ID CVE-2007-2445
Summary The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
References
Vulnerable Configurations
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • cpe:2.3:a:png_reference_library:libpng:1.0.15
    cpe:2.3:a:png_reference_library:libpng:1.0.15
  • cpe:2.3:a:png_reference_library:libpng:1.2.16
    cpe:2.3:a:png_reference_library:libpng:1.2.16
CVSS
Base: 5.0 (as of 10-11-2015 - 11:01)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79964
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79964
    title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1613.NASL
    description Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (crash), if a maliciously crafted image is loaded into an application using libgd. - CVE-2007-3476 An array indexing error in libgd's GIF handling could induce a denial of service (crash with heap corruption) if exceptionally large color index values are supplied in a maliciously crafted GIF image file. - CVE-2007-3477 The imagearc() and imagefilledarc() routines in libgd allow an attacker in control of the parameters used to specify the degrees of arc for those drawing functions to perform a denial of service attack (excessive CPU consumption). - CVE-2007-3996 Multiple integer overflows exist in libgd's image resizing and creation routines; these weaknesses allow an attacker in control of the parameters passed to those routines to induce a crash or execute arbitrary code with the privileges of the user running an application or interpreter linked against libgd2.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33552
    published 2008-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33552
    title Debian DSA-1613-1 : libgd2 - multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070517_LIBPNG_ON_SL5_X.NASL
    description A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60184
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60184
    title Scientific Linux Security Update : libpng on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-136-01.NASL
    description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 25253
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25253
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2007-136-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_139382.NASL
    description GNOME 2.0.2: libpng Patch. Date this patch was last updated by Sun : Oct/03/08
    last seen 2016-09-26
    modified 2008-10-17
    plugin id 34435
    published 2008-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34435
    title Solaris 5.9 (sparc) : 139382-01
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0356.NASL
    description Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793) Users of libpng should update to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25256
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25256
    title CentOS 3 / 4 / 5 : libpng (CESA-2007:0356)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_114817.NASL
    description GNOME 2.0.0_x86: libpng Patch. Date this patch was last updated by Sun : Mar/19/12
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 23455
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23455
    title Solaris 8 (x86) : 114817-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_114816.NASL
    description GNOME 2.0.0: libpng Patch. Date this patch was last updated by Sun : Mar/19/12
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 23367
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23367
    title Solaris 8 (sparc) : 114816-04
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-3740.NASL
    description Applications using libpng can crash if libpng is ask to process a grayscale image with a malformed (bad CRC) tRNS chunk. (CVE-2007-2445)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29508
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29508
    title SuSE 10 Security Update : libpng (ZYPP Patch Number 3740)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-472-1.NASL
    description It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28073
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28073
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : libpng vulnerability (USN-472-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-3739.NASL
    description Applications using libpng can crash if libpng is ask to process a grayscale image with a malformed (bad CRC) tRNS chunk. (CVE-2007-2445)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27331
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27331
    title openSUSE 10 Security Update : libpng (libpng-3739)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-09.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jun/15/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107484
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107484
    title Solaris 10 (sparc) : 137080-09
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-10.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jul/17/17
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107983
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107983
    title Solaris 10 (x86) : 137081-10
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0004.NASL
    description The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. This update to libpng 1.0.26 resolves this problem. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 62266
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62266
    title Fedora 7 : libpng10-1.0.26-1.fc7.1 (2007-0004)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0356.NASL
    description From Red Hat Security Advisory 2007:0356 : Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793) Users of libpng should update to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67500
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67500
    title Oracle Linux 3 / 4 / 5 : libpng (ELSA-2007-0356)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0356.NASL
    description Updated libpng packages that fix security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793) Users of libpng should update to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25269
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25269
    title RHEL 2.1 / 3 / 4 / 5 : libpng (RHSA-2007:0356)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-3479.NASL
    description Applications using libpng can crash if libpng is ask to process a grayscale image with a malformed (bad CRC) tRNS chunk. (CVE-2007-2445)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27330
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27330
    title openSUSE 10 Security Update : libpng (libpng-3479)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-09.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jun/15/17
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107982
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107982
    title Solaris 10 (x86) : 137081-09
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-116.NASL
    description A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25440
    published 2007-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25440
    title Mandrake Linux Security Advisory : libpng (MDKSA-2007:116)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-07.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jul/18/12
