// For flags

CVE-2007-2445

libpng png_handle_tRNS flaw

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

La función png_handle_tRNS en pngrutil.c en libpng anterior a 1.0.25 y 1.2.x anterior a 1.2.17 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de un imagen PNG en escala de grises con un mal valor del CRC de un trozo del tRNS.

Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-05-02 CVE Reserved
  • 2007-05-16 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (53)
URL Tag Source
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562 X_refsource_confirm
http://irrlicht.sourceforge.net/changes.txt X_refsource_confirm
http://osvdb.org/36196 Vdb Entry
http://secunia.com/advisories/25353 Third Party Advisory
http://secunia.com/advisories/25461 Third Party Advisory
http://secunia.com/advisories/25554 Third Party Advisory
http://secunia.com/advisories/25571 Third Party Advisory
http://secunia.com/advisories/25742 Third Party Advisory
http://secunia.com/advisories/25787 Third Party Advisory
http://secunia.com/advisories/25867 Third Party Advisory
http://secunia.com/advisories/27056 Third Party Advisory
http://secunia.com/advisories/29420 Third Party Advisory
http://secunia.com/advisories/30161 Third Party Advisory
http://secunia.com/advisories/31168 Third Party Advisory
http://secunia.com/advisories/34388 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm X_refsource_confirm
http://www.coresecurity.com/?action=item&id=2148 X_refsource_misc
http://www.kb.cert.org/vuls/id/684664 Third Party Advisory
http://www.securityfocus.com/archive/1/468910/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489135/100/0/threaded Mailing List
http://www.securityfocus.com/bid/24000 Vdb Entry
http://www.securityfocus.com/bid/24023 Vdb Entry
http://www.securitytracker.com/id?1018078 Vdb Entry
http://www.vupen.com/english/advisories/2007/1838 Vdb Entry
http://www.vupen.com/english/advisories/2007/2385 Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34340 Vdb Entry
https://issues.rpath.com/browse/RPL-1381 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094 Signature
URL Date SRC
URL Date SRC
http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624 2018-10-16
http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624 2018-10-16
URL Date SRC
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html 2018-10-16
http://openpkg.com/go/OpenPKG-SA-2007.013 2018-10-16
http://secunia.com/advisories/25268 2018-10-16
http://secunia.com/advisories/25273 2018-10-16
http://secunia.com/advisories/25292 2018-10-16
http://secunia.com/advisories/25329 2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650 2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1 2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1 2018-10-16
http://www.debian.org/security/2008/dsa-1613 2018-10-16
http://www.debian.org/security/2009/dsa-1750 2018-10-16
http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml 2018-10-16
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:116 2018-10-16
http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt 2018-10-16
http://www.novell.com/linux/security/advisories/2007_13_sr.html 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0356.html 2018-10-16
http://www.trustix.org/errata/2007/0019 2018-10-16
http://www.ubuntu.com/usn/usn-472-1 2018-10-16
https://access.redhat.com/security/cve/CVE-2007-2445 2007-05-17
https://bugzilla.redhat.com/show_bug.cgi?id=239425 2007-05-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Png Reference Library
Search vendor "Png Reference Library"
 Libpng
Search vendor "Png Reference Library" for product "Libpng"
 <= 1.0.15
Search vendor "Png Reference Library" for product "Libpng" and version " <= 1.0.15"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
*-
Safe
Png Reference Library
Search vendor "Png Reference Library"
 Libpng
Search vendor "Png Reference Library" for product "Libpng"
 <= 1.2.16
Search vendor "Png Reference Library" for product "Libpng" and version " <= 1.2.16"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
*-
Safe