5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.839 High
EPSS
Percentile
98.5%
CentOS Errata and Security Advisory CESA-2007:0356-01
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A flaw was found in the handling of malformed images in libpng. An attacker
could create a carefully crafted PNG image file in such a way that it could
cause an application linked with libpng to crash when the file was
manipulated. (CVE-2007-2445)
A flaw was found in the sPLT chunk handling code in libpng. An attacker
could create a carefully crafted PNG image file in such a way that it could
cause an application linked with libpng to crash when the file was opened.
(CVE-2006-5793)
Users of libpng should update to these updated packages which contain
backported patches to correct these issues.
Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis
Ormandy for supplying details and patches for these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075941.html
Affected packages:
libpng
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | libpng | < 1.0.14-10 | libpng-1.0.14-10.i386.rpm |