FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5266

This CVE name corresponds to:

Entered	Topic
2007-10-11	png -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5266 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-5266
Phase	Assigned(20071008)

Description

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.

References

Source	Reference
BUGTRAQ	20071112 FLEA-2007-0065-1 libpng
BUGTRAQ	20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
MLIST	[png-mng-implement] 20070911 FW: Suspicious `sizeof' line 694 of pngset.c
MLIST	[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1
MISC	http://www.coresecurity.com/?action=item&id=2148
CONFIRM	https://issues.rpath.com/browse/RPL-1814
CONFIRM	http://bugs.gentoo.org/show_bug.cgi?id=195261
CONFIRM	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
CONFIRM	http://docs.info.apple.com/article.html?artnum=307562
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
APPLE	APPLE-SA-2008-03-18
APPLE	APPLE-SA-2008-05-28
GENTOO	GLSA-200711-08
GENTOO	GLSA-200805-07
MANDRIVA	MDKSA-2007:217
SLACKWARE	SSA:2007-325-01
SUNALERT	259989
SUNALERT	1020521
CERT	TA08-150A
BID	25957
SECUNIA	35302
SECUNIA	35386
VUPEN	ADV-2008-0924
VUPEN	ADV-2008-1697
SECUNIA	27284
SECUNIA	27529
SECUNIA	27629
SECUNIA	27746
SECUNIA	29420
SECUNIA	30161
SECUNIA	30430
VUPEN	ADV-2009-1462
VUPEN	ADV-2009-1560