CVE 2008-5907
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
Related bugs and status
CVE-2008-5907 (Candidate) is related to these bugs:
Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Dapper) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Feisty) | Undecided | Won't Fix | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Gutsy) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Hardy) | Undecided | Fix Released | ||
Bug #324258: [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Dapper) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Gutsy) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Jaunty) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Intrepid) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Hardy) | Low | Fix Released | ||
Bug #338027: libpng code injection CVE-2009-0040
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Dapper) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Gutsy) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Hardy) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Intrepid) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Jaunty) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
