5

CVE-2007-5269

EPSS 10.46%
Veröffentlicht 08.10.2007 21:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 74

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libpng ≫ Libpng Version <= 1.2.20

Libpng ≫ Libpng Version1.0.28

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.46%	0.929

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://docs.info.apple.com/article.html?artnum=307562

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://www.vupen.com/english/advisories/2008/0924/references

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

http://secunia.com/advisories/29420

http://secunia.com/advisories/30430

http://www.us-cert.gov/cas/techalerts/TA08-150A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/1697

http://lists.vmware.com/pipermail/security-announce/2008/000008.html

http://www.securityfocus.com/archive/1/489739/100/0/threaded

http://www.securityfocus.com/bid/28276

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

http://www.vmware.com/support/player/doc/releasenotes_player.html

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

http://www.vupen.com/english/advisories/2008/0905/references

http://secunia.com/advisories/30161

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

http://www.coresecurity.com/?action=item&id=2148

http://www.securityfocus.com/archive/1/489135/100/0/threaded

http://secunia.com/advisories/34388

http://www.debian.org/security/2009/dsa-1750

http://secunia.com/advisories/27965

http://www.novell.com/linux/security/advisories/2007_25_sr.html

http://bugs.gentoo.org/show_bug.cgi?id=195261

http://secunia.com/advisories/27284

http://secunia.com/advisories/27529

http://secunia.com/advisories/27629

http://secunia.com/advisories/27746

http://secunia.com/advisories/35302

http://secunia.com/advisories/35386

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1

http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:217

http://www.securityfocus.com/archive/1/483582/100/0/threaded

http://www.vupen.com/english/advisories/2009/1462

http://www.vupen.com/english/advisories/2009/1560

https://issues.rpath.com/browse/RPL-1814

http://secunia.com/advisories/27093

Vendor Advisory

http://secunia.com/advisories/27405

http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement

Patch

http://www.securityfocus.com/bid/25956

http://www.ubuntu.com/usn/usn-538-1

http://www.vupen.com/english/advisories/2007/3390

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

http://secunia.com/advisories/27369

http://secunia.com/advisories/27391

http://secunia.com/advisories/27492

http://secunia.com/advisories/27662

http://secunia.com/advisories/31712

http://secunia.com/advisories/31713

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm

http://www.redhat.com/support/errata/RHSA-2007-0992.html

http://www.securityfocus.com/archive/1/495869/100/0/threaded

http://www.securitytracker.com/id?1018849

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

http://www.vupen.com/english/advisories/2008/2466

https://bugzilla.redhat.com/show_bug.cgi?id=327791

https://bugzilla.redhat.com/show_bug.cgi?id=337461

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html

https://nvd.nist.gov/vuln/detail/CVE-2007-5269

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5269

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5269

EUVD