cvelistv5 - CVE-2007-5267

CVE-2007-5267 (GCVE-0-2007-5267)

Vulnerability from cvelistv5

Published

2007-10-08 21:00

Modified

2024-08-07 15:24

Severity ?

CWE

Summary

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.

References

URL

Tags

cve@mitre.org	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307562
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
cve@mitre.org	http://secunia.com/advisories/27130	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27284
cve@mitre.org	http://secunia.com/advisories/27746
cve@mitre.org	http://secunia.com/advisories/29420
cve@mitre.org	http://secunia.com/advisories/35302
cve@mitre.org	http://secunia.com/advisories/35386
cve@mitre.org	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323
cve@mitre.org	http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement
cve@mitre.org	http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net	Patch
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
cve@mitre.org	http://www.coresecurity.com/?action=item&id=2148
cve@mitre.org	http://www.securityfocus.com/archive/1/483582/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/489135/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25957
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3391
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0924/references
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1462
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1560
cve@mitre.org	https://issues.rpath.com/browse/RPL-1814
af854a3a-2127-422b-91ae-364da2661108	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27130	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27284
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27746
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35302
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35386
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/?action=item&id=2148
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/483582/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/489135/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25957
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3391
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1462
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1560
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1814

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:42.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-3391",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3391"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1814"
          },
          {
            "name": "35386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35386"
          },
          {
            "name": "1020521",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
          },
          {
            "name": "[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
          },
          {
            "name": "ADV-2009-1560",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1560"
          },
          {
            "name": "ADV-2009-1462",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1462"
          },
          {
            "name": "[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
          },
          {
            "name": "27746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27746"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/?action=item\u0026id=2148"
          },
          {
            "name": "259989",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
          },
          {
            "name": "35302",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35302"
          },
          {
            "name": "ADV-2008-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "27130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27130"
          },
          {
            "name": "29420",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "27284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27284"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "SSA:2007-325-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
          },
          {
            "name": "20071112 FLEA-2007-0065-1 libpng",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
          },
          {
            "name": "25957",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25957"
          },
          {
            "name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-3391",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3391"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1814"
        },
        {
          "name": "35386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35386"
        },
        {
          "name": "1020521",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
        },
        {
          "name": "[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
        },
        {
          "name": "ADV-2009-1560",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1560"
        },
        {
          "name": "ADV-2009-1462",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1462"
        },
        {
          "name": "[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
        },
        {
          "name": "27746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27746"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/?action=item\u0026id=2148"
        },
        {
          "name": "259989",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
        },
        {
          "name": "35302",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35302"
        },
        {
          "name": "ADV-2008-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0924/references"
        },
        {
          "name": "27130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27130"
        },
        {
          "name": "29420",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29420"
        },
        {
          "name": "APPLE-SA-2008-03-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
        },
        {
          "name": "27284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27284"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307562"
        },
        {
          "name": "SSA:2007-325-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
        },
        {
          "name": "20071112 FLEA-2007-0065-1 libpng",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
        },
        {
          "name": "25957",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25957"
        },
        {
          "name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5267",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-3391",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3391"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1814",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1814"
            },
            {
              "name": "35386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35386"
            },
            {
              "name": "1020521",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
            },
            {
              "name": "[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug",
              "refsource": "MLIST",
              "url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
            },
            {
              "name": "ADV-2009-1560",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1560"
            },
            {
              "name": "ADV-2009-1462",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1462"
            },
            {
              "name": "[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug",
              "refsource": "MLIST",
              "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
            },
            {
              "name": "27746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27746"
            },
            {
              "name": "http://www.coresecurity.com/?action=item\u0026id=2148",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/?action=item\u0026id=2148"
            },
            {
              "name": "259989",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
            },
            {
              "name": "35302",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35302"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "27130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27130"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "27284",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27284"
            },
            {
              "name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
              "refsource": "CONFIRM",
              "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "SSA:2007-325-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
            },
            {
              "name": "20071112 FLEA-2007-0065-1 libpng",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
            },
            {
              "name": "25957",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25957"
            },
            {
              "name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5267",
    "datePublished": "2007-10-08T21:00:00",
    "dateReserved": "2007-10-08T00:00:00",
    "dateUpdated": "2024-08-07T15:24:42.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5267\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-08T21:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.\"},{\"lang\":\"es\",\"value\":\"Error de superaci\u00f3n de l\u00edmite (off-by-one) en el manejo de perfiles ICC en la funci\u00f3n png_set_iCCP de pngset.c en libpng anterior a 1.2.22 beta1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una imagen PNG manipulada artesanalmente, debido a un parche incorrecto para CVE-2007-5266.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.21\",\"matchCriteriaId\":\"1304E53A-47EE-4254-B017-531CDC6380E5\"}]}]}],\"references\":[{\"url\":\"http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27130\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27284\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27746\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35302\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35386\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.coresecurity.com/?action=item\u0026id=2148\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/483582/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/489135/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25957\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3391\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1462\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1560\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1814\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27284\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35302\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.coresecurity.com/?action=item\u0026id=2148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/483582/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/489135/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25957\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3391\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\",\"lastModified\":\"2007-10-16T00:00:00\"}]}}"
  }
}

