[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77982

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-1382

Date: (C)2008-04-14   (M)2017-10-04
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

Reference:
SECTRACK-1019840
SUNALERT-1020521
http://www.securityfocus.com/archive/1/archive/1/490823/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/491424/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/503912/100/0/threaded
SUNALERT-259989
BID-28770
SECUNIA-29678
SECUNIA-29792
SECUNIA-29957
SECUNIA-29992
SECUNIA-30009
SECUNIA-30157
SECUNIA-30174
SECUNIA-30402
SECUNIA-30486
SECUNIA-31882
SECUNIA-33137
SECUNIA-34152
SECUNIA-34388
SECUNIA-35074
SECUNIA-35258
SECUNIA-35302
SECUNIA-35386
OSVDB-44364
ADV-2008-1225
ADV-2008-2584
ADV-2009-1297
ADV-2009-1451
ADV-2009-1462
ADV-2009-1560
APPLE-SA-2008-09-15
APPLE-SA-2009-05-12
DSA-1750
FEDORA-2008-3683
FEDORA-2008-3937
FEDORA-2008-3979
FEDORA-2008-4847
FEDORA-2008-4910
FEDORA-2008-4947
GLSA-200804-15
GLSA-200805-10
GLSA-200812-15
MDVSA-2008:156
RHSA-2009:0333
SSA:2008-119-01
SUSE-SR:2008:010
TA08-260A
TA09-133A
http://libpng.sourceforge.net/Advisory-1.2.26.txt
http://support.apple.com/kb/HT3549
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151
http://www.ocert.org/advisories/ocert-2008-003.html
http://www.vmware.com/security/advisories/VMSA-2009-0007.html
libpng-zero-length-code-execution(41800)

CPE    21
cpe:/a:libpng:libpng:1.0.13
cpe:/a:libpng:libpng:1.0.12
cpe:/a:libpng:libpng:1.0.17
cpe:/a:libpng:libpng:1.0.16
...
CWE    1
CWE-189
OVAL    13
oval:org.secpod.oval:def:20730
oval:org.secpod.oval:def:301461
oval:org.secpod.oval:def:202679
oval:org.secpod.oval:def:700311
...

© 2013 SecPod Technologies