// For flags

CVE-2007-5267

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.

Error de superación de límite (off-by-one) en el manejo de perfiles ICC en la función png_set_iCCP de pngset.c en libpng anterior a 1.2.22 beta1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipulada artesanalmente, debido a un parche incorrecto para CVE-2007-5266.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-10-08 CVE Reserved
  • 2007-10-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
References (24)
URL Tag Source
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562 X_refsource_confirm
http://secunia.com/advisories/27284 Third Party Advisory
http://secunia.com/advisories/27746 Third Party Advisory
http://secunia.com/advisories/29420 Third Party Advisory
http://secunia.com/advisories/35302 Third Party Advisory
http://secunia.com/advisories/35386 Third Party Advisory
http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement Mailing List
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm X_refsource_confirm
http://www.coresecurity.com/?action=item&id=2148 X_refsource_misc
http://www.securityfocus.com/archive/1/483582/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/489135/100/0/threaded Mailing List
http://www.securityfocus.com/bid/25957 Vdb Entry
http://www.vupen.com/english/advisories/2007/3391 Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references Vdb Entry
http://www.vupen.com/english/advisories/2009/1462 Vdb Entry
http://www.vupen.com/english/advisories/2009/1560 Vdb Entry
https://issues.rpath.com/browse/RPL-1814 X_refsource_confirm
URL Date SRC
URL Date SRC
http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net 2018-10-15
URL Date SRC
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html 2018-10-15
http://secunia.com/advisories/27130 2018-10-15
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 2018-10-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libpng
Search vendor "Libpng"
 Libpng
Search vendor "Libpng" for product "Libpng"
 <= 1.2.21
Search vendor "Libpng" for product "Libpng" and version " <= 1.2.21"
-
Affected