ID |
CVE-2007-2445
|
Summary |
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 (as of 16-10-2018 - 16:43) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
oval
via4
|
accepted | 2013-04-29T04:01:34.142-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | family | unix | id | oval:org.mitre.oval:def:10094 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | version | 31 |
|
redhat
via4
|
advisories | bugzilla | id | 239425 | title | CVE-2007-2445 libpng png_handle_tRNS flaw |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | libpng is earlier than 2:1.2.7-3.el4 | oval | oval:com.redhat.rhsa:tst:20070356001 |
comment | libpng is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060205002 |
|
AND | comment | libpng-devel is earlier than 2:1.2.7-3.el4 | oval | oval:com.redhat.rhsa:tst:20070356003 |
comment | libpng-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060205004 |
|
AND | comment | libpng10 is earlier than 0:1.0.16-3 | oval | oval:com.redhat.rhsa:tst:20070356005 |
comment | libpng10 is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20070356006 |
|
AND | comment | libpng10-devel is earlier than 0:1.0.16-3 | oval | oval:com.redhat.rhsa:tst:20070356007 |
comment | libpng10-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20070356008 |
|
|
|
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
OR | AND | comment | libpng is earlier than 2:1.2.10-7.0.2 | oval | oval:com.redhat.rhsa:tst:20070356010 |
comment | libpng is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20070356011 |
|
AND | comment | libpng-devel is earlier than 2:1.2.10-7.0.2 | oval | oval:com.redhat.rhsa:tst:20070356012 |
comment | libpng-devel is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20070356013 |
|
|
|
|
| rhsa | id | RHSA-2007:0356 | released | 2007-05-17 | severity | Moderate | title | RHSA-2007:0356: libpng security update (Moderate) |
|
| rpms | - libpng-2:1.0.14-10
- libpng-2:1.2.10-7.0.2
- libpng-2:1.2.2-27
- libpng-2:1.2.7-3.el4
- libpng-debuginfo-2:1.2.10-7.0.2
- libpng-debuginfo-2:1.2.2-27
- libpng-debuginfo-2:1.2.7-3.el4
- libpng-devel-2:1.0.14-10
- libpng-devel-2:1.2.10-7.0.2
- libpng-devel-2:1.2.2-27
- libpng-devel-2:1.2.7-3.el4
- libpng10-0:1.0.13-17
- libpng10-0:1.0.16-3
- libpng10-debuginfo-0:1.0.13-17
- libpng10-debuginfo-0:1.0.16-3
- libpng10-devel-0:1.0.13-17
- libpng10-devel-0:1.0.16-3
|
|
refmap
via4
|
apple | APPLE-SA-2008-03-18 | bid | | bugtraq | - 20070517 FLEA-2007-0018-1: libpng
- 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
| cert-vn | VU#684664 | confirm | | debian | | gentoo | - GLSA-200705-24
- GLSA-200805-07
| mandriva | MDKSA-2007:116 | misc | http://www.coresecurity.com/?action=item&id=2148 | openpkg | OpenPKG-SA-2007.013 | osvdb | 36196 | sectrack | 1018078 | secunia | - 25268
- 25273
- 25292
- 25329
- 25353
- 25461
- 25554
- 25571
- 25742
- 25787
- 25867
- 27056
- 29420
- 30161
- 31168
- 34388
| slackware | SSA:2007-136-01 | sunalert | | suse | SUSE-SR:2007:013 | trustix | 2007-0019 | ubuntu | USN-472-1 | vupen | - ADV-2007-1838
- ADV-2007-2385
- ADV-2008-0924
| xf | libpng-trns-chunk-dos(34340) |
|
Last major update |
16-10-2018 - 16:43 |
Published |
16-05-2007 - 22:30 |
Last modified |
16-10-2018 - 16:43 |