[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5907Date: (C)2009-01-15   (M)2024-02-16


The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-34320
SECUNIA-34388
DSA-1750
GLSA-200903-28
MDVSA-2009:051
SUSE-SR:2009:003
http://openwall.com/lists/oss-security/2009/01/09/1
http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement
http://libpng.sourceforge.net/index.html
libpng-pngcheckkeyword-memory-corruption(48128)

CPE    3
cpe:/a:libpng:libpng
cpe:/o:debian:debian_linux:4.0
cpe:/o:debian:debian_linux:5.0
OVAL    4
oval:org.secpod.oval:def:300969
oval:org.secpod.oval:def:600371
oval:org.secpod.oval:def:700311
oval:org.mitre.oval:def:6557
...

© SecPod Technologies