Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1382

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1382
Last Modified 07 Mar 2011 10:07:00
Published 14 Apr 2008 12:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1382

Summary

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

Vulnerable Systems

Application

  • Libpng 1.0.10

  • Libpng 1.0.11

  • Libpng 1.0.12

  • Libpng 1.0.13

  • Libpng 1.0.14

  • Libpng 1.0.15

  • Libpng 1.0.16

  • Libpng 1.0.17

  • Libpng 1.0.18

  • Libpng 1.0.19

  • Libpng 1.0.20

  • Libpng 1.0.21

  • Libpng 1.0.22

  • Libpng 1.0.23

  • Libpng 1.0.24

  • Libpng 1.0.25

  • Libpng 1.0.26

  • Libpng 1.0.27

  • Libpng 1.0.28

  • Libpng 1.0.29

  • Libpng 1.0.30

  • Libpng 1.0.31

  • Libpng 1.0.32

  • Libpng 1.0.6

  • Libpng 1.0.7

  • Libpng 1.0.8

  • Libpng 1.0.9

  • Libpng 1.2.0

  • Libpng 1.2.1

  • Libpng 1.2.10

  • Libpng 1.2.11

  • Libpng 1.2.13

  • Libpng 1.2.14

  • Libpng 1.2.15

  • Libpng 1.2.16

  • Libpng 1.2.17

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.3

  • Libpng 1.2.4

  • Libpng 1.2.5

  • Libpng 1.2.6

  • Libpng 1.2.7

  • Libpng 1.2.8

  • Libpng 1.2.9

  • Libpng 1.4


References

CERT - TA09-133A

CERT - TA08-260A

VUPEN - ADV-2009-1560

VUPEN - ADV-2009-1462

VUPEN - ADV-2009-1451

VUPEN - ADV-2009-1297

VUPEN - ADV-2008-2584

VUPEN - ADV-2008-1225

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0007.html

BUGTRAQ - 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues

REDHAT - RHSA-2009:0333

MISC - http://www.ocert.org/advisories/ocert-2008-003.html

MANDRIVA - MDVSA-2008:156

DEBIAN - DSA-1750

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

CONFIRM - http://support.apple.com/kb/HT3549

SUNALERT - 1020521

SUNALERT - 259989

GENTOO - GLSA-200812-15

GENTOO - GLSA-200805-10

SECUNIA - 35386

SECUNIA - 35302

SECUNIA - 35258

SECUNIA - 35074

SECUNIA - 34388

SECUNIA - 34152

SECUNIA - 33137

SECUNIA - 31882

SECUNIA - 30174

SECUNIA - 30157

SECUNIA - 29792

APPLE - APPLE-SA-2009-05-12

APPLE - APPLE-SA-2008-09-15

CONFIRM - http://libpng.sourceforge.net/Advisory-1.2.26.txt

FEDORA - FEDORA-2008-3937

FEDORA - FEDORA-2008-3979

FEDORA - FEDORA-2008-3683

FEDORA - FEDORA-2008-4947

FEDORA - FEDORA-2008-4910

FEDORA - FEDORA-2008-4847

XF - libpng-zero-length-code-execution(41800)

SECTRACK - 1019840

BID - 28770

BUGTRAQ - 20080429 rPSA-2008-0151-1 libpng

BUGTRAQ - 20080414 [oCERT-2008-003] libpng zero-length chunks incorrect handling

OSVDB - 44364

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151

SLACKWARE - SSA:2008-119-01

GENTOO - GLSA-200804-15

SECUNIA - 30486

SECUNIA - 30402

SECUNIA - 30009

SECUNIA - 29992

SECUNIA - 29957

SECUNIA - 29678

SUSE - SUSE-SR:2008:010

Related Patches

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Novell SUSE 2008:5181 libpng security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:08