Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3712-1.NASL
HistoryJul 12, 2018 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libpng vulnerabilities (USN-3712-1)

2018-07-1200:00:00
Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.011 Low

EPSS

Percentile

84.4%

JSON

Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10087)

Thuan Pham discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS.
(CVE-2018-13785).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3712-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(111040);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2016-10087", "CVE-2018-13785");
  script_xref(name:"USN", value:"3712-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libpng vulnerabilities (USN-3712-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Patrick Keshishian discovered that libpng incorrectly handled certain
PNG files. An attacker could possibly use this to cause a denial of
service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-10087)

Thuan Pham discovered that libpng incorrectly handled certain PNG
files. An attacker could possibly use this to cause a denial of
service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS.
(CVE-2018-13785).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3712-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-10087");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng12-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng12-0-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng12-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng16-16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng16-16-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpng-tools");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'libpng12-0', 'pkgver': '1.2.50-1ubuntu2.14.04.3'},
    {'osver': '14.04', 'pkgname': 'libpng12-0-udeb', 'pkgver': '1.2.50-1ubuntu2.14.04.3'},
    {'osver': '14.04', 'pkgname': 'libpng12-dev', 'pkgver': '1.2.50-1ubuntu2.14.04.3'},
    {'osver': '14.04', 'pkgname': 'libpng3', 'pkgver': '1.2.50-1ubuntu2.14.04.3'},
    {'osver': '16.04', 'pkgname': 'libpng12-0', 'pkgver': '1.2.54-1ubuntu1.1'},
    {'osver': '16.04', 'pkgname': 'libpng12-0-udeb', 'pkgver': '1.2.54-1ubuntu1.1'},
    {'osver': '16.04', 'pkgname': 'libpng12-dev', 'pkgver': '1.2.54-1ubuntu1.1'},
    {'osver': '16.04', 'pkgname': 'libpng3', 'pkgver': '1.2.54-1ubuntu1.1'},
    {'osver': '18.04', 'pkgname': 'libpng-dev', 'pkgver': '1.6.34-1ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libpng-tools', 'pkgver': '1.6.34-1ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libpng16-16', 'pkgver': '1.6.34-1ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libpng16-16-udeb', 'pkgver': '1.6.34-1ubuntu0.18.04.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpng-dev / libpng-tools / libpng12-0 / libpng12-0-udeb / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibpng12-0p-cpe:/a:canonical:ubuntu_linux:libpng12-0
canonicalubuntu_linuxlibpng12-0-udebp-cpe:/a:canonical:ubuntu_linux:libpng12-0-udeb
canonicalubuntu_linuxlibpng12-devp-cpe:/a:canonical:ubuntu_linux:libpng12-dev
canonicalubuntu_linuxlibpng16-16p-cpe:/a:canonical:ubuntu_linux:libpng16-16
canonicalubuntu_linuxlibpng16-16-udebp-cpe:/a:canonical:ubuntu_linux:libpng16-16-udeb
canonicalubuntu_linuxlibpng3p-cpe:/a:canonical:ubuntu_linux:libpng3
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxlibpng-devp-cpe:/a:canonical:ubuntu_linux:libpng-dev
Rows per page:
1-10 of 111

