Launchpad.net

CVE 2007-5266

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.

Related bugs and status

CVE-2007-5266 (Candidate) is related to these bugs:

Bug #185178: Please sponsor libpng 1.2.24

Summary				In	Importance	Status
	185178	Please sponsor libpng 1.2.24		libpng (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [png-mng-implement] 20...
CONFIRM: https://issues.rpath.c...
SECUNIA: 27284
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200711-08
SECUNIA: 27529
BID: 25957
MANDRIVA: MDKSA-2007:217
SECUNIA: 27629
SECUNIA: 27746
CONFIRM: http://android-develop...
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
GENTOO: GLSA-200805-07
SECUNIA: 30161
APPLE: APPLE-SA-2008-05-28
CERT: TA08-150A
SECUNIA: 30430
SUNALERT: 259989
VUPEN: ADV-2009-1462
SECUNIA: 35302
CONFIRM: http://support.avaya.c...
SECUNIA: 35386
VUPEN: ADV-2009-1560
VUPEN: ADV-2008-0924
VUPEN: ADV-2008-1697
SUNALERT: 1020521
MLIST: [png-mng-implement] 20...
MISC: http://www.coresecurit...
SLACKWARE: SSA:2007-325-01
BUGTRAQ: 20071112 FLEA-2007-006...
BUGTRAQ: 20080304 CORE-2008-012...