Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero

Related Vulnerabilities: CVE-2008-5907   CVE-2009-0040  

Source

Debian Bug report logs - #512665
CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero

version graph

Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debian.org>;

Reported by: Raphael Geissert <atomo64@gmail.com>

Date: Thu, 22 Jan 2009 17:15:01 UTC

Severity: normal

Tags: security

Found in version libpng/1.2.15~beta5-1

Fixed in versions 1.2.27-2+lenny1, 1.2.35-1

Done: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#512665; Package libpng. (Thu, 22 Jan 2009 17:15:03 GMT) (full text, mbox, link).

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <atomo64@gmail.com>
To: submit@bugs.debian.org
Subject: CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero
Date: Thu, 22 Jan 2009 11:13:07 -0600
[Message part 1 (text/plain, inline)]
Source: libpng
Version: 	1.2.15~beta5-1
Severity: normal
Tags: security

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was published for 
horde3.

CVE-2008-5907[1]:
> The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and
> 1.2.x before 1.2.34, might allow context-dependent attackers to set the
> value of an arbitrary memory location to zero via vectors involving
> creation of crafted PNG files with keywords, related to an implicit cast of
> the '\0' character constant to a NULL pointer. NOTE: some sources
> incorrectly report this as a double free vulnerability.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
     http://security-tracker.debian.net/tracker/CVE-2008-5907

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#512665; Package libpng. (Sat, 14 Mar 2009 21:00:02 GMT) (full text, mbox, link).

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Sat, 14 Mar 2009 21:00:02 GMT) (full text, mbox, link).

Message #8 received at 512665@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: 512665@bugs.debian.org, 516256@bugs.debian.org, team@security.debian.org
Subject: libpng: proposed NMU to fix CVE-2008-5907 and CVE-2009-0040 in lenny
Date: Sat, 14 Mar 2009 21:59:04 +0100
[Message part 1 (text/plain, inline)]
Hi,

I've prepared a NMU to fix CVE-2008-5907 and CVE-2009-0040 in libpng.


Proposed debdiff in attachment.

Cheers,
Giuseppe.

[libpng_1.2.27-2lenny1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]

Reply sent to Nobuhiro Iwamatsu <iwamatsu@nigauri.org>:
You have taken responsibility. (Tue, 14 Jun 2011 00:09:08 GMT) (full text, mbox, link).

Notification sent to Raphael Geissert <atomo64@gmail.com>:
Bug acknowledged by developer. (Tue, 14 Jun 2011 00:09:08 GMT) (full text, mbox, link).

Message #13 received at 512665-done@bugs.debian.org (full text, mbox, reply):

From: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
To: 512665-done@bugs.debian.org
Subject: Re: CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero
Date: Tue, 14 Jun 2011 00:07:41 +0000
Source: libpng
Version: 1.2.27-2+lenny1

Hi,

This bug already closed in libpng 1.2.27-2+lenny1.

libpng (1.2.27-2+lenny1) stable-security; urgency=high

   * Non-maintainer upload.
   * debian/patches/03-CVE-2008-5907.diff: update pngwutil.c to properly set
     new_key to NULL string. (CVE-2008-5907) (Closes: #512665)
   * debian/patches/04-CVE-2009-0040.diff: initialize pointers in pngread.c,
     pngrtans.c, pngset.c and example.c (CVE-2009-0040) (Closes: #516256)
 -- Giuseppe Iuculano <giuseppe@iuculano.it>  Sat, 14 Mar 2009 21:31:31 +0100

I close this bug.

Best regards,
  Nobuhiro

Marked as fixed in versions 1.2.35-1. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Sun, 23 Sep 2012 21:03:07 GMT) (full text, mbox, link).

Bug archived. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Sun, 23 Sep 2012 21:03:08 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:46:55 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started