ID CVE-2008-6218
Summary Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
References
Vulnerable Configurations
  • libpng 1.2.0
    cpe:2.3:a:libpng:libpng:1.2.0
  • cpe:2.3:a:libpng:libpng:1.2.0:beta1
    cpe:2.3:a:libpng:libpng:1.2.0:beta1
  • cpe:2.3:a:libpng:libpng:1.2.0:beta2
    cpe:2.3:a:libpng:libpng:1.2.0:beta2
  • cpe:2.3:a:libpng:libpng:1.2.0:beta3
    cpe:2.3:a:libpng:libpng:1.2.0:beta3
  • cpe:2.3:a:libpng:libpng:1.2.0:beta4
    cpe:2.3:a:libpng:libpng:1.2.0:beta4
  • cpe:2.3:a:libpng:libpng:1.2.0:beta5
    cpe:2.3:a:libpng:libpng:1.2.0:beta5
  • cpe:2.3:a:libpng:libpng:1.2.0:rc1
    cpe:2.3:a:libpng:libpng:1.2.0:rc1
  • libpng 1.2.1
    cpe:2.3:a:libpng:libpng:1.2.1
  • cpe:2.3:a:libpng:libpng:1.2.1:beta1
    cpe:2.3:a:libpng:libpng:1.2.1:beta1
  • cpe:2.3:a:libpng:libpng:1.2.1:beta2
    cpe:2.3:a:libpng:libpng:1.2.1:beta2
  • cpe:2.3:a:libpng:libpng:1.2.1:beta3
    cpe:2.3:a:libpng:libpng:1.2.1:beta3
  • cpe:2.3:a:libpng:libpng:1.2.1:beta4
    cpe:2.3:a:libpng:libpng:1.2.1:beta4
  • cpe:2.3:a:libpng:libpng:1.2.1:rc1
    cpe:2.3:a:libpng:libpng:1.2.1:rc1
  • cpe:2.3:a:libpng:libpng:1.2.1:rc2
    cpe:2.3:a:libpng:libpng:1.2.1:rc2
  • libpng 1.2.2
    cpe:2.3:a:libpng:libpng:1.2.2
  • cpe:2.3:a:libpng:libpng:1.2.2:beta1
    cpe:2.3:a:libpng:libpng:1.2.2:beta1
  • cpe:2.3:a:libpng:libpng:1.2.2:beta2
    cpe:2.3:a:libpng:libpng:1.2.2:beta2
  • cpe:2.3:a:libpng:libpng:1.2.2:beta3
    cpe:2.3:a:libpng:libpng:1.2.2:beta3
  • cpe:2.3:a:libpng:libpng:1.2.2:beta4
    cpe:2.3:a:libpng:libpng:1.2.2:beta4
  • cpe:2.3:a:libpng:libpng:1.2.2:beta5
    cpe:2.3:a:libpng:libpng:1.2.2:beta5
  • cpe:2.3:a:libpng:libpng:1.2.2:beta6
    cpe:2.3:a:libpng:libpng:1.2.2:beta6
  • cpe:2.3:a:libpng:libpng:1.2.2:rc1
    cpe:2.3:a:libpng:libpng:1.2.2:rc1
  • libpng 1.2.3
    cpe:2.3:a:libpng:libpng:1.2.3
  • cpe:2.3:a:libpng:libpng:1.2.3:rc1
    cpe:2.3:a:libpng:libpng:1.2.3:rc1
  • cpe:2.3:a:libpng:libpng:1.2.3:rc2
    cpe:2.3:a:libpng:libpng:1.2.3:rc2
  • cpe:2.3:a:libpng:libpng:1.2.3:rc3
    cpe:2.3:a:libpng:libpng:1.2.3:rc3
  • cpe:2.3:a:libpng:libpng:1.2.3:rc4
    cpe:2.3:a:libpng:libpng:1.2.3:rc4
  • cpe:2.3:a:libpng:libpng:1.2.3:rc5
    cpe:2.3:a:libpng:libpng:1.2.3:rc5
  • cpe:2.3:a:libpng:libpng:1.2.3:rc6
    cpe:2.3:a:libpng:libpng:1.2.3:rc6
  • libpng 1.2.4
    cpe:2.3:a:libpng:libpng:1.2.4
  • cpe:2.3:a:libpng:libpng:1.2.4:beta1
    cpe:2.3:a:libpng:libpng:1.2.4:beta1
  • cpe:2.3:a:libpng:libpng:1.2.4:beta2
    cpe:2.3:a:libpng:libpng:1.2.4:beta2
  • cpe:2.3:a:libpng:libpng:1.2.4:beta3
    cpe:2.3:a:libpng:libpng:1.2.4:beta3
  • cpe:2.3:a:libpng:libpng:1.2.4:rc1
    cpe:2.3:a:libpng:libpng:1.2.4:rc1
  • libpng 1.2.5
    cpe:2.3:a:libpng:libpng:1.2.5
  • cpe:2.3:a:libpng:libpng:1.2.5:beta1
    cpe:2.3:a:libpng:libpng:1.2.5:beta1
  • cpe:2.3:a:libpng:libpng:1.2.5:beta2
    cpe:2.3:a:libpng:libpng:1.2.5:beta2
  • cpe:2.3:a:libpng:libpng:1.2.5:beta3
    cpe:2.3:a:libpng:libpng:1.2.5:beta3
  • cpe:2.3:a:libpng:libpng:1.2.5:rc1
    cpe:2.3:a:libpng:libpng:1.2.5:rc1
  • cpe:2.3:a:libpng:libpng:1.2.5:rc2
    cpe:2.3:a:libpng:libpng:1.2.5:rc2
  • cpe:2.3:a:libpng:libpng:1.2.5:rc3
    cpe:2.3:a:libpng:libpng:1.2.5:rc3
  • libpng 1.2.6
    cpe:2.3:a:libpng:libpng:1.2.6
