Back to search
CVE-2007-5267
Published: Oct 8, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-3391
vdb-entry
x_refsource_VUPEN
https://issues.rpath.com/browse/RPL-1814
x_refsource_CONFIRM
35386
third-party-advisory
x_refsource_SECUNIA
1020521
vendor-advisory
x_refsource_SUNALERT
[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug
mailing-list
x_refsource_MLIST
ADV-2009-1560
vdb-entry
x_refsource_VUPEN
ADV-2009-1462
vdb-entry
x_refsource_VUPEN
[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug
mailing-list
x_refsource_MLIST
27746
third-party-advisory
x_refsource_SECUNIA
http://www.coresecurity.com/?action=item&id=2148
x_refsource_MISC
259989
vendor-advisory
x_refsource_SUNALERT
35302
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0924
vdb-entry
x_refsource_VUPEN
27130
third-party-advisory
x_refsource_SECUNIA
29420
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2008-03-18
vendor-advisory
x_refsource_APPLE
27284
third-party-advisory
x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=307562
x_refsource_CONFIRM
SSA:2007-325-01
vendor-advisory
x_refsource_SLACKWARE
20071112 FLEA-2007-0065-1 libpng
mailing-list
x_refsource_BUGTRAQ
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
x_refsource_CONFIRM
25957
vdb-entry
x_refsource_BID
20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now