oval:org.mitre.oval:def:6557
Definition Id: oval:org.mitre.oval:def:6557 | |||
Oval ID: | oval:org.mitre.oval:def:6557 | ||
Title: | DSA-1750 libpng -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1750 CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6513 | |||
Oval ID: | oval:org.mitre.oval:def:6513 | ||
Title: | Debian GNU/Linux 5.0 is installed | ||
Description: | Debian GNU/Linux 5.0 (lenny) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:5.0 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:6557 |
Definition Id: oval:org.mitre.oval:def:6461 | |||
Oval ID: | oval:org.mitre.oval:def:6461 | ||
Title: | Debian GNU/Linux 4.0 is installed. | ||
Description: | Debian GNU/Linux 4.0 (etch) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:4.0 | Version: | 9 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:6557 |