  • cpe:2.3:a:libpng:libpng:1.2.6:beta1
    cpe:2.3:a:libpng:libpng:1.2.6:beta1
  • cpe:2.3:a:libpng:libpng:1.2.6:beta2
    cpe:2.3:a:libpng:libpng:1.2.6:beta2
  • cpe:2.3:a:libpng:libpng:1.2.6:beta3
    cpe:2.3:a:libpng:libpng:1.2.6:beta3
  • cpe:2.3:a:libpng:libpng:1.2.6:beta4
    cpe:2.3:a:libpng:libpng:1.2.6:beta4
  • cpe:2.3:a:libpng:libpng:1.2.6:rc1
    cpe:2.3:a:libpng:libpng:1.2.6:rc1
  • cpe:2.3:a:libpng:libpng:1.2.6:rc2
    cpe:2.3:a:libpng:libpng:1.2.6:rc2
  • cpe:2.3:a:libpng:libpng:1.2.6:rc3
    cpe:2.3:a:libpng:libpng:1.2.6:rc3
  • cpe:2.3:a:libpng:libpng:1.2.6:rc4
    cpe:2.3:a:libpng:libpng:1.2.6:rc4
  • cpe:2.3:a:libpng:libpng:1.2.6:rc5
    cpe:2.3:a:libpng:libpng:1.2.6:rc5
  • libpng 1.2.7
    cpe:2.3:a:libpng:libpng:1.2.7
  • cpe:2.3:a:libpng:libpng:1.2.7:beta1
    cpe:2.3:a:libpng:libpng:1.2.7:beta1
  • cpe:2.3:a:libpng:libpng:1.2.7:beta2
    cpe:2.3:a:libpng:libpng:1.2.7:beta2
  • libpng 1.2.8
    cpe:2.3:a:libpng:libpng:1.2.8
  • cpe:2.3:a:libpng:libpng:1.2.8:beta1
    cpe:2.3:a:libpng:libpng:1.2.8:beta1
  • cpe:2.3:a:libpng:libpng:1.2.8:beta2
    cpe:2.3:a:libpng:libpng:1.2.8:beta2
  • cpe:2.3:a:libpng:libpng:1.2.8:beta3
    cpe:2.3:a:libpng:libpng:1.2.8:beta3
  • cpe:2.3:a:libpng:libpng:1.2.8:beta4
    cpe:2.3:a:libpng:libpng:1.2.8:beta4
  • cpe:2.3:a:libpng:libpng:1.2.8:beta5
    cpe:2.3:a:libpng:libpng:1.2.8:beta5
  • cpe:2.3:a:libpng:libpng:1.2.8:rc1
    cpe:2.3:a:libpng:libpng:1.2.8:rc1
  • cpe:2.3:a:libpng:libpng:1.2.8:rc2
    cpe:2.3:a:libpng:libpng:1.2.8:rc2
  • cpe:2.3:a:libpng:libpng:1.2.8:rc3
    cpe:2.3:a:libpng:libpng:1.2.8:rc3
  • cpe:2.3:a:libpng:libpng:1.2.8:rc4
    cpe:2.3:a:libpng:libpng:1.2.8:rc4
  • cpe:2.3:a:libpng:libpng:1.2.8:rc5
    cpe:2.3:a:libpng:libpng:1.2.8:rc5
  • libpng 1.2.9
    cpe:2.3:a:libpng:libpng:1.2.9
  • cpe:2.3:a:libpng:libpng:1.2.9:beta1
    cpe:2.3:a:libpng:libpng:1.2.9:beta1
  • cpe:2.3:a:libpng:libpng:1.2.9:beta10
    cpe:2.3:a:libpng:libpng:1.2.9:beta10
  • cpe:2.3:a:libpng:libpng:1.2.9:beta2
    cpe:2.3:a:libpng:libpng:1.2.9:beta2
  • cpe:2.3:a:libpng:libpng:1.2.9:beta3
    cpe:2.3:a:libpng:libpng:1.2.9:beta3
  • cpe:2.3:a:libpng:libpng:1.2.9:beta4
    cpe:2.3:a:libpng:libpng:1.2.9:beta4
  • cpe:2.3:a:libpng:libpng:1.2.9:beta5
    cpe:2.3:a:libpng:libpng:1.2.9:beta5
  • cpe:2.3:a:libpng:libpng:1.2.9:beta6
    cpe:2.3:a:libpng:libpng:1.2.9:beta6
  • cpe:2.3:a:libpng:libpng:1.2.9:beta7
    cpe:2.3:a:libpng:libpng:1.2.9:beta7
  • cpe:2.3:a:libpng:libpng:1.2.9:beta8
    cpe:2.3:a:libpng:libpng:1.2.9:beta8
  • cpe:2.3:a:libpng:libpng:1.2.9:beta9
    cpe:2.3:a:libpng:libpng:1.2.9:beta9
  • cpe:2.3:a:libpng:libpng:1.2.9:rc1
    cpe:2.3:a:libpng:libpng:1.2.9:rc1
  • libpng 1.2.10
    cpe:2.3:a:libpng:libpng:1.2.10
  • cpe:2.3:a:libpng:libpng:1.2.10:beta1
    cpe:2.3:a:libpng:libpng:1.2.10:beta1
  • cpe:2.3:a:libpng:libpng:1.2.10:beta2
    cpe:2.3:a:libpng:libpng:1.2.10:beta2
  • cpe:2.3:a:libpng:libpng:1.2.10:beta3
    cpe:2.3:a:libpng:libpng:1.2.10:beta3
  • cpe:2.3:a:libpng:libpng:1.2.10:beta4
    cpe:2.3:a:libpng:libpng:1.2.10:beta4
  • cpe:2.3:a:libpng:libpng:1.2.10:beta5
    cpe:2.3:a:libpng:libpng:1.2.10:beta5
  • cpe:2.3:a:libpng:libpng:1.2.10:beta6
    cpe:2.3:a:libpng:libpng:1.2.10:beta6
  • cpe:2.3:a:libpng:libpng:1.2.10:beta7