CERTA-2008-AVI-148

Vulnerability from certfr_avis

None

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation Apple Mac OS X. L'exploitation de ces vulnérabilités permet à un individu malveillant diverses actions dont exécuter du code arbitaire à distance, effectuer un déni de service, contourner la politique de sécurité, élever ses privilèges et effectuer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité Apple 307562 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac Os X version 10.4.11 et antérieures ;
	Apple	N/A	Apple Mac Os X version 10.5.2 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 307562 du 18 mars 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac Os X version 10.4.11 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac Os X version 10.5.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s\npermet \u00e0 un individu malveillant diverses actions dont ex\u00e9cuter du code\narbitaire \u00e0 distance, effectuer un d\u00e9ni de service, contourner la\npolitique de s\u00e9curit\u00e9, \u00e9lever ses privil\u00e8ges et effectuer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307562 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
    },
    {
      "name": "CVE-2008-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0060"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2007-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6109"
    },
    {
      "name": "CVE-2007-1661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1661"
    },
    {
      "name": "CVE-2008-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0882"
    },
    {
      "name": "CVE-2007-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6336"
    },
    {
      "name": "CVE-2007-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2799"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1089"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2007-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4768"
    },
    {
      "name": "CVE-2008-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0059"
    },
    {
      "name": "CVE-2008-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1000"
    },
    {
      "name": "CVE-2007-1660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1660"
    },
    {
      "name": "CVE-2007-4568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
    },
    {
      "name": "CVE-2007-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3378"
    },
    {
      "name": "CVE-2008-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0052"
    },
    {
      "name": "CVE-2008-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0990"
    },
    {
      "name": "CVE-2008-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0995"
    },
    {
      "name": "CVE-2007-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0898"
    },
    {
      "name": "CVE-2007-5266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5266"
    },
    {
      "name": "CVE-2008-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0055"
    },
    {
      "name": "CVE-2007-1997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1997"
    },
    {
      "name": "CVE-2007-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1659"
    },
    {
      "name": "CVE-2007-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6337"
    },
    {
      "name": "CVE-2008-0044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0044"
    },
    {
      "name": "CVE-2008-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0045"
    },
    {
      "name": "CVE-2007-5971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
    },
    {
      "name": "CVE-2008-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0046"
    },
    {
      "name": "CVE-2008-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0047"
    },
    {
      "name": "CVE-2007-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6335"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-3725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3725"
    },
    {
      "name": "CVE-2008-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0054"
    },
    {
      "name": "CVE-2008-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0996"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2007-6203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
    },
    {
      "name": "CVE-2008-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0051"
    },
    {
      "name": "CVE-2007-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3799"
    },
    {
      "name": "CVE-2008-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0048"
    },
    {
      "name": "CVE-2007-1662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1662"
    },
    {
      "name": "CVE-2006-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3334"
    },
    {
      "name": "CVE-2008-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0998"
    },
    {
      "name": "CVE-2007-0897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0897"
    },
    {
      "name": "CVE-2008-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0318"
    },
    {
      "name": "CVE-2007-6429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6429"
    },
    {
      "name": "CVE-2007-4510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4510"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2007-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5795"
    },
    {
      "name": "CVE-2008-0006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0006"
    },
    {
      "name": "CVE-2008-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
    },
    {
      "name": "CVE-2008-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0728"
    },
    {
      "name": "CVE-2007-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2445"
    },
    {
      "name": "CVE-2008-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0049"
    },
    {
      "name": "CVE-2007-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1745"
    },
    {
      "name": "CVE-2007-6427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6427"
    },
    {
      "name": "CVE-2008-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0987"
    },
    {
      "name": "CVE-2008-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0993"
    },
    {
      "name": "CVE-2008-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0988"
    },
    {
      "name": "CVE-2008-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0056"
    },
    {
      "name": "CVE-2008-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0992"
    },
    {
      "name": "CVE-2006-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5793"
    },
    {
      "name": "CVE-2007-6428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6428"
    },
    {
      "name": "CVE-2008-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0989"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2008-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0053"
    },
    {
      "name": "CVE-2007-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4767"
    },
    {
      "name": "CVE-2008-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0050"
    },
    {
      "name": "CVE-2007-5958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5958"
    },
    {
      "name": "CVE-2006-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6481"
    },
    {
      "name": "CVE-2008-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0994"
    },
    {
      "name": "CVE-2007-6421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6421"
    },
    {
      "name": "CVE-2008-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0058"
    },
    {
      "name": "CVE-2007-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4752"
    },
    {
      "name": "CVE-2008-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0999"
    },
    {
      "name": "CVE-2007-4560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4560"
    },
    {
      "name": "CVE-2007-4990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4990"
    },
    {
      "name": "CVE-2007-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4766"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2008-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0596"
    },
    {
      "name": "CVE-2007-4887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4887"
    }
  ],
  "initial_release_date": "2008-03-19T00:00:00",
  "last_revision_date": "2008-03-19T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307562 du 18 mars 2008",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    }
  ]
}

