2.6
CVSSv2

CVE-2006-5793

Published: 17/11/2006 Updated: 17/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Summary

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent malicious users to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.

Affected Products

Vendor Product Versions
Greg RoelofsLibpng1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.7rc1, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12

Vendor Advisories

Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library ...
Debian Bug report logs - #398706 libpng: CVE-2006-5793: malformed sPLT chunks may blow away your browser Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Aníbal Monsalve Salazar <anibal@debianorg> Date: Wed, 15 Nov 2006 07:48:11 UTC Severity: grave Tags: security ...

Mailing Lists

Core Security Technologies Advisory - Google's Android SDK suffers from heap and integer overflow vulnerabilities Proof of concept code included ...

References

CWE-20http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.htmlhttp://bugs.gentoo.org/attachment.cgi?id=101400&action=viewhttp://bugs.gentoo.org/show_bug.cgi?id=154380http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://secunia.com/advisories/22889http://secunia.com/advisories/22900http://secunia.com/advisories/22941http://secunia.com/advisories/22950http://secunia.com/advisories/22951http://secunia.com/advisories/22956http://secunia.com/advisories/22958http://secunia.com/advisories/23208http://secunia.com/advisories/23335http://secunia.com/advisories/25329http://secunia.com/advisories/25742http://secunia.com/advisories/29420http://security.gentoo.org/glsa/glsa-200611-09.xmlhttp://securitytracker.com/id?1017244http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.465035http://sourceforge.net/project/shownotes.php?release_id=464278http://support.avaya.com/elmodocs2/security/ASA-2007-254.htmhttp://www.coresecurity.com/?action=item&id=2148http://www.mandriva.com/security/advisories?name=MDKSA-2006:209http://www.mandriva.com/security/advisories?name=MDKSA-2006:210http://www.mandriva.com/security/advisories?name=MDKSA-2006:211http://www.mandriva.com/security/advisories?name=MDKSA-2006:212http://www.novell.com/linux/security/advisories/2006_28_sr.htmlhttp://www.openpkg.com/security/advisories/OpenPKG-SA-2006.036.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0356.htmlhttp://www.securityfocus.com/archive/1/451874/100/200/threadedhttp://www.securityfocus.com/archive/1/453484/100/100/threadedhttp://www.securityfocus.com/archive/1/489135/100/0/threadedhttp://www.securityfocus.com/bid/21078http://www.trustix.org/errata/2006/0065/http://www.ubuntu.com/usn/usn-383-1http://www.vupen.com/english/advisories/2006/4521http://www.vupen.com/english/advisories/2006/4568http://www.vupen.com/english/advisories/2008/0924/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/30290https://issues.rpath.com/browse/RPL-790https://issues.rpath.com/browse/RPL-824https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10324https://www.rapid7.com/db/vulnerabilities/linuxrpm-SUSE-SR-2006-028-vuln4https://usn.ubuntu.com/383-1/https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0356