5

CVE-2007-5269

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version <= 1.2.20
LibpngLibpng Version1.0.28
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.77% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://secunia.com/advisories/29420
http://secunia.com/advisories/30430
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
US Government Resource
http://www.vupen.com/english/advisories/2008/1697
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/28276
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/0905/references
http://secunia.com/advisories/30161
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
http://www.coresecurity.com/?action=item&id=2148
http://www.securityfocus.com/archive/1/489135/100/0/threaded
http://secunia.com/advisories/34388
http://www.debian.org/security/2009/dsa-1750
http://secunia.com/advisories/27965
http://www.novell.com/linux/security/advisories/2007_25_sr.html
http://bugs.gentoo.org/show_bug.cgi?id=195261
http://secunia.com/advisories/27284
http://secunia.com/advisories/27529
http://secunia.com/advisories/27629
http://secunia.com/advisories/27746
http://secunia.com/advisories/35302
http://secunia.com/advisories/35386
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:217
http://www.securityfocus.com/archive/1/483582/100/0/threaded
http://www.vupen.com/english/advisories/2009/1462
http://www.vupen.com/english/advisories/2009/1560
https://issues.rpath.com/browse/RPL-1814
http://secunia.com/advisories/27093
Vendor Advisory
http://secunia.com/advisories/27405
http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement
Patch
http://www.securityfocus.com/bid/25956
http://www.ubuntu.com/usn/usn-538-1
http://www.vupen.com/english/advisories/2007/3390
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://secunia.com/advisories/27369
http://secunia.com/advisories/27391
http://secunia.com/advisories/27492
http://secunia.com/advisories/27662
http://secunia.com/advisories/31712
http://secunia.com/advisories/31713
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm
http://www.redhat.com/support/errata/RHSA-2007-0992.html
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securitytracker.com/id?1018849
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vupen.com/english/advisories/2008/2466
https://bugzilla.redhat.com/show_bug.cgi?id=327791
https://bugzilla.redhat.com/show_bug.cgi?id=337461
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html