Related

cloudfoundry 1
openvas 39
ubuntu 2
nessus 62
alpinelinux 1
cve 2
archlinux 4
fedora 11
mageia 2
slackware 1
osv 2
prion 2
cvelist 2
veracode 2
nvd 2
debiancve 2
redhatcve 2
ubuntucve 2
gentoo 2
ibm 35
suse 3
f5 1
redhat 12
aix 1
rosalinux 1
photon 2
kaspersky 1
cloudfoundry
cloudfoundry
USN-3712-1: libpng vulnerabilities | Cloud Foundry
2018-07-19 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3712-1)
2018-10-26 00:00:00
Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1810)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2017-0020)
2022-01-28 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2018-07-11 00:00:00
libpng vulnerability
2018-07-11 00:00:00
nessus
nessus
RHEL 6 : libpng (Unpatched Vulnerability)
2024-05-11 00:00:00
Fedora 27 : libpng10 (2018-3e04e9fe54)
2018-07-30 00:00:00
openSUSE Security Update : libpng16 (openSUSE-2017-443)
2017-04-06 00:00:00
alpinelinux
alpinelinux
CVE-2018-13785
2018-07-09 13:29:00
cve
cve
CVE-2016-10087
2017-01-30 22:59:00
CVE-2018-13785
2018-07-09 13:29:00
archlinux
archlinux
[ASA-201701-6] lib32-libpng12: denial of service
2017-01-02 00:00:00
[ASA-201701-4] libpng12: denial of service
2017-01-02 00:00:00
[ASA-201701-2] libpng: denial of service
2017-01-01 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: libpng10-1.0.67-1.fc25
2017-01-07 21:50:49
[SECURITY] Fedora 28 Update: libpng10-1.0.69-5.fc28
2018-07-29 03:26:16
[SECURITY] Fedora 27 Update: libpng10-1.0.69-5.fc27
2018-07-29 02:19:16
mageia
mageia
Updated libpng and libpng12 packages fix security vulnerability
2017-01-22 20:02:54
Updated libpng(12) packages fix security vulnerability
2018-11-27 18:26:11
slackware
slackware
[slackware-security] libpng
2016-12-30 19:37:21
osv
osv
CVE-2016-10087
2017-01-30 22:59:00
CVE-2018-13785
2018-07-09 13:29:00
prion
prion
Null pointer dereference
2017-01-30 22:59:00
Integer overflow
2018-07-09 13:29:00
cvelist
cvelist
CVE-2016-10087
2017-01-30 22:00:00
CVE-2018-13785
2018-07-09 13:00:00
veracode
veracode
Denial Of Service (DoS) Through A Null Pointer Dereference
2017-02-01 05:20:50
Denial Of Service (DoS)
2019-01-15 09:25:52
nvd
nvd
CVE-2016-10087
2017-01-30 22:59:00
CVE-2018-13785
2018-07-09 13:29:00
debiancve
debiancve
CVE-2016-10087
2017-01-30 22:59:00
CVE-2018-13785
2018-07-09 13:29:00
redhatcve
redhatcve
CVE-2016-10087
2017-01-02 16:17:29
CVE-2018-13785
2019-12-19 08:37:04
ubuntucve
ubuntucve
CVE-2018-13785
2018-07-09 00:00:00
CVE-2016-10087
2017-01-30 00:00:00
gentoo
gentoo
libpng: Remote execution of arbitrary code
2017-01-29 00:00:00
Oracle JDK/JRE: Multiple vulnerabilities
2019-08-15 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in the libpng library affects IBM Cognos Metrics Manager
2018-06-15 23:19:43
Security Bulletin: IBM Security Guardium is affected by a Java vulnerability
2019-05-03 21:30:02
Security Bulletin: Multiple Vulnerabilities in libpng affects IBM Watson Studio Local
2019-12-20 14:41:32
suse
suse
Security update for libpng16 (low)
2019-06-07 00:00:00
Security update for java-1_8_0-openjdk (important)
2019-01-12 00:00:00
Security update for java-1_7_0-openjdk (important)
2019-01-12 00:00:00
f5
f5
K03451253 : Java vulnerabilities CVE-2018-3150, CVE-2018-3157, and CVE-2018-13785
2019-01-07 00:00:00
redhat
redhat
(RHSA-2018:3671) Critical: java-1.7.1-ibm security update
2018-11-26 15:29:53
(RHSA-2018:3672) Critical: java-1.7.1-ibm security update
2018-11-26 15:30:08
(RHSA-2018:3000) Critical: java-1.7.0-oracle security update
2018-10-24 20:52:18
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2018-12-14 12:06:34
rosalinux
rosalinux
Advisory ROSA-SA-2021-1884
2021-07-02 17:16:15
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0033
2023-06-21 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0415
2023-06-22 00:00:00
kaspersky
kaspersky
KLA11340 Multiple vulnerabilities in Oracle Java SE
2018-10-16 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.011 Low

EPSS

Percentile

84.4%

JSON
Related for UBUNTU_USN-3712-1.NASL
cloudfoundry1openvas39ubuntu2nessus62alpinelinux1cve2archlinux4fedora11mageia2slackware1osv2prion2cvelist2veracode2nvd2debiancve2redhatcve2ubuntucve2gentoo2ibm35suse3f51redhat12aix1rosalinux1photon2kaspersky1