Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5907

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-5907
Last Modified 26 Mar 2009 01:48:23
Published 15 Jan 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5907

Summary

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

Vulnerable Systems

Application

  • Libpng 1.0.10

  • Libpng 1.0.11

  • Libpng 1.0.12

  • Libpng 1.0.13

  • Libpng 1.0.14

  • Libpng 1.0.15

  • Libpng 1.0.16

  • Libpng 1.0.17

  • Libpng 1.0.18

  • Libpng 1.0.19

  • Libpng 1.0.20

  • Libpng 1.0.21

  • Libpng 1.0.22

  • Libpng 1.0.23

  • Libpng 1.0.24

  • Libpng 1.0.25

  • Libpng 1.0.26

  • Libpng 1.0.27

  • Libpng 1.0.28

  • Libpng 1.0.29

  • Libpng 1.0.30

  • Libpng 1.0.31

  • Libpng 1.0.32

  • Libpng 1.0.33

  • Libpng 1.0.34

  • Libpng 1.0.35

  • Libpng 1.0.37

  • Libpng 1.0.38

  • Libpng 1.0.39

  • Libpng 1.0.40

  • Libpng 1.0.41

  • Libpng 1.2.0

  • Libpng 1.2.1

  • Libpng 1.2.10

  • Libpng 1.2.11

  • Libpng 1.2.13

  • Libpng 1.2.14

  • Libpng 1.2.15

  • Libpng 1.2.16

  • Libpng 1.2.17

  • Libpng 1.2.18

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.27

  • Libpng 1.2.28

  • Libpng 1.2.29

  • Libpng 1.2.3

  • Libpng 1.2.30

  • Libpng 1.2.31

  • Libpng 1.2.32

  • Libpng 1.2.33

  • Libpng 1.2.4

  • Libpng 1.2.5

  • Libpng 1.2.6

  • Libpng 1.2.7

  • Libpng 1.2.8

  • Libpng 1.2.9


References

XF - libpng-pngcheckkeyword-memory-corruption(48128)

MANDRIVA - MDVSA-2009:051

DEBIAN - DSA-1750

MLIST - [png-mng-implement] 20081126 Memory overwriting bug in png_check_keyword()

GENTOO - GLSA-200903-28

SECUNIA - 34388

SECUNIA - 34320

MLIST - [oss-security] 20090109 libpng non issue

SUSE - SUSE-SR:2009:003

CONFIRM - http://libpng.sourceforge.net/index.html


Last Updated: 27 May 2016 10:48:58