Vulnerability CVE-2007-2445: Information

Description

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-2445
Published: May 17, 2007
Modified: Oct. 16, 2018

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624
  • Patch
http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624
  • Patch
http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt
  • Vendor Advisory
VU#684664
  • Third Party Advisory
  • US Government Resource
25292
  • Vendor Advisory
https://issues.rpath.com/browse/RPL-1381
    OpenPKG-SA-2007.013
      RHSA-2007:0356
        SSA:2007-136-01
          24000
            24023
              1018078
                25329
                • Vendor Advisory
                25268
                • Vendor Advisory
                25273
                • Vendor Advisory
                http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
                  http://irrlicht.sourceforge.net/changes.txt
                    GLSA-200705-24
                      MDKSA-2007:116
                        102987
                          SUSE-SR:2007:013
                            2007-0019
                              USN-472-1
                                25353
                                  25461
                                    25554
                                      25571
                                        25742
                                          25867
                                            27056
                                              25787
                                                http://www.coresecurity.com/?action=item&id=2148
                                                  http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
                                                    200871
                                                      http://docs.info.apple.com/article.html?artnum=307562
                                                        APPLE-SA-2008-03-18
                                                          29420
                                                            GLSA-200805-07
                                                              30161
                                                                DSA-1613
                                                                  31168
                                                                    DSA-1750
                                                                      34388
                                                                        ADV-2008-0924
                                                                          ADV-2007-1838
                                                                            ADV-2007-2385
                                                                              36196
                                                                                libpng-trns-chunk-dos(34340)
                                                                                  oval:org.mitre.oval:def:10094
                                                                                    20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK
                                                                                      20070517 FLEA-2007-0018-1: libpng

                                                                                          1. Configuration 1

                                                                                            Running on/with:
                                                                                            cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                                                                                            cpe:2.3:a:png_reference_library:libpng:*:*:*:*:*:*:*:*
                                                                                            cpe:2.3:a:png_reference_library:libpng:*:*:*:*:*:*:*:*
                                                                                        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                                                        Version: v24.4.2
                                                                                        Back to top