    cpe:2.3:a:libpng:libpng:1.2.10:beta7
  • cpe:2.3:a:libpng:libpng:1.2.10:rc1
    cpe:2.3:a:libpng:libpng:1.2.10:rc1
  • cpe:2.3:a:libpng:libpng:1.2.10:rc2
    cpe:2.3:a:libpng:libpng:1.2.10:rc2
  • cpe:2.3:a:libpng:libpng:1.2.10:rc3
    cpe:2.3:a:libpng:libpng:1.2.10:rc3
  • libpng 1.2.11
    cpe:2.3:a:libpng:libpng:1.2.11
  • cpe:2.3:a:libpng:libpng:1.2.11:beta1
    cpe:2.3:a:libpng:libpng:1.2.11:beta1
  • cpe:2.3:a:libpng:libpng:1.2.11:beta2
    cpe:2.3:a:libpng:libpng:1.2.11:beta2
  • cpe:2.3:a:libpng:libpng:1.2.11:beta3
    cpe:2.3:a:libpng:libpng:1.2.11:beta3
  • cpe:2.3:a:libpng:libpng:1.2.11:beta4
    cpe:2.3:a:libpng:libpng:1.2.11:beta4
  • cpe:2.3:a:libpng:libpng:1.2.11:rc1
    cpe:2.3:a:libpng:libpng:1.2.11:rc1
  • cpe:2.3:a:libpng:libpng:1.2.11:rc2
    cpe:2.3:a:libpng:libpng:1.2.11:rc2
  • cpe:2.3:a:libpng:libpng:1.2.11:rc3
    cpe:2.3:a:libpng:libpng:1.2.11:rc3
  • cpe:2.3:a:libpng:libpng:1.2.11:rc5
    cpe:2.3:a:libpng:libpng:1.2.11:rc5
  • libpng 1.2.13
    cpe:2.3:a:libpng:libpng:1.2.13
  • cpe:2.3:a:libpng:libpng:1.2.13:beta1
    cpe:2.3:a:libpng:libpng:1.2.13:beta1
  • cpe:2.3:a:libpng:libpng:1.2.13:rc1
    cpe:2.3:a:libpng:libpng:1.2.13:rc1
  • cpe:2.3:a:libpng:libpng:1.2.13:rc2
    cpe:2.3:a:libpng:libpng:1.2.13:rc2
  • libpng 1.2.14
    cpe:2.3:a:libpng:libpng:1.2.14
  • cpe:2.3:a:libpng:libpng:1.2.14:beta1
    cpe:2.3:a:libpng:libpng:1.2.14:beta1
  • cpe:2.3:a:libpng:libpng:1.2.14:beta2
    cpe:2.3:a:libpng:libpng:1.2.14:beta2
  • cpe:2.3:a:libpng:libpng:1.2.14:rc1
    cpe:2.3:a:libpng:libpng:1.2.14:rc1
  • libpng 1.2.15
    cpe:2.3:a:libpng:libpng:1.2.15
  • cpe:2.3:a:libpng:libpng:1.2.15:beta1
    cpe:2.3:a:libpng:libpng:1.2.15:beta1
  • cpe:2.3:a:libpng:libpng:1.2.15:beta2
    cpe:2.3:a:libpng:libpng:1.2.15:beta2
  • cpe:2.3:a:libpng:libpng:1.2.15:beta3
    cpe:2.3:a:libpng:libpng:1.2.15:beta3
  • cpe:2.3:a:libpng:libpng:1.2.15:beta4
    cpe:2.3:a:libpng:libpng:1.2.15:beta4
  • cpe:2.3:a:libpng:libpng:1.2.15:beta5
    cpe:2.3:a:libpng:libpng:1.2.15:beta5
  • cpe:2.3:a:libpng:libpng:1.2.15:beta6
    cpe:2.3:a:libpng:libpng:1.2.15:beta6
  • cpe:2.3:a:libpng:libpng:1.2.15:rc1
    cpe:2.3:a:libpng:libpng:1.2.15:rc1
  • cpe:2.3:a:libpng:libpng:1.2.15:rc2
    cpe:2.3:a:libpng:libpng:1.2.15:rc2
  • cpe:2.3:a:libpng:libpng:1.2.15:rc3
    cpe:2.3:a:libpng:libpng:1.2.15:rc3
  • cpe:2.3:a:libpng:libpng:1.2.15:rc4
    cpe:2.3:a:libpng:libpng:1.2.15:rc4
  • cpe:2.3:a:libpng:libpng:1.2.15:rc5
    cpe:2.3:a:libpng:libpng:1.2.15:rc5
  • libpng 1.2.16
    cpe:2.3:a:libpng:libpng:1.2.16
  • cpe:2.3:a:libpng:libpng:1.2.16:beta1
    cpe:2.3:a:libpng:libpng:1.2.16:beta1
  • cpe:2.3:a:libpng:libpng:1.2.16:beta2
    cpe:2.3:a:libpng:libpng:1.2.16:beta2
  • cpe:2.3:a:libpng:libpng:1.2.16:rc1
    cpe:2.3:a:libpng:libpng:1.2.16:rc1
  • libpng 1.2.17
    cpe:2.3:a:libpng:libpng:1.2.17
  • cpe:2.3:a:libpng:libpng:1.2.17:beta1
    cpe:2.3:a:libpng:libpng:1.2.17:beta1
  • cpe:2.3:a:libpng:libpng:1.2.17:beta2
    cpe:2.3:a:libpng:libpng:1.2.17:beta2
  • cpe:2.3:a:libpng:libpng:1.2.17:rc1
    cpe:2.3:a:libpng:libpng:1.2.17:rc1
  • cpe:2.3:a:libpng:libpng:1.2.17:rc2
    cpe:2.3:a:libpng:libpng:1.2.17:rc2
  • cpe:2.3:a:libpng:libpng:1.2.17:rc3
    cpe:2.3:a:libpng:libpng:1.2.17:rc3
