Executive Summary

Informations
NameCVE-2007-5268First vendor Publication2007-10-08
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

OpenVAS Exploits

DateDescription
2010-05-12Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003
File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-04-09Name : Mandriva Update for libpng MDKSA-2007:217 (libpng)
File : nvt/gb_mandriva_MDKSA_2007_217.nasl
2009-03-23Name : Ubuntu Update for libpng vulnerabilities USN-538-1
File : nvt/gb_ubuntu_USN_538_1.nasl
2009-03-07Name : Ubuntu USN-730-1 (libpng)
File : nvt/ubuntu_730_1.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200711-08 (libpng)
File : nvt/glsa_200711_08.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200805-07 (ltsp)
File : nvt/glsa_200805_07.nasl
2008-09-04Name : FreeBSD Ports: png
File : nvt/freebsd_png0.nasl
0000-00-00Name : Slackware Advisory SSA:2007-325-01 libpng
File : nvt/esoft_slk_ssa_2007_325_01.nasl
0000-00-00Name : Slackware Advisory SSA:2007-325-01a libpng for Slackware 10.1 and 10.2
File : nvt/esoft_slk_ssa_2007_325_01a.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
38273libpng pngrtran.c Crafted PNG Multiple Method DoS

Nessus® Vulnerability Scanner

DateDescription
2014-12-15Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-730-1.nasl - Type : ACT_GATHER_INFO
2008-05-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO
2008-05-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO
2008-05-11Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200805-07.nasl - Type : ACT_GATHER_INFO
2008-03-19Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-03-04Name : The remote host is missing Sun Security Patch number 137080-07
File : solaris10_137080.nasl - Type : ACT_GATHER_INFO
2008-03-04Name : The remote host is missing Sun Security Patch number 137081-07
File : solaris10_x86_137081.nasl - Type : ACT_GATHER_INFO
2007-11-26Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-325-01.nasl - Type : ACT_GATHER_INFO
2007-11-14Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-217.nasl - Type : ACT_GATHER_INFO
2007-11-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-538-1.nasl - Type : ACT_GATHER_INFO
2007-11-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-08.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_172acf78780c11dcb3f40016179b2dd5.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BIDhttp://www.securityfocus.com/bid/25956
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/483582/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded
CERThttp://www.us-cert.gov/cas/techalerts/TA08-150A.html
CONFIRMhttp://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-rel...
http://bugs.gentoo.org/show_bug.cgi?id=195261
http://docs.info.apple.com/article.html?artnum=307562
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
https://issues.rpath.com/browse/RPL-1814
GENTOOhttp://www.gentoo.org/security/en/glsa/glsa-200711-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:217
MISChttp://www.coresecurity.com/?action=item&id=2148
MLISThttp://sourceforge.net/mailarchive/forum.php?thread_name=3.0.6.32.20071004082...
http://sourceforge.net/mailarchive/message.php?msg_name=5122753600C3E94F87FBD...
http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24...
SECUNIAhttp://secunia.com/advisories/27093
http://secunia.com/advisories/27284
http://secunia.com/advisories/27405
http://secunia.com/advisories/27529
http://secunia.com/advisories/27629
http://secunia.com/advisories/27746
http://secunia.com/advisories/29420
http://secunia.com/advisories/30161
http://secunia.com/advisories/30430
http://secunia.com/advisories/35302
http://secunia.com/advisories/35386
SLACKWAREhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&...
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
UBUNTUhttp://www.ubuntu.com/usn/usn-538-1
VUPENhttp://www.vupen.com/english/advisories/2007/3390
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1697
http://www.vupen.com/english/advisories/2009/1462
http://www.vupen.com/english/advisories/2009/1560

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-12-16 13:24:27
  • Multiple Updates
2014-02-17 10:41:59
  • Multiple Updates
2013-05-11 10:38:19
  • Multiple Updates