5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.839 High
EPSS
Percentile
98.5%
CentOS Errata and Security Advisory CESA-2007:356
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A flaw was found in the handling of malformed images in libpng. An attacker
could create a carefully crafted PNG image file in such a way that it could
cause an application linked with libpng to crash when the file was
manipulated. (CVE-2007-2445)
A flaw was found in the sPLT chunk handling code in libpng. An attacker
could create a carefully crafted PNG image file in such a way that it could
cause an application linked with libpng to crash when the file was opened.
(CVE-2006-5793)
Users of libpng should update to these updated packages which contain
backported patches to correct these issues.
Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis
Ormandy for supplying details and patches for these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075972.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075973.html
Affected packages:
libpng
libpng-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0356
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | any | i386 | libpng | < 1.2.10-7.0.2 | libpng-1.2.10-7.0.2.i386.rpm |
CentOS | any | i386 | libpng-devel | < 1.2.10-7.0.2 | libpng-devel-1.2.10-7.0.2.i386.rpm |
CentOS | any | i386 | libpng | < 1.2.10-7.0.2 | libpng-1.2.10-7.0.2.i386.rpm |
CentOS | any | x86_64 | libpng | < 1.2.10-7.0.2 | libpng-1.2.10-7.0.2.x86_64.rpm |
CentOS | any | i386 | libpng-devel | < 1.2.10-7.0.2 | libpng-devel-1.2.10-7.0.2.i386.rpm |
CentOS | any | x86_64 | libpng-devel | < 1.2.10-7.0.2 | libpng-devel-1.2.10-7.0.2.x86_64.rpm |