Back to search
CVE-2007-5266
Published: Oct 8, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://issues.rpath.com/browse/RPL-1814
x_refsource_CONFIRM
MDKSA-2007:217
vendor-advisory
x_refsource_MANDRIVA
35386
third-party-advisory
x_refsource_SECUNIA
[png-mng-implement] 20070911 FW: Suspicious `sizeof' line 694 of pngset.c
mailing-list
x_refsource_MLIST
1020521
vendor-advisory
x_refsource_SUNALERT
ADV-2009-1560
vdb-entry
x_refsource_VUPEN
ADV-2009-1462
vdb-entry
x_refsource_VUPEN
http://bugs.gentoo.org/show_bug.cgi?id=195261
x_refsource_CONFIRM
27529
third-party-advisory
x_refsource_SECUNIA
27746
third-party-advisory
x_refsource_SECUNIA
http://www.coresecurity.com/?action=item&id=2148
x_refsource_MISC
259989
vendor-advisory
x_refsource_SUNALERT
35302
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0924
vdb-entry
x_refsource_VUPEN
TA08-150A
third-party-advisory
x_refsource_CERT
29420
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2008-03-18
vendor-advisory
x_refsource_APPLE
27284
third-party-advisory
x_refsource_SECUNIA
30430
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2008-05-28
vendor-advisory
x_refsource_APPLE
30161
third-party-advisory
x_refsource_SECUNIA
GLSA-200805-07
vendor-advisory
x_refsource_GENTOO
[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1
mailing-list
x_refsource_MLIST
http://docs.info.apple.com/article.html?artnum=307562
x_refsource_CONFIRM
GLSA-200711-08
vendor-advisory
x_refsource_GENTOO
ADV-2008-1697
vdb-entry
x_refsource_VUPEN
SSA:2007-325-01
vendor-advisory
x_refsource_SLACKWARE
20071112 FLEA-2007-0065-1 libpng
mailing-list
x_refsource_BUGTRAQ
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
x_refsource_CONFIRM
25957
vdb-entry
x_refsource_BID
20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
mailing-list
x_refsource_BUGTRAQ
27629
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now