Lucene search

[email protected]CVE-2007-5266

HistoryOct 08, 2007 - 9:17 p.m.

CVE-2007-5266

2007-10-0821:17:00

CWE-189

[email protected]

web.nvd.nist.gov

cve

2007

5266

libpng

icc profile

png

image

denial of service

8.6 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.

CPENameOperatorVersion
libpng:libpnglibpngle1.0.28
libpng:libpnglibpngle1.2.20

CPE	Name	Operator	Version
libpng:libpng	libpng	le	1.0.28
libpng:libpng	libpng	le	1.2.20

References

android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

bugs.gentoo.org/show_bug.cgi?id=195261

docs.info.apple.com/article.html?artnum=307562

lists.apple.com/archives/security-announce/2008//May/msg00001.html

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

secunia.com/advisories/27284

secunia.com/advisories/27529

secunia.com/advisories/27629

secunia.com/advisories/27746

secunia.com/advisories/29420

secunia.com/advisories/30161

secunia.com/advisories/30430

secunia.com/advisories/35302

secunia.com/advisories/35386

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323

sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement

sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com

sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1

support.avaya.com/elmodocs2/security/ASA-2009-208.htm

www.coresecurity.com/?action=item&id=2148

www.gentoo.org/security/en/glsa/glsa-200711-08.xml

www.gentoo.org/security/en/glsa/glsa-200805-07.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:217

www.securityfocus.com/archive/1/483582/100/0/threaded

www.securityfocus.com/archive/1/489135/100/0/threaded

www.securityfocus.com/bid/25957

www.us-cert.gov/cas/techalerts/TA08-150A.html

www.vupen.com/english/advisories/2008/0924/references

www.vupen.com/english/advisories/2008/1697

www.vupen.com/english/advisories/2009/1462

www.vupen.com/english/advisories/2009/1560

issues.rpath.com/browse/RPL-1814

8.6 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2007-5266

ubuntucve2 prion2 cve1 openvas15 nessus18 gentoo2 slackware2 freebsd1 securityvulns4 packetstorm1 coresecurity1