[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110204

 
 

909

 
 

85984

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-1382Date: (C)2008-04-14   (M)2018-06-20


libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1019840
SUNALERT-1020521
http://www.securityfocus.com/archive/1/archive/1/490823/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/491424/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/503912/100/0/threaded
SUNALERT-259989
BID-28770
SECUNIA-29678
SECUNIA-29792
SECUNIA-29957
SECUNIA-29992
SECUNIA-30009
SECUNIA-30157
SECUNIA-30174
SECUNIA-30402
SECUNIA-30486
SECUNIA-31882
SECUNIA-33137
SECUNIA-34152
SECUNIA-34388
SECUNIA-35074
SECUNIA-35258
SECUNIA-35302
SECUNIA-35386
OSVDB-44364
ADV-2008-1225
ADV-2008-2584
ADV-2009-1297
ADV-2009-1451
ADV-2009-1462
ADV-2009-1560
APPLE-SA-2008-09-15
APPLE-SA-2009-05-12
DSA-1750
FEDORA-2008-3683
FEDORA-2008-3937
FEDORA-2008-3979
FEDORA-2008-4847
FEDORA-2008-4910
FEDORA-2008-4947
GLSA-200804-15
GLSA-200805-10
GLSA-200812-15
MDVSA-2008:156
RHSA-2009:0333
SSA:2008-119-01
SUSE-SR:2008:010
TA08-260A
TA09-133A
http://libpng.sourceforge.net/Advisory-1.2.26.txt
http://support.apple.com/kb/HT3549
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151
http://www.ocert.org/advisories/ocert-2008-003.html
http://www.vmware.com/security/advisories/VMSA-2009-0007.html
libpng-zero-length-code-execution(41800)

CPE    21
cpe:/a:libpng:libpng:1.0.13
cpe:/a:libpng:libpng:1.0.12
cpe:/a:libpng:libpng:1.0.17
cpe:/a:libpng:libpng:1.0.16
...
CWE    1
CWE-189
OVAL    13
oval:org.secpod.oval:def:700311
oval:org.mitre.oval:def:6557
oval:org.secpod.oval:def:600371
oval:org.secpod.oval:def:101560
...

© SecPod Technologies