Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3334

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3334
Last Modified 07 Mar 2011 09:38:22
Published 30 Jun 2006 07:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3334

Summary

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

Vulnerable Systems

Application

  • Greg Roelofs Libpng 1.2.0

  • Greg Roelofs Libpng 1.2.1

  • Greg Roelofs Libpng 1.2.10

  • Greg Roelofs Libpng 1.2.11

  • Greg Roelofs Libpng 1.2.2

  • Greg Roelofs Libpng 1.2.3

  • Greg Roelofs Libpng 1.2.4

  • Greg Roelofs Libpng 1.2.5

  • Greg Roelofs Libpng 1.2.6

  • Greg Roelofs Libpng 1.2.7

  • Greg Roelofs Libpng 1.2.7rc1

  • Greg Roelofs Libpng 1.2.8

  • Greg Roelofs Libpng 1.2.9


References

VUPEN - ADV-2008-0924

VUPEN - ADV-2006-2585

BID - 18698

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=428123

GENTOO - GLSA-200812-15

SECUNIA - 33137

CONFIRM - https://issues.rpath.com/browse/RPL-517

XF - libpng-pngdecompresschunk-bo(27468)

BUGTRAQ - 20060719 rPSA-2006-0133-1 libpng

SUSE - SUSE-SR:2006:028

SUSE - SUSE-SR:2006:016

MANDRIVA - MDKSA-2006:213

MANDRIVA - MDKSA-2006:212

MANDRIVA - MDKSA-2006:211

MANDRIVA - MDKSA-2006:210

MANDRIVA - MDKSA-2006:209

GENTOO - GLSA-200607-06

SECUNIA - 29420

SECUNIA - 23335

SECUNIA - 22958

SECUNIA - 22957

SECUNIA - 22956

SECUNIA - 20960

APPLE - APPLE-SA-2008-03-18

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:42:58