Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2007-5268
HistoryOct 08, 2007 - 12:00 a.m.

CVE-2007-5268

2007-10-0800:00:00
ubuntu.com
ubuntu.com
14

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.015 Low

EPSS

Percentile

86.9%

JSON

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image.

Notes

Author Note
jdstrand given medium because of wide install base bug (1) is said to have been introduced in 1.2.19. Looking at pngrtran.c in 1.2.8 and 1.2.15 (as included in Ubuntu), the vulnerable code is not present bug (2) still applies to 1.2.15, but not 1.2.8 reducing to negligible as pngset.c change should not do anything
OSVersionArchitecturePackageVersionFilename
ubuntu7.04noarchlibpng< 1.2.15~beta5-1ubuntu1.1UNKNOWN
ubuntu7.10noarchlibpng< 1.2.15~beta5-2ubuntu0.1UNKNOWN
ubuntu8.04noarchlibpng< 1.2.15~beta5-3ubuntu0.1UNKNOWN

Related

prion 1
cve 1
cvelist 1
nvd 1
openvas 19
ubuntu 2
nessus 19
gentoo 2
freebsd 1
slackware 2
securityvulns 4
packetstorm 1
coresecurity 1
prion
prion
Buffer overflow
2007-10-08 21:17:00
cve
cve
CVE-2007-5268
2007-10-08 21:17:00
cvelist
cvelist
CVE-2007-5268
2007-10-08 21:00:00
nvd
nvd
CVE-2007-5268
2007-10-08 21:17:00
openvas
openvas
Ubuntu: Security Advisory (USN-538-1)
2009-03-23 00:00:00
Ubuntu Update for libpng vulnerabilities USN-538-1
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200711-08 (libpng)
2008-09-24 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2007-10-25 00:00:00
libpng vulnerabilities
2009-03-06 00:00:00
nessus
nessus
GLSA-200711-08 : libpng: Multiple Denials of Service
2007-11-08 00:00:00
Mandrake Linux Security Advisory : libpng (MDKSA-2007:217)
2007-11-14 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2007-325-01)
2007-11-26 00:00:00
gentoo
gentoo
libpng: Multiple Denials of Service
2007-11-07 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
freebsd
freebsd
png -- multiple vulnerabilities
2007-10-08 00:00:00
slackware
slackware
[slackware-security] libpng for Slackware 10.1 and 10.2
2007-11-21 21:16:25
[slackware-security] libpng
2007-11-21 08:14:31
securityvulns
securityvulns
libpng multiple security vulnerabilities
2007-10-20 00:00:00
Google Android SDK multiple security vulnerabilities
2008-03-05 00:00:00
CORE-2008-0124: Multiple vulnerabilities in Google&#39;s Android SDK
2008-03-05 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2008.0124
2008-03-04 00:00:00
coresecurity
coresecurity
Multiple Vulnerabilities in Google's Android
2008-03-04 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.015 Low

EPSS

Percentile

86.9%

JSON
Related for UB:CVE-2007-5268
prion1cve1cvelist1nvd1openvas19ubuntu2nessus19gentoo2freebsd1slackware2securityvulns4packetstorm1coresecurity1