Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5268

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5268
Last Modified 07 Mar 2011 10:00:24
Published 08 Oct 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5268

Summary

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.

Vulnerable Systems

Application

  • Libpng 1.0.28

  • Libpng 1.2.20


References

CERT - TA08-150A

MLIST - [png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1

MLIST - [png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released

VUPEN - ADV-2009-1560

VUPEN - ADV-2009-1462

VUPEN - ADV-2008-1697

VUPEN - ADV-2008-0924

VUPEN - ADV-2007-3390

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

SUNALERT - 1020521

SUNALERT - 259989

MLIST - [png-mng-implement] 20070911 FW: Compiler warnings for pngrtran.c

SECUNIA - 35386

SECUNIA - 35302

SECUNIA - 27093

CONFIRM - https://issues.rpath.com/browse/RPL-1814

UBUNTU - USN-538-1

BID - 25956

BUGTRAQ - 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK

BUGTRAQ - 20071112 FLEA-2007-0065-1 libpng

MANDRIVA - MDKSA-2007:217

GENTOO - GLSA-200805-07

GENTOO - GLSA-200711-08

MISC - http://www.coresecurity.com/?action=item&id=2148

SLACKWARE - SSA:2007-325-01

SECUNIA - 30430

SECUNIA - 30161

SECUNIA - 29420

SECUNIA - 27746

SECUNIA - 27629

SECUNIA - 27529

SECUNIA - 27405

SECUNIA - 27284

APPLE - APPLE-SA-2008-03-18

APPLE - APPLE-SA-2008-05-28

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=195261

CONFIRM - http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update


Last Updated: 27 May 2016 10:46:08