MiKTeX security update for libpng
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-12652 CVE-2019-6129 CVE-2019-7317 CVE-2018-14550 |
| CWE-ID | CWE-20 CWE-401 CWE-416 CWE-121 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
MikTex Client/Desktop applications / Other client software |
| Vendor | Christian Schenk |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU19180
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12652
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in libpng when checking the chuck length against the user limit. A remote attacker can supply a specially crafted PNG image and crash the affected application.
MitigationUpdate MiKTeX to version 2.9.7300.
Vulnerable software versionsMikTex: 2.9 - 2.9.7250
CPE2.3- cpe:2.3:a:chschenk:miktex:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:chschenk:miktex:2.9.6350:*:*:*:*:*:*:*
- cpe:2.3:a:chschenk:miktex:2.9.6400:*:*:*:*:*:*:*
https://miktex.org/announcement/miktex-2-9-7300
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU17017
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-6129
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in png_create_info_struct in png.c. A remote attacker can trigger memory leak and perform denial of service attack.
MitigationUpdate MiKTeX to version 2.9.7300.
Vulnerable software versionsMikTex: 2.9 - 2.9.7250
CPE2.3- cpe:2.3:a:chschenk:miktex:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:chschenk:miktex:2.9.6350:*:*:*:*:*:*:*
- cpe:2.3:a:chschenk:miktex:2.9.6400:*:*:*:*:*:*:*
https://miktex.org/announcement/miktex-2-9-7300
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Use-after-free
EUVDB-ID: #VU17708
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-7317
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to a use-after-free memory error in the png_image_free function, as defined in the png.c source code file when calling on png_safe_execute. A remote attacker can send specially crafted data, trigger a call on png_safe_execute and trigger memory corruption, resulting in a DoS condition.
MitigationUpdate MiKTeX to version 2.9.7300.
Vulnerable software versionsMikTex: 2.9 - 2.9.7250
CPE2.3- cpe:2.3:a:chschenk:miktex:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:chschenk:miktex:2.9.6350:*:*:*:*:*:*:*
- cpe:2.3:a:chschenk:miktex:2.9.6400:*:*:*:*:*:*:*
https://miktex.org/announcement/miktex-2-9-7300
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU18308
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-14550
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing images within the get_token() function in pnm2png. A remote attacker can create a specially crafted image, pass it to the affected application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate MiKTeX to version 2.9.7300.
Vulnerable software versionsMikTex: 2.9 - 2.9.7250
CPE2.3- cpe:2.3:a:chschenk:miktex:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:chschenk:miktex:2.9.6350:*:*:*:*:*:*:*
- cpe:2.3:a:chschenk:miktex:2.9.6400:*:*:*:*:*:*:*
https://miktex.org/announcement/miktex-2-9-7300
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
