CVE-2008-1382 – libpng unknown chunk handling flaw
https://notcve.org/view.php?id=CVE-2008-1382
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. libpng versions de la 1.0.6 hasta la 1.0.32, 1.2.0 hasta la 1.2.26 y 1.4.0beta01 hasta la 1.4.0beta19, permiten a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un archivo PNG con fragmentos desconocidos de longitud cero, lo que dispara un acceso de memoria no inicializada. • http://libpng.sourceforge.net/Advisory-1.2.26.txt http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29678 http://secunia.com/advisories/29792 http://secunia.com/advisories/29957 http://secunia.com/advisories/29992 http://secunia.com/advisories/30009 http://secunia.com/advisories/301 • CWE-189: Numeric Errors •
CVE-2007-5269 – libpng DoS via multiple out-of-bounds reads
https://notcve.org/view.php?id=CVE-2007-5269
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. Determinados manejadores de fragmentos en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante fragmentación manipulada (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), y (5) ztXT (png_handle_ztXt) en imágenes PNG, lo cual dispara operaciones de lectura fuera de límite. • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html http://bugs.gentoo.org/show_bug.cgi?id=195261 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.vmware.com/pipermail/security-announce/2008/000008.html http:/ • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2007-5267
https://notcve.org/view.php?id=CVE-2007-5267
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. Error de superación de límite (off-by-one) en el manejo de perfiles ICC en la función png_set_iCCP de pngset.c en libpng anterior a 1.2.22 beta1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipulada artesanalmente, debido a un parche incorrecto para CVE-2007-5266. • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/27130 http://secunia.com/advisories/27284 http://secunia.com/advisories/27746 http://secunia.com/advisories/29420 http://secunia.com/advisories/35302 http://secunia.com/advisories/35386 http://slackware.com/security/viewer.php?l=slackware-secur • CWE-189: Numeric Errors •
CVE-2007-5268
https://notcve.org/view.php?id=CVE-2007-5268
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. pngrtran.c en libpng anterior a 1.0.29 y 1.2.x anterior a 1.2.21 utiliza (1) operaciones lógicas en vez de operación sobre bits y (2) comparaciones incorrectas, lo cual podría permitir a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipulada artesanalmente. • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html http://bugs.gentoo.org/show_bug.cgi?id=195261 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/27093 http://secunia.com/advisories/27284 http://secunia.com/advisories/27405 http://secunia.com/advisories/27529 http •
CVE-2007-5266
https://notcve.org/view.php?id=CVE-2007-5266
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. Error de superación de límite (off-by-one) en el manejo de perfiles ICC en la función png_set_iCCP de pngset.c en libpng anterior a 1.0.29 beta1 y 1.2.x anterior a 1.2.21 beta1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipulada artesanalmente que provoca que el campo de nombre no termine con NULL. • http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html http://bugs.gentoo.org/show_bug.cgi?id=195261 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/27284 http://secunia.com/advisories/27529 http://secunia.com/advisories/27629 http://secunia.com/advisories/27746 http • CWE-189: Numeric Errors •