CERTA-2008-AVI-278

Vulnerability from certfr_avis

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées. L'exploitation de ces dernières peut avoir plusieurs conséquences, dont des exécutions de codes arbitraires à distance.

Description

Plusieurs vulnérabilités concernant le système d'exploitation Apple Mac OS X ont été identifiées :

le serveur AFP (Apple Filing Protocol) ne vérifie pas correctement la cohérence d'accès entre répertoires et fichiers.
le serveur Apache est mis à jour en 2.0.63 pour les versions Mac OS X Server v10.4.x ; nouvelle version qui corrige des vulnérabilités permettant des attaques par injection de code indirecte ;
l'impression d'un document PDF spécialement construit par ATS peut provoquer l'exécution de code arbitraire ;
l'impression de documents via CUPS à destination d'une imprimante peut permettre sous certaines conditions de récupérer des informations sensibles, y compris si une protection par mot de passe est déployée ;
des vulnérabilités dans le module Flash Player sont corrigées (cf. CERTA-2008-AVI-197) ;
les vulnérabilités détaillées dans l'alerte CERTA-2008-ALE-007 concernant iCal sont corrigées ;
etc.

Solution

Se référer au bulletin de sécurité Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac 0S X versions v10.4.x.
	Apple	N/A	Apple Mac OS X version v10.5.x ;