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107981
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107981
    title Solaris 10 (x86) : 137081-07
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Sep/11/17 This plugin has been deprecated and either replaced with individual 137080 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 31333
    published 2008-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31333
    title Solaris 10 (sparc) : 137080-11 (deprecated)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-07.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jul/18/12
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107483
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107483
    title Solaris 10 (sparc) : 137080-07
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1750.NASL
    description Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. - CVE-2007-5269 Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. - CVE-2008-1382 libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length 'unknown' chunks, which trigger an access of uninitialized memory. - CVE-2008-5907 The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. - CVE-2008-6218 A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. - CVE-2009-0040 libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35988
    published 2009-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35988
    title Debian DSA-1750-1 : libpng - several vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-10.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jul/17/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107485
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107485
    title Solaris 10 (sparc) : 137080-10
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4CB9C51303EF11DCA51D0019B95D4F14.NASL
    description A Libpng Security Advisory reports : A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some libpng applications. This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited otherwise.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25261
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25261
    title FreeBSD : png -- DoS crash vulnerability (4cb9c513-03ef-11dc-a51d-0019b95d4f14)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200705-24.NASL
    description The remote host is affected by the vulnerability described in GLSA-200705-24 (libpng: Denial of Service) Mats Palmgren fixed an error in file pngrutil.c in which the trans[] array might be not allocated because of images with a bad tRNS chunk CRC value. Impact : A remote attacker could craft an image that when processed or viewed by an application using libpng causes the application to terminate abnormally. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25383
    published 2007-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25383
    title GLSA-200705-24 : libpng: Denial of Service
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Sep/11/17 This plugin has been deprecated and either replaced with individual 137081 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 31337
    published 2008-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31337
    title Solaris 10 (x86) : 137081-11 (deprecated)
oval via4
accepted 2013-04-29T04:01:34.142-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
family unix
id oval:org.mitre.oval:def:10094
status accepted
submitted 2010-07-09T03:56:16-04:00
title The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
version 25
packetstorm via4
data source https://packetstormsecurity.com/files/download/64260/CORE-2008-0124.txt
id PACKETSTORM:64260
last seen 2016-12-05
published 2008-03-04
reporter Core Security Technologies
source https://packetstormsecurity.com/files/64260/Core-Security-Technologies-Advisory-2008.0124.html
title Core Security Technologies Advisory 2008.0124
redhat via4
advisories
bugzilla
id 239425
title CVE-2007-2445 libpng png_handle_tRNS flaw
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment libpng is earlier than 2:1.2.2-27
          oval oval:com.redhat.rhsa:tst:20070356002
        • comment libpng is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356003
      • AND
        • comment libpng-devel is earlier than 2:1.2.2-27
          oval oval:com.redhat.rhsa:tst:20070356004
        • comment libpng-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356005
      • AND
        • comment libpng10 is earlier than 0:1.0.13-17
          oval oval:com.redhat.rhsa:tst:20070356006
        • comment libpng10 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356007
      • AND
        • comment libpng10-devel is earlier than 0:1.0.13-17
          oval oval:com.redhat.rhsa:tst:20070356008
        • comment libpng10-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356009
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment libpng is earlier than 2:1.2.7-3.el4
          oval oval:com.redhat.rhsa:tst:20070356011
        • comment libpng is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356003
      • AND
        • comment libpng-devel is earlier than 2:1.2.7-3.el4
          oval oval:com.redhat.rhsa:tst:20070356012
        • comment libpng-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356005
      • AND
        • comment libpng10 is earlier than 0:1.0.16-3
          oval oval:com.redhat.rhsa:tst:20070356013
        • comment libpng10 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356007
      • AND
        • comment libpng10-devel is earlier than 0:1.0.16-3
          oval oval:com.redhat.rhsa:tst:20070356014
        • comment libpng10-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356009
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment libpng is earlier than 2:1.2.10-7.0.2
          oval oval:com.redhat.rhsa:tst:20070356016
        • comment libpng is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070356017
      • AND
        • comment libpng-devel is earlier than 2:1.2.10-7.0.2
          oval oval:com.redhat.rhsa:tst:20070356018
        • comment libpng-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070356019
rhsa
id RHSA-2007:0356
released 2007-05-17
severity Moderate
title RHSA-2007:0356: libpng security update (Moderate)
rpms
  • libpng-2:1.2.2-27
  • libpng-devel-2:1.2.2-27
  • libpng10-0:1.0.13-17
  • libpng10-devel-0:1.0.13-17
  • libpng-2:1.2.7-3.el4
  • libpng-devel-2:1.2.7-3.el4
  • libpng10-0:1.0.16-3
  • libpng10-devel-0:1.0.16-3
  • libpng-2:1.2.10-7.0.2
  • libpng-devel-2:1.2.10-7.0.2
refmap via4
apple APPLE-SA-2008-03-18
bid
  • 24000
  • 24023
bugtraq
  • 20070517 FLEA-2007-0018-1: libpng
  • 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
cert-vn VU#684664
confirm
debian
  • DSA-1613
  • DSA-1750
gentoo
  • GLSA-200705-24
  • GLSA-200805-07
mandriva MDKSA-2007:116
misc http://www.coresecurity.com/?action=item&id=2148
openpkg OpenPKG-SA-2007.013
osvdb 36196
sectrack 1018078
secunia
  • 25268
  • 25273
  • 25292
  • 25329
  • 25353
  • 25461
  • 25554
  • 25571
  • 25742
  • 25787
  • 25867
  • 27056
  • 29420
  • 30161
  • 31168
  • 34388
slackware SSA:2007-136-01
sunalert
  • 102987
  • 200871
suse SUSE-SR:2007:013
trustix 2007-0019
ubuntu USN-472-1
vupen
  • ADV-2007-1838
  • ADV-2007-2385
  • ADV-2008-0924
xf libpng-trns-chunk-dos(34340)
Last major update 10-11-2015 - 11:33
Published 16-05-2007 - 18:30
Last modified 16-10-2018 - 12:43
Back to Top