ID CVE-2007-5268
Summary pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:6.06:-:-:-:lts
  • Canonical Ubuntu Linux 6.10
    cpe:2.3:o:canonical:ubuntu_linux:6.10
  • Canonical Ubuntu Linux 7.04
    cpe:2.3:o:canonical:ubuntu_linux:7.04
  • Canonical Ubuntu Linux 7.10
    cpe:2.3:o:canonical:ubuntu_linux:7.10
CVSS
Base: 4.3 (as of 10-11-2015 - 10:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79964
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79964
    title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_3.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.3. Mac OS X 10.5.3 contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 32477
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32477
    title Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-003.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-003 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 32478
    published 2008-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32478
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-003)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-08 (libpng: Multiple Denials of Service) An off-by-one error when handling ICC profile chunks in the png_set_iCCP() function was discovered (CVE-2007-5266). George Cook and Jeff Phillips reported several errors in pngrtran.c, the use of logical instead of a bitwise functions and incorrect comparisons (CVE-2007-5268). Tavis Ormandy reported out-of-bounds read errors in several PNG chunk handling functions (CVE-2007-5269). Impact : A remote attacker could craft an image that when processed or viewed by an application using libpng would cause the application to terminate abnormally. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 27825
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27825
    title GLSA-200711-08 : libpng: Multiple Denials of Service
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-325-01.NASL
    description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 28295
    published 2007-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28295
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2007-325-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-09.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jun/15/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107484
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107484
    title Solaris 10 (sparc) : 137080-09
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_172ACF78780C11DCB3F40016179B2DD5.NASL
    description A Secunia Advisory reports : Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency extension, and an incorrect use of sizeof() may be exploited to crash an application using the library. Various out-of-bounds read errors exist within the functions png_handle_pCAL(), png_handle_sCAL(), png_push_read_tEXt(), png_handle_iTXt(), and png_handle_ztXt(), which may be exploited by exploited to crash an application using the library. The vulnerability is caused due to an off-by-one error within the ICC profile chunk handling, which potentially can be exploited to crash an application using the library.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26977
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26977
    title FreeBSD : png -- multiple vulnerabilities (172acf78-780c-11dc-b3f4-0016179b2dd5)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-10.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jul/17/17
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107983
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107983
    title Solaris 10 (x86) : 137081-10
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-09.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jun/15/17
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107982
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107982
    title Solaris 10 (x86) : 137081-09
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-07.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jul/18/12
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107981
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107981
    title Solaris 10 (x86) : 137081-07
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Sep/11/17 This plugin has been deprecated and either replaced with individual 137080 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 31333
    published 2008-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31333
    title Solaris 10 (sparc) : 137080-11 (deprecated)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-217.NASL
    description Multiple vulnerabilities were discovered in libpng : An off-by-one error when handling ICC profile chunks in the png_set_iCCP() function (CVE-2007-5266; only affects Mandriva Linux 2008.0). George Cook and Jeff Phillips reported several errors in pngrtran.c, such as the use of logical instead of bitwise functions and incorrect comparisons (CVE-2007-5268; only affects Mandriva Linux 2008.0). Tavis Ormandy reported out-of-bounds read errors in several PNG chunk handling functions (CVE-2007-5269). Updated packages have been patched to correct these issues. For Mandriva Linux 2008.0, libpng 1.2.22 is being provided which corrects all three issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 28200
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28200
    title Mandrake Linux Security Advisory : libpng (MDKSA-2007:217)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-730-1.NASL
    description It was discovered that libpng did not properly perform bounds checking in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng. This issue only affected Ubuntu 8.04 LTS. (CVE-2007-5268, CVE-2007-5269) Tavis Ormandy discovered that libpng did not properly initialize memory. If a user or automated system were tricked into opening a crafted PNG image, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue did not affect Ubuntu 8.10. (CVE-2008-1382) Harald van Dijk discovered an off-by-one error in libpng. An attacker could could cause an application crash in programs using pngtest. (CVE-2008-3964) It was discovered that libpng did not properly NULL terminate a keyword string. An attacker could exploit this to set arbitrary memory locations to zero. (CVE-2008-5907) Glenn Randers-Pehrson discovered that libpng did not properly initialize pointers. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0040). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 37042
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37042
    title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libpng vulnerabilities (USN-730-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-538-1.NASL
    description It was discovered that libpng did not properly perform bounds checking and comparisons in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28145
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28145
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libpng vulnerabilities (USN-538-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-07.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jul/18/12
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107483
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107483
    title Solaris 10 (sparc) : 137080-07
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-325-01A.NASL
    description New libpng packages are available for Slackware 10.1 and 10.2 that were left out of the last batch of updates. These fix the same security problems as the other 1.2.23 upgrades. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
    last seen 2016-09-26
    modified 2011-05-28
    plugin id 28296
    published 2007-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28296
    title SSA-2007-325-01a libpng for Slackware 10.1 and 10.2
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-10.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jul/17/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107485
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107485
    title Solaris 10 (sparc) : 137080-10
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Sep/11/17 This plugin has been deprecated and either replaced with individual 137081 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 31337
    published 2008-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31337
    title Solaris 10 (x86) : 137081-11 (deprecated)
packetstorm via4
data source https://packetstormsecurity.com/files/download/64260/CORE-2008-0124.txt
id PACKETSTORM:64260
last seen 2016-12-05
published 2008-03-04
reporter Core Security Technologies
source https://packetstormsecurity.com/files/64260/Core-Security-Technologies-Advisory-2008.0124.html
title Core Security Technologies Advisory 2008.0124
refmap via4
apple
  • APPLE-SA-2008-03-18
  • APPLE-SA-2008-05-28
bid 25956
bugtraq
  • 20071112 FLEA-2007-0065-1 libpng
  • 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
cert TA08-150A
confirm
gentoo
  • GLSA-200711-08
  • GLSA-200805-07
mandriva MDKSA-2007:217
misc http://www.coresecurity.com/?action=item&id=2148
mlist
  • [png-mng-implement] 20070911 FW: Compiler warnings for pngrtran.c
  • [png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1
  • [png-mng-implement] 20071004 Libpng-1.2.21 and libpng-1.0.29 released
secunia
  • 27093
  • 27284
  • 27405
  • 27529
  • 27629
  • 27746
  • 29420
  • 30161
  • 30430
  • 35302
  • 35386
slackware SSA:2007-325-01
sunalert
  • 1020521
  • 259989
ubuntu USN-538-1
vupen
  • ADV-2007-3390
  • ADV-2008-0924
  • ADV-2008-1697
  • ADV-2009-1462
  • ADV-2009-1560
statements via4
contributor Mark J Cox
lastmodified 2007-10-16
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 10-11-2015 - 11:40
Published 08-10-2007 - 17:17
Last modified 26-10-2018 - 10:11
Back to Top