5
CVE-2008-5907
- EPSS 2.56%
- Veröffentlicht 15.01.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version4.0
Debian ≫ Debian Linux Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.56% | 0.83 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/34388
http://www.debian.org/security/2009/dsa-1750
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
http://libpng.sourceforge.net/index.html
http://openwall.com/lists/oss-security/2009/01/09/1
http://secunia.com/advisories/34320
http://security.gentoo.org/glsa/glsa-200903-28.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement
https://exchange.xforce.ibmcloud.com/vulnerabilities/48128