2.6
CVE-2006-5793
- EPSS 1.73%
- Veröffentlicht 17.11.2006 23:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Greg Roelofs ≫ Libpng Version1.0.6
Greg Roelofs ≫ Libpng Version1.0.7
Greg Roelofs ≫ Libpng Version1.0.8
Greg Roelofs ≫ Libpng Version1.0.9
Greg Roelofs ≫ Libpng Version1.2.0
Greg Roelofs ≫ Libpng Version1.2.1
Greg Roelofs ≫ Libpng Version1.2.2
Greg Roelofs ≫ Libpng Version1.2.3
Greg Roelofs ≫ Libpng Version1.2.4
Greg Roelofs ≫ Libpng Version1.2.5
Greg Roelofs ≫ Libpng Version1.2.6
Greg Roelofs ≫ Libpng Version1.2.7
Greg Roelofs ≫ Libpng Version1.2.7rc1
Greg Roelofs ≫ Libpng Version1.2.8
Greg Roelofs ≫ Libpng Version1.2.9
Greg Roelofs ≫ Libpng Version1.2.10
Greg Roelofs ≫ Libpng Version1.2.11
Greg Roelofs ≫ Libpng Version1.2.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.73% | 0.746 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/22958
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/29420
http://secunia.com/advisories/22956
http://secunia.com/advisories/23335
http://www.mandriva.com/security/advisories?name=MDKSA-2006:209
http://www.mandriva.com/security/advisories?name=MDKSA-2006:210
http://www.mandriva.com/security/advisories?name=MDKSA-2006:211
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
http://bugs.gentoo.org/attachment.cgi?id=101400&action=view
http://bugs.gentoo.org/show_bug.cgi?id=154380
http://secunia.com/advisories/22889
http://secunia.com/advisories/22900
http://secunia.com/advisories/22941
http://secunia.com/advisories/22950
http://secunia.com/advisories/22951
http://secunia.com/advisories/23208
http://secunia.com/advisories/25329
http://secunia.com/advisories/25742
http://security.gentoo.org/glsa/glsa-200611-09.xml
http://securitytracker.com/id?1017244
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.465035
http://sourceforge.net/project/shownotes.php?release_id=464278
http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
http://www.coresecurity.com/?action=item&id=2148
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.036.html
http://www.redhat.com/support/errata/RHSA-2007-0356.html
http://www.securityfocus.com/archive/1/451874/100/200/threaded
http://www.securityfocus.com/archive/1/453484/100/100/threaded
http://www.securityfocus.com/archive/1/489135/100/0/threaded
http://www.securityfocus.com/bid/21078
http://www.trustix.org/errata/2006/0065/
http://www.ubuntu.com/usn/usn-383-1
http://www.vupen.com/english/advisories/2006/4521
http://www.vupen.com/english/advisories/2006/4568
https://exchange.xforce.ibmcloud.com/vulnerabilities/30290
https://issues.rpath.com/browse/RPL-790
https://issues.rpath.com/browse/RPL-824
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10324