Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5269

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5269
Last Modified 14 May 2013 10:32:22
Published 08 Oct 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5269

Summary

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.

Vulnerable Systems

Application

  • Libpng 1.0.28

  • Libpng 1.2.20


References

CERT - TA08-150A

MLIST - [png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released

VUPEN - ADV-2009-1560

VUPEN - ADV-2009-1462

VUPEN - ADV-2008-2466

VUPEN - ADV-2008-1697

VUPEN - ADV-2008-0924

VUPEN - ADV-2008-0905

VUPEN - ADV-2007-3390

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0014.html

BUGTRAQ - 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

DEBIAN - DSA-1750

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

SUNALERT - 1020521

SUNALERT - 259989

SECUNIA - 35386

SECUNIA - 35302

SECUNIA - 34388

SECUNIA - 31713

SECUNIA - 31712

SECUNIA - 27093

FEDORA - FEDORA-2007-2666

FEDORA - FEDORA-2007-2521

FEDORA - FEDORA-2007-734

CONFIRM - https://issues.rpath.com/browse/RPL-1814

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=337461

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=327791

CONFIRM - http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

CONFIRM - http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

CONFIRM - http://www.vmware.com/support/server/doc/releasenotes_server.html

CONFIRM - http://www.vmware.com/support/player2/doc/releasenotes_player2.html

CONFIRM - http://www.vmware.com/support/player/doc/releasenotes_player.html

CONFIRM - http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0005.html

UBUNTU - USN-538-1

SECTRACK - 1018849

BID - 28276

BID - 25956

BUGTRAQ - 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

BUGTRAQ - 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK

BUGTRAQ - 20071112 FLEA-2007-0065-1 libpng

REDHAT - RHSA-2007:0992

SUSE - SUSE-SR:2007:025

MANDRIVA - MDKSA-2007:217

GENTOO - GLSA-200805-07

GENTOO - GLSA-200711-08

MISC - http://www.coresecurity.com/?action=item&id=2148

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm

SLACKWARE - SSA:2007-325-01

SECUNIA - 30430

SECUNIA - 30161

SECUNIA - 29420

SECUNIA - 27965

SECUNIA - 27746

SECUNIA - 27662

SECUNIA - 27629

SECUNIA - 27529

SECUNIA - 27492

SECUNIA - 27405

SECUNIA - 27391

SECUNIA - 27369

SECUNIA - 27284

MLIST - [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

APPLE - APPLE-SA-2008-03-18

APPLE - APPLE-SA-2008-05-28

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=195261

CONFIRM - http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

GENTOO - GLSA-201209-25

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update

VMware VMSA-2008-0014.3 VMware Workstation 6.5.1 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2008-0014.3 VMware Server 2.0 for Windows (Update) (All Languages) (See Notes) (Rev 3)

VMware VMSA-2008-0014.3 VMware Player 2.5.1 for Windows (Update) (All Languages) (Rev 2)


Last Updated: 27 May 2016 10:49:54