References

Title

Publication Time

Tags

Mises à jour de sécurité Apple 2008-003 du 28 mai 2008	None	vendor-advisory
Alerte CERTA-2008-ALE-007, « Multiples vulnérabilités dans Apple Ical », du 23 mai 2008 :	-	other
Détails de la mise à jour de sécurité 2008-003 / Mac OS X 10.5.3 :	-	other
Bulletin de sécurité Apple 106704 du 28 mai 2008 :	-	other
Tableau récapitulatif des mises à jour de sécurité pour Mac OS X :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac 0S X versions v10.4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X version v10.5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es :\n\n-   le serveur AFP (Apple Filing Protocol) ne v\u00e9rifie pas correctement\n    la coh\u00e9rence d\u0027acc\u00e8s entre r\u00e9pertoires et fichiers.\n-   le serveur Apache est mis \u00e0 jour en 2.0.63 pour les versions Mac OS\n    X Server v10.4.x ; nouvelle version qui corrige des vuln\u00e9rabilit\u00e9s\n    permettant des attaques par injection de code indirecte ;\n-   l\u0027impression d\u0027un document PDF sp\u00e9cialement construit par ATS peut\n    provoquer l\u0027ex\u00e9cution de code arbitraire ;\n-   l\u0027impression de documents via CUPS \u00e0 destination d\u0027une imprimante\n    peut permettre sous certaines conditions de r\u00e9cup\u00e9rer des\n    informations sensibles, y compris si une protection par mot de passe\n    est d\u00e9ploy\u00e9e ;\n-   des vuln\u00e9rabilit\u00e9s dans le module Flash Player sont corrig\u00e9es (cf.\n    CERTA-2008-AVI-197) ;\n-   les vuln\u00e9rabilit\u00e9s d\u00e9taill\u00e9es dans l\u0027alerte CERTA-2008-ALE-007\n    concernant iCal sont corrig\u00e9es ;\n-   etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1574"
    },
    {
      "name": "CVE-2008-1032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1032"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2008-1572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1572"
    },
    {
      "name": "CVE-2008-1655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1655"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1575"
    },
    {
      "name": "CVE-2008-1031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1031"
    },
    {
      "name": "CVE-2008-1571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1571"
    },
    {
      "name": "CVE-2008-1027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1027"
    },
    {
      "name": "CVE-2008-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1577"
    },
    {
      "name": "CVE-2008-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1576"
    },
    {
      "name": "CVE-2008-1035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1035"
    },
    {
      "name": "CVE-2007-6612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6612"
    },
    {
      "name": "CVE-2005-3357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3357"
    },
    {
      "name": "CVE-2008-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1573"
    },
    {
      "name": "CVE-2008-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1036"
    },
    {
      "name": "CVE-2008-1028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1028"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2008-1033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1033"
    },
    {
      "name": "CVE-2007-6019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6019"
    },
    {
      "name": "CVE-2007-5275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5275"
    },
    {
      "name": "CVE-2008-1030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1030"
    },
    {
      "name": "CVE-2008-1578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1578"
    },
    {
      "name": "CVE-2008-1034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1034"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2008-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0177"
    },
    {
      "name": "CVE-2007-6243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6243"
    },
    {
      "name": "CVE-2008-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1579"
    },
    {
      "name": "CVE-2008-1580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1580"
    },
    {
      "name": "CVE-2007-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6359"
    },
    {
      "name": "CVE-2008-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1654"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2007-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0071"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2007-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
    }
  ],
  "initial_release_date": "2008-05-29T00:00:00",
  "last_revision_date": "2008-05-29T00:00:00",
  "links": [
    {
      "title": "Alerte CERTA-2008-ALE-007, \u00ab Multiples vuln\u00e9rabilit\u00e9s dans    Apple Ical \u00bb, du 23 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-007/"
    },
    {
      "title": "D\u00e9tails de la mise \u00e0 jour de s\u00e9curit\u00e9 2008-003 / Mac OS X    10.5.3 :",
      "url": "http://support.apple.com/kb/HT1897"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 106704 du 28 mai 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=106704"
    },
    {
      "title": "Tableau r\u00e9capitulatif des mises \u00e0 jour de s\u00e9curit\u00e9 pour Mac    OS X :",
      "url": "http://support.apple.com/kb/HT1222?viewlocale=fr_FR"
    }
  ],
  "reference": "CERTA-2008-AVI-278",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es. L\u0027exploitation de ces derni\u00e8res peut avoir\nplusieurs cons\u00e9quences, dont des ex\u00e9cutions de codes arbitraires \u00e0\ndistance.\n",
  "title": "Mutliples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-003 du 28 mai 2008",
      "url": null
    }
  ]
}

fkie_cve-2007-5267

Vulnerability from fkie_nvd

Published

2007-10-08 21:17

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307562
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
cve@mitre.org	http://secunia.com/advisories/27130	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27284
cve@mitre.org	http://secunia.com/advisories/27746
cve@mitre.org	http://secunia.com/advisories/29420
cve@mitre.org	http://secunia.com/advisories/35302
cve@mitre.org	http://secunia.com/advisories/35386
cve@mitre.org	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323
cve@mitre.org	http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement
cve@mitre.org	http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net	Patch
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
cve@mitre.org	http://www.coresecurity.com/?action=item&id=2148
cve@mitre.org	http://www.securityfocus.com/archive/1/483582/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/489135/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25957
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3391
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0924/references
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1462
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1560
cve@mitre.org	https://issues.rpath.com/browse/RPL-1814
af854a3a-2127-422b-91ae-364da2661108	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27130	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27284
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27746
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35302
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35386
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net	Patch
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/?action=item&id=2148
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/483582/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/489135/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25957
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3391
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1462
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1560
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1814