  • cpe:2.3:a:libpng:libpng:1.2.17:rc4
    cpe:2.3:a:libpng:libpng:1.2.17:rc4
  • libpng 1.2.18
    cpe:2.3:a:libpng:libpng:1.2.18
  • libpng 1.2.19
    cpe:2.3:a:libpng:libpng:1.2.19
  • cpe:2.3:a:libpng:libpng:1.2.19:beta1
    cpe:2.3:a:libpng:libpng:1.2.19:beta1
  • cpe:2.3:a:libpng:libpng:1.2.19:beta10
    cpe:2.3:a:libpng:libpng:1.2.19:beta10
  • cpe:2.3:a:libpng:libpng:1.2.19:beta11
    cpe:2.3:a:libpng:libpng:1.2.19:beta11
  • cpe:2.3:a:libpng:libpng:1.2.19:beta12
    cpe:2.3:a:libpng:libpng:1.2.19:beta12
  • cpe:2.3:a:libpng:libpng:1.2.19:beta13
    cpe:2.3:a:libpng:libpng:1.2.19:beta13
  • cpe:2.3:a:libpng:libpng:1.2.19:beta14
    cpe:2.3:a:libpng:libpng:1.2.19:beta14
  • cpe:2.3:a:libpng:libpng:1.2.19:beta15
    cpe:2.3:a:libpng:libpng:1.2.19:beta15
  • cpe:2.3:a:libpng:libpng:1.2.19:beta16
    cpe:2.3:a:libpng:libpng:1.2.19:beta16
  • cpe:2.3:a:libpng:libpng:1.2.19:beta17
    cpe:2.3:a:libpng:libpng:1.2.19:beta17
  • cpe:2.3:a:libpng:libpng:1.2.19:beta18
    cpe:2.3:a:libpng:libpng:1.2.19:beta18
  • cpe:2.3:a:libpng:libpng:1.2.19:beta19
    cpe:2.3:a:libpng:libpng:1.2.19:beta19
  • cpe:2.3:a:libpng:libpng:1.2.19:beta2
    cpe:2.3:a:libpng:libpng:1.2.19:beta2
  • cpe:2.3:a:libpng:libpng:1.2.19:beta20
    cpe:2.3:a:libpng:libpng:1.2.19:beta20
  • cpe:2.3:a:libpng:libpng:1.2.19:beta21
    cpe:2.3:a:libpng:libpng:1.2.19:beta21
  • cpe:2.3:a:libpng:libpng:1.2.19:beta22
    cpe:2.3:a:libpng:libpng:1.2.19:beta22
  • cpe:2.3:a:libpng:libpng:1.2.19:beta23
    cpe:2.3:a:libpng:libpng:1.2.19:beta23
  • cpe:2.3:a:libpng:libpng:1.2.19:beta24
    cpe:2.3:a:libpng:libpng:1.2.19:beta24
  • cpe:2.3:a:libpng:libpng:1.2.19:beta25
    cpe:2.3:a:libpng:libpng:1.2.19:beta25
  • cpe:2.3:a:libpng:libpng:1.2.19:beta26
    cpe:2.3:a:libpng:libpng:1.2.19:beta26
  • cpe:2.3:a:libpng:libpng:1.2.19:beta27
    cpe:2.3:a:libpng:libpng:1.2.19:beta27
  • cpe:2.3:a:libpng:libpng:1.2.19:beta28
    cpe:2.3:a:libpng:libpng:1.2.19:beta28
  • cpe:2.3:a:libpng:libpng:1.2.19:beta29
    cpe:2.3:a:libpng:libpng:1.2.19:beta29
  • cpe:2.3:a:libpng:libpng:1.2.19:beta3
    cpe:2.3:a:libpng:libpng:1.2.19:beta3
  • cpe:2.3:a:libpng:libpng:1.2.19:beta30
    cpe:2.3:a:libpng:libpng:1.2.19:beta30
  • cpe:2.3:a:libpng:libpng:1.2.19:beta31
    cpe:2.3:a:libpng:libpng:1.2.19:beta31
  • cpe:2.3:a:libpng:libpng:1.2.19:beta32
    cpe:2.3:a:libpng:libpng:1.2.19:beta32
  • cpe:2.3:a:libpng:libpng:1.2.19:beta33
    cpe:2.3:a:libpng:libpng:1.2.19:beta33
  • cpe:2.3:a:libpng:libpng:1.2.19:beta4
    cpe:2.3:a:libpng:libpng:1.2.19:beta4
  • cpe:2.3:a:libpng:libpng:1.2.19:beta5
    cpe:2.3:a:libpng:libpng:1.2.19:beta5
  • cpe:2.3:a:libpng:libpng:1.2.19:beta6
    cpe:2.3:a:libpng:libpng:1.2.19:beta6
  • cpe:2.3:a:libpng:libpng:1.2.19:beta7
    cpe:2.3:a:libpng:libpng:1.2.19:beta7
  • cpe:2.3:a:libpng:libpng:1.2.19:beta8
    cpe:2.3:a:libpng:libpng:1.2.19:beta8
  • cpe:2.3:a:libpng:libpng:1.2.19:beta9
    cpe:2.3:a:libpng:libpng:1.2.19:beta9
  • cpe:2.3:a:libpng:libpng:1.2.19:rc1
    cpe:2.3:a:libpng:libpng:1.2.19:rc1
  • cpe:2.3:a:libpng:libpng:1.2.19:rc2
    cpe:2.3:a:libpng:libpng:1.2.19:rc2
  • cpe:2.3:a:libpng:libpng:1.2.19:rc3
    cpe:2.3:a:libpng:libpng:1.2.19:rc3
  • cpe:2.3:a:libpng:libpng:1.2.19:rc4
