to open a specially-crafted Portable Network Graphics (PNG) image file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/74494 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID:CVE-2008-3964
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by an off-by-one error in the png_push_read_zTXt() function. By persuading a victim to view a PNG image containing specially-crafted zTXt chunks, an attacker could cause the affected application to crash.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/44928 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID:CVE-2011-2501
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by an off-by-one error in pngerror.c. By persuading a victim to view a specially-crafted PNG image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/68517 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID:CVE-2015-7981
**DESCRIPTION:**libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/107740 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2011-2691
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by a NULL pointer dereference error in the png_default_error() function. By sending a specially-crafted string, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/68537 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2017-12652
**DESCRIPTION:**An unspecified error with improper validation of length of chunks against the user limit in libpng has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163589 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2010-1205
**DESCRIPTION:**libpng is vulnerable to a buffer overflow, caused by improper bounds checking by progressive applications when handling image row data. By sending an extra image row data beyond the reported height in the header, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/59815 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID:CVE-2015-8472
**DESCRIPTION:**libpng is vulnerable to a buffer overflow, caused by improper bounds checking by the png_get_PLTE() and png_set_PLTE() functions. By persuading a victim to open a specially crafted PNG image, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/109392 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:CVE-2011-2692
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by an error when processing invalid sCAL chunks. By persuading a victim to view a specially-crafted PNG image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/68536 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID:CVE-2015-8540
**DESCRIPTION:**libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/109219 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2016-10087
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by a NULL pointer dereference in the png_set_text_2 function. By loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/124207 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2015-8126
**DESCRIPTION:**libpng is vulnerable to a buffer overflow, caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions. By persuading a victim to open a specially-crafted PNG file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/108010 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2012-3425
**DESCRIPTION:**libpng is vulnerable to a denial of service, caused by an out-of-bounds read. A remote attacker could exploit this vulnerability to crash the vulnerable library.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/77165 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2018-17000
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in the _TIFFmemcmp function in tif_unix.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/149860 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2018-19210
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152872 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-14973
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by an iInteger overflow in the _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165333 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2017-11613
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a flaw in the TIFFOpen function. By using a specially-crafted file, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/129463 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2017-5563
**DESCRIPTION:**LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tif_lzw.c. By persuading a victim to open a specially-crafted bmp image file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/121605 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2018-15209
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148105 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-16335
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-baesd buffer overflow in the newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/149245 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Netezza Analytics for NPS All versions upto 11.2.24

Remediation/Fixes

Product VRMF Remediation/First Fix

IBM Netezza Analytics for NPS

| 11.2.25| Link to Fix Central

Note: IBM Netezza Analytics for NPS addresses above CVEs by removing gdal from IBM Netezza Analytics for NPS.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmnetezzaMatchany
CPENameOperatorVersion
ibm netezza analyticseqany

