Launchpad.net

CVE 2007-2445

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

Related bugs and status

CVE-2007-2445 (Candidate) is related to these bugs:

Bug #185178: Please sponsor libpng 1.2.24

Summary				In	Importance	Status
	185178	Please sponsor libpng 1.2.24		libpng (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mirrorservi...
CONFIRM: https://issues.rpath.c...
OPENPKG: OpenPKG-SA-2007.013
REDHAT: RHSA-2007:0356
CERT-VN: VU#684664
BID: 24000
BID: 24023
SECTRACK: 1018078
SECUNIA: 25292
SECUNIA: 25329
SECUNIA: 25268
SECUNIA: 25273
TRUSTIX: 2007-0019
SECUNIA: 25353
GENTOO: GLSA-200705-24
SECUNIA: 25461
SECUNIA: 25554
UBUNTU: USN-472-1
SECUNIA: 25571
CONFIRM: http://support.avaya.c...
SECUNIA: 25742
SUSE: SUSE-SR:2007:013
SUNALERT: 102987
SECUNIA: 25867
CONFIRM: http://irrlicht.source...
SECUNIA: 27056
MANDRIVA: MDKSA-2007:116
SECUNIA: 25787
CONFIRM: http://android-develop...
SUNALERT: 200871
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
GENTOO: GLSA-200805-07
SECUNIA: 30161
DEBIAN: DSA-1613
SECUNIA: 31168
DEBIAN: DSA-1750
SECUNIA: 34388
VUPEN: ADV-2007-1838
VUPEN: ADV-2007-2385
VUPEN: ADV-2008-0924
OSVDB: 36196
MISC: http://www.coresecurit...
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
SLACKWARE: SSA:2007-136-01
XF: libpng-trns-chunk-dos(...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070517 FLEA-2007-001...
BUGTRAQ: 20080304 CORE-2008-012...