    cpe:2.3:a:libpng:libpng:1.2.19:rc4
  • cpe:2.3:a:libpng:libpng:1.2.19:rc5
    cpe:2.3:a:libpng:libpng:1.2.19:rc5
  • cpe:2.3:a:libpng:libpng:1.2.19:rc6
    cpe:2.3:a:libpng:libpng:1.2.19:rc6
  • libpng 1.2.20
    cpe:2.3:a:libpng:libpng:1.2.20
  • cpe:2.3:a:libpng:libpng:1.2.20:beta01
    cpe:2.3:a:libpng:libpng:1.2.20:beta01
  • cpe:2.3:a:libpng:libpng:1.2.20:beta02
    cpe:2.3:a:libpng:libpng:1.2.20:beta02
  • cpe:2.3:a:libpng:libpng:1.2.20:beta03
    cpe:2.3:a:libpng:libpng:1.2.20:beta03
  • cpe:2.3:a:libpng:libpng:1.2.20:beta04
    cpe:2.3:a:libpng:libpng:1.2.20:beta04
  • cpe:2.3:a:libpng:libpng:1.2.20:rc1
    cpe:2.3:a:libpng:libpng:1.2.20:rc1
  • cpe:2.3:a:libpng:libpng:1.2.20:rc2
    cpe:2.3:a:libpng:libpng:1.2.20:rc2
  • cpe:2.3:a:libpng:libpng:1.2.20:rc3
    cpe:2.3:a:libpng:libpng:1.2.20:rc3
  • cpe:2.3:a:libpng:libpng:1.2.20:rc4
    cpe:2.3:a:libpng:libpng:1.2.20:rc4
  • cpe:2.3:a:libpng:libpng:1.2.20:rc5
    cpe:2.3:a:libpng:libpng:1.2.20:rc5
  • cpe:2.3:a:libpng:libpng:1.2.20:rc6
    cpe:2.3:a:libpng:libpng:1.2.20:rc6
  • libpng 1.2.21
    cpe:2.3:a:libpng:libpng:1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.21:beta1
    cpe:2.3:a:libpng:libpng:1.2.21:beta1
  • cpe:2.3:a:libpng:libpng:1.2.21:beta2
    cpe:2.3:a:libpng:libpng:1.2.21:beta2
  • cpe:2.3:a:libpng:libpng:1.2.21:rc1
    cpe:2.3:a:libpng:libpng:1.2.21:rc1
  • cpe:2.3:a:libpng:libpng:1.2.21:rc2
    cpe:2.3:a:libpng:libpng:1.2.21:rc2
  • cpe:2.3:a:libpng:libpng:1.2.21:rc3
    cpe:2.3:a:libpng:libpng:1.2.21:rc3
  • libpng 1.2.22
    cpe:2.3:a:libpng:libpng:1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.22:beta1
    cpe:2.3:a:libpng:libpng:1.2.22:beta1
  • cpe:2.3:a:libpng:libpng:1.2.22:beta2
    cpe:2.3:a:libpng:libpng:1.2.22:beta2
  • cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21
    cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.22:beta3
    cpe:2.3:a:libpng:libpng:1.2.22:beta3
  • cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21
    cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.22:beta4
    cpe:2.3:a:libpng:libpng:1.2.22:beta4
  • cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21
    cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.22:rc1
    cpe:2.3:a:libpng:libpng:1.2.22:rc1
  • cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21
    cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21
  • libpng 1.2.23
    cpe:2.3:a:libpng:libpng:1.2.23
  • cpe:2.3:a:libpng:libpng:1.2.23:beta01
    cpe:2.3:a:libpng:libpng:1.2.23:beta01
  • cpe:2.3:a:libpng:libpng:1.2.23:beta01-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta01-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta02
    cpe:2.3:a:libpng:libpng:1.2.23:beta02
  • cpe:2.3:a:libpng:libpng:1.2.23:beta02-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta02-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta03
    cpe:2.3:a:libpng:libpng:1.2.23:beta03
  • cpe:2.3:a:libpng:libpng:1.2.23:beta03-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta03-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta04
    cpe:2.3:a:libpng:libpng:1.2.23:beta04
  • cpe:2.3:a:libpng:libpng:1.2.23:beta04-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta04-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta05
