FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1382

This CVE name corresponds to:

Entered Topic
2008-04-25 png -- unknown chunk processing uninitialized memory access

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1382 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-1382
Phase Assigned(20080318)

Description

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

References

Source Reference
BUGTRAQ 20080414 [oCERT-2008-003] libpng zero-length chunks incorrect handling
BUGTRAQ 20080429 rPSA-2008-0151-1 libpng
BUGTRAQ 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
MISC http://www.ocert.org/advisories/ocert-2008-003.html
CONFIRM http://libpng.sourceforge.net/Advisory-1.2.26.txt
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151
CONFIRM http://support.apple.com/kb/HT3549
CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0007.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
APPLE APPLE-SA-2008-09-15
APPLE APPLE-SA-2009-05-12
DEBIAN DSA-1750
FEDORA FEDORA-2008-3683
FEDORA FEDORA-2008-3937
FEDORA FEDORA-2008-3979
FEDORA FEDORA-2008-4847
FEDORA FEDORA-2008-4910
FEDORA FEDORA-2008-4947
GENTOO GLSA-200804-15
GENTOO GLSA-200805-10
GENTOO GLSA-200812-15
MANDRIVA MDVSA-2008:156
REDHAT RHSA-2009:0333
SLACKWARE SSA:2008-119-01
SUNALERT 259989
SUNALERT 1020521
SUSE SUSE-SR:2008:010
CERT TA08-260A
CERT TA09-133A
BID 28770
OVAL oval:org.mitre.oval:def:10326
OVAL oval:org.mitre.oval:def:6275
SECUNIA 34388
SECUNIA 35074
SECUNIA 35258
SECUNIA 35302
SECUNIA 35386
SECUNIA 34152
VUPEN ADV-2008-1225
VUPEN ADV-2008-2584
OSVDB 44364
SECTRACK 1019840
SECUNIA 29792
SECUNIA 29678
SECUNIA 29992
SECUNIA 29957
SECUNIA 30009
SECUNIA 30402
SECUNIA 30486
SECUNIA 31882
SECUNIA 30157
SECUNIA 30174
SECUNIA 33137
VUPEN ADV-2009-1297
VUPEN ADV-2009-1451
VUPEN ADV-2009-1462
VUPEN ADV-2009-1560
XF libpng-zero-length-code-execution(41800)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.