CVE-2007-5269

MEDIUM

Description

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.

References

http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

http://bugs.gentoo.org/show_bug.cgi?id=195261

http://docs.info.apple.com/article.html?artnum=307562

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

http://lists.vmware.com/pipermail/security-announce/2008/000008.html

http://secunia.com/advisories/27093

http://secunia.com/advisories/27284

http://secunia.com/advisories/27369

http://secunia.com/advisories/27391

http://secunia.com/advisories/27405

http://secunia.com/advisories/27492

http://secunia.com/advisories/27529

http://secunia.com/advisories/27629

http://secunia.com/advisories/27662

http://secunia.com/advisories/27746

http://secunia.com/advisories/27965

http://secunia.com/advisories/29420

http://secunia.com/advisories/30161

http://secunia.com/advisories/30430

http://secunia.com/advisories/31712

http://secunia.com/advisories/31713

http://secunia.com/advisories/34388

http://secunia.com/advisories/35302

http://secunia.com/advisories/35386

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323

http://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082318.012a7628%40mail.comcast.net&forum_name=png-mng-implement

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1

http://support.avaya.com/elmodocs2/security/ASA-2007-460.htm

http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

http://www.coresecurity.com/?action=item&id=2148

http://www.debian.org/security/2009/dsa-1750

http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:217

http://www.novell.com/linux/security/advisories/2007_25_sr.html

http://www.redhat.com/support/errata/RHSA-2007-0992.html

http://www.securityfocus.com/archive/1/483582/100/0/threaded

http://www.securityfocus.com/archive/1/489135/100/0/threaded

http://www.securityfocus.com/archive/1/489739/100/0/threaded

http://www.securityfocus.com/archive/1/495869/100/0/threaded

http://www.securityfocus.com/bid/25956

http://www.securityfocus.com/bid/28276

http://www.securitytracker.com/id?1018849

http://www.ubuntu.com/usn/usn-538-1

http://www.us-cert.gov/cas/techalerts/TA08-150A.html

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

http://www.vmware.com/support/player/doc/releasenotes_player.html

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

http://www.vmware.com/support/server/doc/releasenotes_server.html

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

http://www.vupen.com/english/advisories/2007/3390

http://www.vupen.com/english/advisories/2008/0905/references

http://www.vupen.com/english/advisories/2008/0924/references

http://www.vupen.com/english/advisories/2008/1697

http://www.vupen.com/english/advisories/2008/2466

http://www.vupen.com/english/advisories/2009/1462

http://www.vupen.com/english/advisories/2009/1560

https://bugzilla.redhat.com/show_bug.cgi?id=327791

https://bugzilla.redhat.com/show_bug.cgi?id=337461

https://issues.rpath.com/browse/RPL-1814

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10614

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00072.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00353.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00356.html

Details

Source: MITRE

Published: 2007-10-08

Updated: 2018-10-15

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* versions up to 1.2.20 (inclusive)

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
107983Solaris 10 (x86) : 137081-10NessusSolaris Local Security Checks
high
107982Solaris 10 (x86) : 137081-09NessusSolaris Local Security Checks
high
107981Solaris 10 (x86) : 137081-07NessusSolaris Local Security Checks
high
107485Solaris 10 (sparc) : 137080-10NessusSolaris Local Security Checks
high
107484Solaris 10 (sparc) : 137080-09NessusSolaris Local Security Checks
high
107483Solaris 10 (sparc) : 137080-07NessusSolaris Local Security Checks
high
79964GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)NessusGentoo Local Security Checks
high
67594Oracle Linux 3 / 4 / 5 : libpng (ELSA-2007-0992)NessusOracle Linux Local Security Checks
medium
62383GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
60275Scientific Linux Security Update : libpng on SL5.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60274Scientific Linux Security Update : libpng on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
medium
41164SuSE9 Security Update : libpng (YOU Patch Number 11956)NessusSuSE Local Security Checks
medium
40382VMSA-2008-0014 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.NessusVMware ESX Local Security Checks
critical
37042Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libpng vulnerabilities (USN-730-1)NessusUbuntu Local Security Checks
high
35988Debian DSA-1750-1 : libpng - several vulnerabilitiesNessusDebian Local Security Checks
high
32478Mac OS X Multiple Vulnerabilities (Security Update 2008-003)NessusMacOS X Local Security Checks
critical
32477Mac OS X 10.5.x < 10.5.3 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
31729VMware Products Multiple Vulnerabilities (VMSA-2008-0005)NessusWindows
high
31605Mac OS X Multiple Vulnerabilities (Security Update 2008-002)NessusMacOS X Local Security Checks
critical
31337Solaris 10 (x86) : 137081-11 (deprecated)NessusSolaris Local Security Checks
high
31333Solaris 10 (sparc) : 137080-11 (deprecated)NessusSolaris Local Security Checks
high
29509SuSE 10 Security Update : libpng (ZYPP Patch Number 4627)NessusSuSE Local Security Checks
medium
28326openSUSE 10 Security Update : libpng (libpng-4628)NessusSuSE Local Security Checks
medium
28296SSA-2007-325-01a libpng for Slackware 10.1 and 10.2 NessusSlackware Local Security Checks
medium
28295Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2007-325-01)NessusSlackware Local Security Checks
medium
28200Mandrake Linux Security Advisory : libpng (MDKSA-2007:217)NessusMandriva Local Security Checks
medium
28145Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libpng vulnerabilities (USN-538-1)NessusUbuntu Local Security Checks
medium
27825GLSA-200711-08 : libpng: Multiple Denials of ServiceNessusGentoo Local Security Checks
medium
27787Fedora 7 : libpng-1.2.22-1.fc7 (2007-2666)NessusFedora Local Security Checks
medium
27775Fedora 7 : libpng10-1.0.29-1.fc7 (2007-2521)NessusFedora Local Security Checks
medium
27634Fedora Core 6 : libpng-1.2.10-10.fc6 (2007-734)NessusFedora Local Security Checks
medium
27571RHEL 2.1 / 3 / 4 / 5 : libpng (RHSA-2007:0992)NessusRed Hat Local Security Checks
medium
27543CentOS 3 / 4 / 5 : libpng (CESA-2007:0992)NessusCentOS Local Security Checks
medium
26977FreeBSD : png -- multiple vulnerabilities (172acf78-780c-11dc-b3f4-0016179b2dd5)NessusFreeBSD Local Security Checks
medium