    cpe:2.3:a:libpng:libpng:1.2.23:beta05
  • cpe:2.3:a:libpng:libpng:1.2.23:beta05-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta05-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:rc01
    cpe:2.3:a:libpng:libpng:1.2.23:rc01
  • cpe:2.3:a:libpng:libpng:1.2.23:rc01-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:rc01-1.2.22
  • libpng 1.2.24
    cpe:2.3:a:libpng:libpng:1.2.24
  • cpe:2.3:a:libpng:libpng:1.2.24:beta01
    cpe:2.3:a:libpng:libpng:1.2.24:beta01
  • cpe:2.3:a:libpng:libpng:1.2.24:beta01-1.2.23
    cpe:2.3:a:libpng:libpng:1.2.24:beta01-1.2.23
  • cpe:2.3:a:libpng:libpng:1.2.24:beta02
    cpe:2.3:a:libpng:libpng:1.2.24:beta02
  • cpe:2.3:a:libpng:libpng:1.2.24:beta02-1.2.23
    cpe:2.3:a:libpng:libpng:1.2.24:beta02-1.2.23
  • cpe:2.3:a:libpng:libpng:1.2.24:beta03
    cpe:2.3:a:libpng:libpng:1.2.24:beta03
  • cpe:2.3:a:libpng:libpng:1.2.24:beta03-1.2.23
    cpe:2.3:a:libpng:libpng:1.2.24:beta03-1.2.23
  • cpe:2.3:a:libpng:libpng:1.2.24:rc01
    cpe:2.3:a:libpng:libpng:1.2.24:rc01
  • cpe:2.3:a:libpng:libpng:1.2.24:rc01-1.2.23
    cpe:2.3:a:libpng:libpng:1.2.24:rc01-1.2.23
  • libpng 1.2.25
    cpe:2.3:a:libpng:libpng:1.2.25
  • cpe:2.3:a:libpng:libpng:1.2.25:beta01
    cpe:2.3:a:libpng:libpng:1.2.25:beta01
  • cpe:2.3:a:libpng:libpng:1.2.25:beta02
    cpe:2.3:a:libpng:libpng:1.2.25:beta02
  • cpe:2.3:a:libpng:libpng:1.2.25:beta03
    cpe:2.3:a:libpng:libpng:1.2.25:beta03
  • cpe:2.3:a:libpng:libpng:1.2.25:beta04
    cpe:2.3:a:libpng:libpng:1.2.25:beta04
  • cpe:2.3:a:libpng:libpng:1.2.25:beta05
    cpe:2.3:a:libpng:libpng:1.2.25:beta05
  • cpe:2.3:a:libpng:libpng:1.2.25:beta06
    cpe:2.3:a:libpng:libpng:1.2.25:beta06
  • cpe:2.3:a:libpng:libpng:1.2.25:rc01
    cpe:2.3:a:libpng:libpng:1.2.25:rc01
  • cpe:2.3:a:libpng:libpng:1.2.25:rc02
    cpe:2.3:a:libpng:libpng:1.2.25:rc02
  • libpng 1.2.26
    cpe:2.3:a:libpng:libpng:1.2.26
  • cpe:2.3:a:libpng:libpng:1.2.26:beta01
    cpe:2.3:a:libpng:libpng:1.2.26:beta01
  • cpe:2.3:a:libpng:libpng:1.2.26:beta02
    cpe:2.3:a:libpng:libpng:1.2.26:beta02
  • cpe:2.3:a:libpng:libpng:1.2.26:beta03
    cpe:2.3:a:libpng:libpng:1.2.26:beta03
  • cpe:2.3:a:libpng:libpng:1.2.26:beta04
    cpe:2.3:a:libpng:libpng:1.2.26:beta04
  • cpe:2.3:a:libpng:libpng:1.2.26:beta05
    cpe:2.3:a:libpng:libpng:1.2.26:beta05
  • cpe:2.3:a:libpng:libpng:1.2.26:beta06
    cpe:2.3:a:libpng:libpng:1.2.26:beta06
  • cpe:2.3:a:libpng:libpng:1.2.26:rc01
    cpe:2.3:a:libpng:libpng:1.2.26:rc01
  • libpng 1.2.27
    cpe:2.3:a:libpng:libpng:1.2.27
  • libpng 1.2.28
    cpe:2.3:a:libpng:libpng:1.2.28
  • libpng 1.2.29
    cpe:2.3:a:libpng:libpng:1.2.29
  • libpng 1.2.30
    cpe:2.3:a:libpng:libpng:1.2.30
  • libpng 1.2.31
    cpe:2.3:a:libpng:libpng:1.2.31
  • libpng 1.2.32
    cpe:2.3:a:libpng:libpng:1.2.32
  • libpng 1.2.33
    cpe:2.3:a:libpng:libpng:1.2.33
  • cpe:2.3:a:libpng:libpng:1.4.0:beta36
    cpe:2.3:a:libpng:libpng:1.4.0:beta36
CVSS
Base: 7.1 (as of 23-02-2009 - 08:05)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-133.NASL
