CVE-2007-5267 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5267
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5267

Description: Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.

CVE Status: Candidate

References: SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323 SAID Secunia Advisory: SA27130 Secunia Advisory: SA27284 Secunia Advisory: SA27746 Secunia Advisory: SA29420 Secunia Advisory: SA35302 Secunia Advisory: SA35386 MLIST http://sourceforge.net/mailarchive/message.php?msg_name=3.0.6.32.20071005143158.012ada08%40mail.comcast.net http://sourceforge.net/mailarchive/forum.php?thread_name=47067C84.7010205%40playstation.sony.com&forum_name=png-mng-implement MISC http://www.coresecurity.com/?action=item&id=2148 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html http://docs.info.apple.com/article.html?artnum=307562 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/483582/100/0/threaded BID 25957 APPLE http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Return to the previous page.