5
CVE-2007-5269
- EPSS 4.77%
- Veröffentlicht 08.10.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.77% | 0.908 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://secunia.com/advisories/29420
http://secunia.com/advisories/30430
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2008/1697
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/28276
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/0905/references
http://secunia.com/advisories/30161
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
http://www.coresecurity.com/?action=item&id=2148
http://www.securityfocus.com/archive/1/489135/100/0/threaded
http://secunia.com/advisories/34388
http://www.debian.org/security/2009/dsa-1750
http://secunia.com/advisories/27965
http://www.novell.com/linux/security/advisories/2007_25_sr.html
http://bugs.gentoo.org/show_bug.cgi?id=195261
http://secunia.com/advisories/27284
http://secunia.com/advisories/27529
http://secunia.com/advisories/27629
http://secunia.com/advisories/27746
http://secunia.com/advisories/35302
http://secunia.com/advisories/35386
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:217
http://www.securityfocus.com/archive/1/483582/100/0/threaded
http://www.vupen.com/english/advisories/2009/1462
http://www.vupen.com/english/advisories/2009/1560
https://issues.rpath.com/browse/RPL-1814
http://secunia.com/advisories/27093
http://secunia.com/advisories/27405
http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement
http://www.securityfocus.com/bid/25956
http://www.ubuntu.com/usn/usn-538-1
http://www.vupen.com/english/advisories/2007/3390
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://secunia.com/advisories/27369
http://secunia.com/advisories/27391
http://secunia.com/advisories/27492
http://secunia.com/advisories/27662
http://secunia.com/advisories/31712
http://secunia.com/advisories/31713
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm
http://www.redhat.com/support/errata/RHSA-2007-0992.html
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securitytracker.com/id?1018849
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vupen.com/english/advisories/2008/2466
https://bugzilla.redhat.com/show_bug.cgi?id=327791
https://bugzilla.redhat.com/show_bug.cgi?id=337461
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html