Launchpad.net

CVE 2007-5268

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.

Related bugs and status

CVE-2007-5268 (Candidate) is related to these bugs:

Bug #185178: Please sponsor libpng 1.2.24

Summary				In	Importance	Status
	185178	Please sponsor libpng 1.2.24		libpng (Ubuntu)	Wishlist	Fix Released

Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling

		In	Importance	Status
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu)	Undecided	Fix Released
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu Dapper)	Undecided	Fix Released
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu Feisty)	Undecided	Won't Fix
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu Gutsy)	Undecided	Fix Released
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu Hardy)	Undecided	Fix Released

Bug #324258: [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location

		In	Importance	Status
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Dapper)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Gutsy)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Jaunty)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Intrepid)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Hardy)	Low	Fix Released

Bug #338027: libpng code injection CVE-2009-0040

		In	Importance	Status
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Dapper)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Gutsy)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Hardy)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Intrepid)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Jaunty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [png-mng-implement] 20...
MLIST: [png-mng-implement] 20...
SECUNIA: 27093
CONFIRM: https://issues.rpath.c...
SECUNIA: 27284
UBUNTU: USN-538-1
BID: 25956
SECUNIA: 27405
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200711-08
SECUNIA: 27529
MANDRIVA: MDKSA-2007:217
SECUNIA: 27629
SECUNIA: 27746
CONFIRM: http://android-develop...
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
GENTOO: GLSA-200805-07
SECUNIA: 30161
APPLE: APPLE-SA-2008-05-28
CERT: TA08-150A
SECUNIA: 30430
SUNALERT: 259989
VUPEN: ADV-2009-1462
SECUNIA: 35302
CONFIRM: http://support.avaya.c...
SECUNIA: 35386
VUPEN: ADV-2009-1560
VUPEN: ADV-2007-3390
VUPEN: ADV-2008-0924
VUPEN: ADV-2008-1697
SUNALERT: 1020521
MLIST: [png-mng-implement] 20...
MISC: http://www.coresecurit...
SLACKWARE: SSA:2007-325-01
BUGTRAQ: 20071112 FLEA-2007-006...
BUGTRAQ: 20080304 CORE-2008-012...