Lucene search

PRIOn knowledge basePRION:CVE-2008-1382

HistoryApr 14, 2008 - 4:05 p.m.

Design/Logic Flaw

2008-04-1416:05:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.2%

JSON

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length “unknown” chunks, which trigger an access of uninitialized memory.

CPENameOperatorVersion
libpngeq1.2.19 beta6
libpngeq1.2.19 beta24
libpngeq1.2.19 beta29
libpngeq1.2.23 beta1
libpngeq1.2.19 beta14
libpngeq1.2.20 rc6
libpngeq1.2.22
libpngeq1.2.26 beta2
libpngeq1.2.19 rc2
libpngeq1.2.17 rc2

Name	Operator	Version
libpng	eq	1.2.19 beta6
libpng	eq	1.2.19 beta24
libpng	eq	1.2.19 beta29
libpng	eq	1.2.23 beta1
libpng	eq	1.2.19 beta14
libpng	eq	1.2.20 rc6
libpng	eq	1.2.22
libpng	eq	1.2.26 beta2
libpng	eq	1.2.19 rc2
libpng	eq	1.2.17 rc2

Rows per page:

1-10 of 3101

References

libpng.sourceforge.net/Advisory-1.2.26.txt

lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html

secunia.com/advisories/29678

secunia.com/advisories/29792

secunia.com/advisories/29957

secunia.com/advisories/29992

secunia.com/advisories/30009

secunia.com/advisories/30157

secunia.com/advisories/30174

secunia.com/advisories/30402

secunia.com/advisories/30486

secunia.com/advisories/31882

secunia.com/advisories/33137

secunia.com/advisories/34152

secunia.com/advisories/34388

secunia.com/advisories/35074

secunia.com/advisories/35258

secunia.com/advisories/35302

secunia.com/advisories/35386

security.gentoo.org/glsa/glsa-200804-15.xml

security.gentoo.org/glsa/glsa-200805-10.xml

security.gentoo.org/glsa/glsa-200812-15.xml

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247

sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1

support.apple.com/kb/HT3549

support.avaya.com/elmodocs2/security/ASA-2009-208.htm

wiki.rpath.com/wiki/Advisories:rPSA-2008-0151

www.debian.org/security/2009/dsa-1750

www.mandriva.com/security/advisories?name=MDVSA-2008:156

www.ocert.org/advisories/ocert-2008-003.html

www.osvdb.org/44364

www.redhat.com/support/errata/RHSA-2009-0333.html

www.securityfocus.com/archive/1/490823/100/0/threaded

www.securityfocus.com/archive/1/491424/100/0/threaded

www.securityfocus.com/archive/1/503912/100/0/threaded

www.securityfocus.com/bid/28770

www.securitytracker.com/id?1019840

www.us-cert.gov/cas/techalerts/TA08-260A.html

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0007.html

www.vupen.com/english/advisories/2008/1225/references

www.vupen.com/english/advisories/2008/2584

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1451

www.vupen.com/english/advisories/2009/1462

www.vupen.com/english/advisories/2009/1560

exchange.xforce.ibmcloud.com/vulnerabilities/41800

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275

www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html