FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5267

This CVE name corresponds to:

Entered Topic
2007-10-11 png -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5267 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-5267
Phase Assigned(20071008)

Description

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.

References

Source Reference
BUGTRAQ 20071112 FLEA-2007-0065-1 libpng
BUGTRAQ 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
MLIST [png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug
MLIST [png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug
MISC http://www.coresecurity.com/?action=item&id=2148
CONFIRM https://issues.rpath.com/browse/RPL-1814
CONFIRM http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
APPLE APPLE-SA-2008-03-18
SLACKWARE SSA:2007-325-01
SUNALERT 259989
SUNALERT 1020521
BID 25957
SECUNIA 35302
SECUNIA 35386
VUPEN ADV-2007-3391
VUPEN ADV-2008-0924
SECUNIA 27130
SECUNIA 27284
SECUNIA 27746
SECUNIA 29420
VUPEN ADV-2009-1462
VUPEN ADV-2009-1560

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.