Related

nessus 57
openvas 60
debian 7
fedora 15
osv 5
oraclelinux 6
ubuntu 3
securityvulns 3
ubuntucve 2
ibm 10
centos 3
redhat 4
gentoo 3
archlinux 2
amazon 2
cve 2
redhatcve 1
cloudfoundry 1
cvelist 1
slackware 1
suse 1
veracode 2
prion 2
debiancve 1
mageia 2
mozilla 1
nvd 1
f5 1
nessus
nessus
RHEL 5 : libpng (Unpatched Vulnerability)
2024-06-03 00:00:00
EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)
2019-05-14 00:00:00
Fedora 23 : libpng12-1.2.56-1.fc23 (2015-39499d9af8)
2016-03-04 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1421)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-375-1)
2023-03-08 00:00:00
Fedora Update for libpng FEDORA-2012-5515
2012-04-26 00:00:00
debian
debian
[SECURITY] [DLA 375-1] libpng security update
2015-12-27 21:02:26
[SECURITY] [DSA 3443-1] libpng security update
2016-01-13 21:31:22
[SECURITY] [DLA 343-1] libpng security update
2015-11-17 21:28:08
fedora
fedora
[SECURITY] Fedora 22 Update: libpng12-1.2.56-1.fc22
2016-01-02 23:21:26
[SECURITY] Fedora 23 Update: libpng12-1.2.56-1.fc23
2016-01-02 22:24:31
[SECURITY] Fedora 15 Update: libpng-1.2.49-1.fc15
2012-04-24 14:56:12
osv
osv
libpng - security update
2015-12-27 00:00:00
libpng - security update
2015-11-17 00:00:00
libpng - security update
2016-01-13 00:00:00
oraclelinux
oraclelinux
libpng security update
2015-12-09 00:00:00
libpng12 security update
2015-12-09 00:00:00
libpng security update
2011-08-01 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2015-11-19 00:00:00
libjpeg, libjpeg-turbo vulnerabilities
2013-12-19 00:00:00
libpng vulnerabilities
2016-01-06 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:274 ] libjpeg
2013-11-26 00:00:00
libjpeg multiple security vulnerabilities
2013-12-09 00:00:00
bugs in IJG jpeg6b & libjpeg-turbo
2013-12-09 00:00:00
ubuntucve
ubuntucve
CVE-2018-16335
2018-09-02 00:00:00
CVE-2018-15209
2018-08-08 00:00:00
ibm
ibm
Security Bulletin: Libpng vulnerabilities affect IBM SmartCloud Entry (CVE-2015-8126 CVE-2015-7981 CVE-2015-8472)
2020-07-19 00:49:12
Security Bulletin: Vulnerabilities in libpng affect NVIDIA Linux device drivers for System x, Flex and BladeCenter Systems (CVE-2015-8472 CVE-2015-7981 CVE-2015-8126)
2023-04-18 18:22:18
Security Bulletin: Several vulnerabilities in the libpng component in IBM Tivoli Common Reporting (CVE-2015-8126, CVE-2015-8472, CVE-2015-8540)
2018-06-17 15:23:39
centos
centos
libpng12 security update
2015-12-09 19:21:50
libpng security update
2015-12-09 14:47:29
libjpeg security update
2013-12-10 01:01:49
redhat
redhat
(RHSA-2015:2595) Moderate: libpng12 security update
2015-12-09 13:25:59
(RHSA-2015:2594) Moderate: libpng security update
2015-12-09 00:00:00
(RHSA-2013:1803) Moderate: libjpeg-turbo security update
2013-12-09 00:00:00
gentoo
gentoo
libpng: Multiple vulnerabilities
2016-11-15 00:00:00
libpng: Multiple vulnerabilities
2012-06-22 00:00:00
libjpeg-turbo: Multiple vulnerabilities
2016-06-05 00:00:00
archlinux
archlinux
lib32-libpng: multiple issues
2015-11-17 00:00:00
libpng: multiple issues
2015-11-17 00:00:00
amazon
amazon
Medium: libjpeg-turbo
2013-12-17 21:32:00
Medium: libpng
2015-12-14 10:00:00
cve
cve
CVE-2018-16335
2018-09-02 03:29:00
CVE-2015-8472
2016-01-21 15:59:00
redhatcve
redhatcve
CVE-2018-16335
2019-12-28 15:33:03
cloudfoundry
cloudfoundry
USN-2861-1 libpng vulnerability | Cloud Foundry
2016-01-19 00:00:00
cvelist
cvelist
CVE-2018-16335
2018-09-02 03:00:00
slackware
slackware
[slackware-security] libpng
2015-12-03 08:20:21
suse
suse
Security update for libpng12 (important)
2015-11-25 21:13:40
veracode
veracode
Denial Of Service (DoS)
2018-09-03 05:30:54
Sensitive Information Disclosure
2019-05-02 05:00:31
prion
prion
Heap overflow
2018-09-02 03:29:00
Buffer overflow
2016-01-21 15:59:00
debiancve
debiancve
CVE-2018-16335
2018-09-02 03:29:00
mageia
mageia
Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
2013-11-21 00:31:46
Updated libpng packages fix security vulnerabilities
2015-12-17 00:01:04
mozilla
mozilla
JPEG information leak — Mozilla
2013-12-10 00:00:00
nvd
nvd
CVE-2015-8472
2016-01-21 15:59:00
f5
f5
SOL81903701 - Libpng vulnerability CVE-2015-8472
2016-03-07 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.664 Medium

EPSS

Percentile

98.0%

JSON
Related for 231E423B28752DD6263DBEC8D8F06E8A6EC0C4DA14543D958731A02C8193E5EE
nessus57openvas60debian7fedora15osv5oraclelinux6ubuntu3securityvulns3ubuntucve2ibm10centos3redhat4gentoo3archlinux2amazon2cve2redhatcve1cloudfoundry1cvelist1slackware1suse1veracode2prion2debiancve1mageia2mozilla1nvd1f51