Back to search
CVE-2006-5793
Published: Nov 17, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
x_refsource_CONFIRM
MDKSA-2006:209
vendor-advisory
x_refsource_MANDRIVA
22941
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10324
vdb-entry
signature
x_refsource_OVAL
22956
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-824
x_refsource_CONFIRM
22958
third-party-advisory
x_refsource_SECUNIA
http://www.coresecurity.com/?action=item&id=2148
x_refsource_MISC
http://bugs.gentoo.org/show_bug.cgi?id=154380
x_refsource_MISC
SUSE-SR:2006:028
vendor-advisory
x_refsource_SUSE
ADV-2008-0924
vdb-entry
x_refsource_VUPEN
21078
vdb-entry
x_refsource_BID
22951
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-790
x_refsource_CONFIRM
GLSA-200611-09
vendor-advisory
x_refsource_GENTOO
23335
third-party-advisory
x_refsource_SECUNIA
25329
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4521
vdb-entry
x_refsource_VUPEN
29420
third-party-advisory
x_refsource_SECUNIA
1017244
vdb-entry
x_refsource_SECTRACK
http://sourceforge.net/project/shownotes.php?release_id=464278
x_refsource_CONFIRM
APPLE-SA-2008-03-18
vendor-advisory
x_refsource_APPLE
20061204 rPSA-2006-0211-2 doxygen libpng
mailing-list
x_refsource_BUGTRAQ
MDKSA-2006:210
vendor-advisory
x_refsource_MANDRIVA
23208
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:212
vendor-advisory
x_refsource_MANDRIVA
22889
third-party-advisory
x_refsource_SECUNIA
http://bugs.gentoo.org/attachment.cgi?id=101400&action=view
x_refsource_MISC
20061115 rPSA-2006-0211-1 libpng
mailing-list
x_refsource_BUGTRAQ
RHSA-2007:0356
vendor-advisory
x_refsource_REDHAT
OpenPKG-SA-2006.036
vendor-advisory
x_refsource_OPENPKG
USN-383-1
vendor-advisory
x_refsource_UBUNTU
http://docs.info.apple.com/article.html?artnum=307562
x_refsource_CONFIRM
22950
third-party-advisory
x_refsource_SECUNIA
libpng-pngsetsplt-dos(30290)
vdb-entry
x_refsource_XF
22900
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:211
vendor-advisory
x_refsource_MANDRIVA
ADV-2006-4568
vdb-entry
x_refsource_VUPEN
SSA:2006-335-03
vendor-advisory
x_refsource_SLACKWARE
25742
third-party-advisory
x_refsource_SECUNIA
2006-0065
vendor-advisory
x_refsource_TRUSTIX
20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now