Impacted products

	Vendor	Product	Version
	libpng	libpng	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1304E53A-47EE-4254-B017-531CDC6380E5",
              "versionEndIncluding": "1.2.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266."
    },
    {
      "lang": "es",
      "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en el manejo de perfiles ICC en la funci\u00f3n png_set_iCCP de pngset.c en libpng anterior a 1.2.22 beta1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una imagen PNG manipulada artesanalmente, debido a un parche incorrecto para CVE-2007-5266."
    }
  ],
  "id": "CVE-2007-5267",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-08T21:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27130"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27284"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27746"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35302"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35386"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.coresecurity.com/?action=item\u0026id=2148"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25957"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3391"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1462"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1560"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35302"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.coresecurity.com/?action=item\u0026id=2148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1814"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
      "lastModified": "2007-10-16T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2007-5267

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-5267

Aliases

CVE-2007-5267

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5267",
    "description": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.",
    "id": "GSD-2007-5267",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-5267.html",
      "https://packetstormsecurity.com/files/cve/CVE-2007-5267"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5267"
      ],
      "details": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.",
      "id": "GSD-2007-5267",
      "modified": "2023-12-13T01:21:40.734917Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5267",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-3391",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3391"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1814",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-1814"
          },
          {
            "name": "35386",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35386"
          },
          {
            "name": "1020521",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
          },
          {
            "name": "[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug",
            "refsource": "MLIST",
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
          },
          {
            "name": "ADV-2009-1560",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1560"
          },
          {
            "name": "ADV-2009-1462",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1462"
          },
          {
            "name": "[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug",
            "refsource": "MLIST",
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
          },
          {
            "name": "27746",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27746"
          },
          {
            "name": "http://www.coresecurity.com/?action=item\u0026id=2148",
            "refsource": "MISC",
            "url": "http://www.coresecurity.com/?action=item\u0026id=2148"
          },
          {
            "name": "259989",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
          },
          {
            "name": "35302",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35302"
          },
          {
            "name": "ADV-2008-0924",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "27130",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27130"
          },
          {
            "name": "29420",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "27284",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27284"
          },
          {
            "name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
            "refsource": "CONFIRM",
            "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307562",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "SSA:2007-325-01",
            "refsource": "SLACKWARE",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
          },
          {
            "name": "20071112 FLEA-2007-0065-1 libpng",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
          },
          {
            "name": "25957",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25957"
          },
          {
            "name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.21",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5267"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[png-mng-implement] 20071005 libpng 1.2.21 iCCP chunk handling bug",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
            },
            {
              "name": "[png-mng-implement] 20071015 libpng 1.2.21 iCCP chunk handling bug",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
            },
            {
              "name": "27130",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27130"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1814",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-1814"
            },
            {
              "name": "SSA:2007-325-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
            },
            {
              "name": "25957",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25957"
            },
            {
              "name": "27284",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27284"
            },
            {
              "name": "27746",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27746"
            },
            {
              "name": "http://www.coresecurity.com/?action=item\u0026id=2148",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.coresecurity.com/?action=item\u0026id=2148"
            },
            {
              "name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "259989",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
            },
            {
              "name": "ADV-2009-1462",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1462"
            },
            {
              "name": "35302",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35302"
            },
            {
              "name": "35386",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35386"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
            },
            {
              "name": "ADV-2009-1560",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1560"
            },
            {
              "name": "1020521",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "ADV-2007-3391",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3391"
            },
            {
              "name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google\u0027s Android SDK",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
            },
            {
              "name": "20071112 FLEA-2007-0065-1 libpng",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:41Z",
      "publishedDate": "2007-10-08T21:17Z"
    }
  }
}

ghsa-c7qv-v9rv-f39q

Vulnerability from github

Published

2022-05-01 18:31

Modified

2022-05-01 18:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5267"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-08T21:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.",
  "id": "GHSA-c7qv-v9rv-f39q",
  "modified": "2022-05-01T18:31:50Z",
  "published": "2022-05-01T18:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5267"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1814"
    },
    {
      "type": "WEB",
      "url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27130"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27284"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27746"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35302"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35386"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.520323"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com\u0026forum_name=png-mng-implement"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.coresecurity.com/?action=item\u0026id=2148"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25957"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3391"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1462"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1560"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-5267 (GCVE-0-2007-5267)

Vulnerability from cvelistv5

CERTA-2008-AVI-148

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-278

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2007-5267

Vulnerability from fkie_nvd

gsd-2007-5267

Vulnerability from gsd

ghsa-c7qv-v9rv-f39q

Vulnerability from github

Tags

Sightings

Nomenclature