    description Multiple vulnerabilities has been found and corrected in libpng : Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file (CVE-2008-6218. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row (CVE-2010-1205). Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks (CVE-2010-2249). As a precaution htmldoc has been rebuilt to link against the system libpng library for CS4 and 2008.0. Latest xulrunner and mozilla-thunderbird has been patched as a precaution for 2008.0 wheres on 2009.0 and up the the system libpng library is used instead of the bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is therefore also being provided with this advisory. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48192
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48192
    title Mandriva Linux Security Advisory : libpng (MDVSA-2010:133)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200903-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-200903-28 (libpng: Multiple vulnerabilities) Multiple vulnerabilities were discovered in libpng: A memory leak bug was reported in png_handle_tEXt(), a function that is used while reading PNG images (CVE-2008-6218). A memory overwrite bug was reported by Jon Foster in png_check_keyword(), caused by writing overlong keywords to a PNG file (CVE-2008-5907). A memory corruption issue, caused by an incorrect handling of an out of memory condition has been reported by Tavis Ormandy of the Google Security Team. That vulnerability affects direct uses of png_read_png(), pCAL chunk and 16-bit gamma table handling (CVE-2009-0040). Impact : A remote attacker may execute arbitrary code with the privileges of the user opening a specially crafted PNG file by exploiting the erroneous out-of-memory handling. An attacker may also exploit the png_check_keyword() error to set arbitrary memory locations to 0, if the application allows overlong, user-controlled keywords when writing PNG files. The png_handle_tEXT() vulnerability may be exploited by an attacker to potentially consume all memory on a users system when a specially crafted PNG file is opened. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 35929
    published 2009-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35929
    title GLSA-200903-28 : libpng: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 79961
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79961
    title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-7669.NASL
    description This update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 55897
    published 2011-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55897
    title SuSE 10 Security Update : libpng (ZYPP Patch Number 7669)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-7670.NASL
    description This update of libpng fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 57218
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57218
    title SuSE 10 Security Update : libpng (ZYPP Patch Number 7670)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_LIBPNG12-110802.NASL
    description This update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75911
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75911
    title openSUSE Security Update : libpng12 (libpng12-4947)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1750.NASL
