Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5267

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5267
Last Modified 07 Mar 2011 10:00:24
Published 08 Oct 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5267

Summary

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.

Vulnerable Systems

Application

  • Libpng 1.2.21


References

MLIST - [png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug

VUPEN - ADV-2009-1560

VUPEN - ADV-2009-1462

VUPEN - ADV-2008-0924

VUPEN - ADV-2007-3391

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

SUNALERT - 1020521

SUNALERT - 259989

MLIST - [png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug

SECUNIA - 35386

SECUNIA - 35302

SECUNIA - 27130

CONFIRM - https://issues.rpath.com/browse/RPL-1814

BID - 25957

BUGTRAQ - 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK

BUGTRAQ - 20071112 FLEA-2007-0065-1 libpng

MISC - http://www.coresecurity.com/?action=item&id=2148

SLACKWARE - SSA:2007-325-01

SECUNIA - 29420

SECUNIA - 27746

SECUNIA - 27284

APPLE - APPLE-SA-2008-03-18

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

CONFIRM - http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:46:08