Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2007-5266
HistoryOct 08, 2007 - 12:00 a.m.

CVE-2007-5266

2007-10-0800:00:00
ubuntu.com
ubuntu.com
10

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.

Notes

Author Note
jdstrand DoS on many systems theoretically not vulnerable because the affected code uses png_strncpy with bad args, but our versions use png_strcpy. TODO: get reproducer and/or verify png_strcpy usage upstream did not provide reproducer. code not in existing versions fully fixed in 1.2.22

Related

cve 2
prion 2
ubuntucve 1
openvas 15
nessus 18
gentoo 2
slackware 2
freebsd 1
securityvulns 4
packetstorm 1
coresecurity 1
cve
cve
CVE-2007-5266
2007-10-08 21:17:00
CVE-2007-5267
2007-10-08 21:17:00
prion
prion
Null pointer dereference
2007-10-08 21:17:00
Code injection
2007-10-08 21:17:00
ubuntucve
ubuntucve
CVE-2007-5267
2007-10-08 00:00:00
openvas
openvas
Mandriva Update for libpng MDKSA-2007:217 (libpng)
2009-04-09 00:00:00
Mandriva Update for libpng MDKSA-2007:217 (libpng)
2009-04-09 00:00:00
Gentoo Security Advisory GLSA 200711-08 (libpng)
2008-09-24 00:00:00
nessus
nessus
GLSA-200711-08 : libpng: Multiple Denials of Service
2007-11-08 00:00:00
Mandrake Linux Security Advisory : libpng (MDKSA-2007:217)
2007-11-14 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libpng vulnerabilities (USN-538-1)
2007-11-10 00:00:00
gentoo
gentoo
libpng: Multiple Denials of Service
2007-11-07 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
slackware
slackware
[slackware-security] libpng
2007-11-21 08:14:31
[slackware-security] libpng for Slackware 10.1 and 10.2
2007-11-21 21:16:25
freebsd
freebsd
png -- multiple vulnerabilities
2007-10-08 00:00:00
securityvulns
securityvulns
libpng multiple security vulnerabilities
2007-10-20 00:00:00
Google Android SDK multiple security vulnerabilities
2008-03-05 00:00:00
CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
2008-03-05 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2008.0124
2008-03-04 00:00:00
coresecurity
coresecurity
Multiple Vulnerabilities in Google's Android
2008-03-04 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON
Related for UB:CVE-2007-5266
cve2prion2ubuntucve1openvas15nessus18gentoo2slackware2freebsd1securityvulns4packetstorm1coresecurity1