    description Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. - CVE-2007-5269 Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. - CVE-2008-1382 libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length 'unknown' chunks, which trigger an access of uninitialized memory. - CVE-2008-5907 The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. - CVE-2008-6218 A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. - CVE-2009-0040 libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35988
    published 2009-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35988
    title Debian DSA-1750-1 : libpng - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBPNG14-110802.NASL
    description This update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75604
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75604
    title openSUSE Security Update : libpng14 (libpng14-4949)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12815.NASL
    description This update of libpng fixes : - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399). (CVE-2008-6218) - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119). (CVE-2011-2690) - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119). (CVE-2011-2692)
    last seen 2018-09-01
    modified 2016-12-21
    plugin id 55895
    published 2011-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55895
    title SuSE9 Security Update : libpng (YOU Patch Number 12815)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_LIBPNG14-110802.NASL
    description This update of libpng14-14 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75913
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75913
    title openSUSE Security Update : libpng14 (libpng14-4949)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBPNG12-110802.NASL
    description This update of libpng12-0 fixes : - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75603
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75603
    title openSUSE Security Update : libpng12 (libpng12-4947)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBPNG-DEVEL-110802.NASL
    description This update of libpng12-0 fixes : - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399) - unknown (unknown). (CVE-2009-5063: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)) - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError) - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other) - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 55896
    published 2011-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55896
    title SuSE 11.1 Security Update : libpng (SAT Patch Number 4948)
refmap via4
bid 31920
bugtraq 20090312 rPSA-2009-0046-1 libpng
confirm
debian DSA-1750
gentoo GLSA-200903-28
mandriva MDVSA-2010:133
sectrack 1021104
secunia
  • 32418
  • 34265
  • 34320
  • 34388
vupen
  • ADV-2008-2917
  • ADV-2010-1837
xf libpng-pnghandletext-dos(46115)
statements via4
contributor Joshua Bressers
lastmodified 2009-06-03
organization Red Hat
statement Red Hat does not consider this bug a security flaw. For more details please see the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=468990
Last major update 07-03-2011 - 22:15
Published 20-02-2009 - 12:30
Last modified 11-10-2018 - 16:57
Back to Top