Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6218

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-6218
Last Modified 07 Mar 2011 10:15:55
Published 20 Feb 2009 12:30:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6218

Summary

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.

Vulnerable Systems

Application

  • Libpng 1.2.0

  • Libpng 1.2.1

  • Libpng 1.2.10

  • Libpng 1.2.11

  • Libpng 1.2.13

  • Libpng 1.2.14

  • Libpng 1.2.15

  • Libpng 1.2.16

  • Libpng 1.2.17

  • Libpng 1.2.18

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.27

  • Libpng 1.2.28

  • Libpng 1.2.29

  • Libpng 1.2.3

  • Libpng 1.2.30

  • Libpng 1.2.31

  • Libpng 1.2.32

  • Libpng 1.2.33

  • Libpng 1.2.4

  • Libpng 1.2.5

  • Libpng 1.2.6

  • Libpng 1.2.7

  • Libpng 1.2.8

  • Libpng 1.2.9

  • Libpng 1.4.0


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=635837

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624

XF - libpng-pnghandletext-dos(46115)

VUPEN - ADV-2010-1837

VUPEN - ADV-2008-2917

SECTRACK - 1021104

BID - 31920

BUGTRAQ - 20090312 rPSA-2009-0046-1 libpng

MANDRIVA - MDVSA-2010:133

DEBIAN - DSA-1750

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0046

GENTOO - GLSA-200903-28

SECUNIA - 34388

SECUNIA - 34320

SECUNIA - 34265

SECUNIA - 32418

Related Patches

Novell SUSE 2011:4948 libpng-devel security update for SLE 11 SP1 i586

Novell SUSE 2011:7670 libpng security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:49:06