FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5268

This CVE name corresponds to:

Entered	Topic
2007-10-11	png -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5268 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-5268
Phase	Assigned(20071008)

Description

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.

References

Source	Reference
BUGTRAQ	20071112 FLEA-2007-0065-1 libpng
BUGTRAQ	20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
MLIST	[png-mng-implement] 20070911 FW: Compiler warnings for pngrtran.c
MLIST	[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1
MLIST	[png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released
MISC	http://www.coresecurity.com/?action=item&id=2148
CONFIRM	https://issues.rpath.com/browse/RPL-1814
CONFIRM	http://bugs.gentoo.org/show_bug.cgi?id=195261
CONFIRM	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
CONFIRM	http://docs.info.apple.com/article.html?artnum=307562
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
APPLE	APPLE-SA-2008-03-18
APPLE	APPLE-SA-2008-05-28
GENTOO	GLSA-200711-08
GENTOO	GLSA-200805-07
MANDRIVA	MDKSA-2007:217
SLACKWARE	SSA:2007-325-01
SUNALERT	259989
SUNALERT	1020521
UBUNTU	USN-538-1
CERT	TA08-150A
BID	25956
SECUNIA	35302
SECUNIA	35386
VUPEN	ADV-2007-3390
VUPEN	ADV-2008-0924
VUPEN	ADV-2008-1697
SECUNIA	27093
SECUNIA	27284
SECUNIA	27405
SECUNIA	27529
SECUNIA	27629
SECUNIA	27746
SECUNIA	29420
SECUNIA	30161
SECUNIA	30430
VUPEN	ADV-2009-1462
VUPEN	ADV-2009-1560