Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-5907

Published: 15/01/2009 Updated: 08/11/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Libpng

Vulnerability Summary

The png_check_keyword function in pngwutil.c in libpng prior to 1.0.42, and 1.2.x prior to 1.2.34, might allow context-dependent malicious users to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

libpng libpng

debian debian linux 4.0

debian debian linux 5.0

Vendor Advisories

Ubuntu Security Notice: libpng vulnerabilities
It was discovered that libpng did not properly perform bounds checking in certain operations An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng This issue only affected Ubuntu 804 LTS (CVE-2007-5268, CVE-2007-5269) ...
Debian CVElist Bug Report Logs: [SA33970] libpng Uninitialised Pointer Arrays Vulnerability
Debian Bug report logs - #516256 [SA33970] libpng Uninitialised Pointer Arrays Vulnerability Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Fri, 20 Feb 2009 07:21:01 UTC Severity: serious Tags: security Found in versi ...
Debian CVElist Bug Report Logs: CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero
Debian Bug report logs - #512665 CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Raphael Geissert <atomo64@gmailcom> Date: Thu, 22 Jan 2 ...
Debian Security Advisories: DSA-1750-1 libpng -- several vulnerabilities
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2445 The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk C ...

References

NVD-CWE-noinfohttp://libpng.sourceforge.net/index.htmlhttp://openwall.com/lists/oss-security/2009/01/09/1http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implementhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:051http://security.gentoo.org/glsa/glsa-200903-28.xmlhttp://secunia.com/advisories/34320http://secunia.com/advisories/34388http://www.debian.org/security/2009/dsa-1750https://exchange.xforce.ibmcloud.com/vulnerabilities/48128https://usn.ubuntu.com/730-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook