BNLug - Libpng Library Remote Denial of Service Vulnerability

Libpng Library Remote Denial of Service Vulnerability

TITLE: Libpng Library Remote Denial of Service Vulnerability
CLASS: Design Error
CVE: CVE-2007-2445

REMOTE: Yes
LOCAL: No
PUBLISHED: May 15 2007 12:00AM
UPDATE: Jun 12 2007 09:30AM
CREDIT: The vendor reported this issue.
VULNERABLE:

Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
SGI ProPack 3.0 SP6
rPath rPath Linux 1
RedHat Fedora Core6
RedHat Fedora Core5
RedHat Enterprise Linux Virtualization v.5 server
RedHat Enterprise Linux Supplementary v.5 server
RedHat Enterprise Linux Optional Productivity Application v.5 server
RedHat Enterprise Linux Hardware Certification v.5
RedHat Enterprise Linux Desktop Workstation v. 5 client
RedHat Enterprise Linux Desktop Supplementary v.5 client
RedHat Enterprise Linux Desktop Multi OS v.5 client
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux Clustering v.5 server
RedHat Enterprise Linux Cluster-Storage v.5 server
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux v. 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
OpenPKG OpenPKG E1.0-Solid
OpenPKG OpenPKG Current
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
libpng libpng3 1.2.12
+ Slackware Linux 11.0
libpng libpng3 1.2.11
libpng libpng3 1.2.10
libpng libpng3 1.2.8
+ Slackware Linux 10.2
+ Slackware Linux 10.2
+ Slackware Linux 10.1
+ Slackware Linux 10.1
+ Trustix Secure Linux 3.0.5
+ Trustix Secure Linux 3.0
+ Trustix Secure Linux 2.2
libpng libpng3 1.2.7
+ Trustix Secure Enterprise Linux 2.0
libpng libpng3 1.2.5
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ MandrakeSoft Linux Mandrake 10.0
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ MandrakeSoft Linux Mandrake 9.2
+ MandrakeSoft Linux Mandrake 9.2
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1
+ RedHat Fedora Core1
+ RedHat Fedora Core1
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 9.0
+ Slackware Linux -current
+ Slackware Linux -current
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
libpng libpng3 1.2.1
+ Debian Linux 3.0
+ Debian Linux 3.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.2
+ Slackware Linux 8.1
libpng libpng3 1.2 .0
+ Conectiva Linux 8.0
libpng libpng 1.0.18
libpng libpng 1.0.17
libpng libpng 1.0.16
libpng libpng 1.0.15
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
libpng libpng 1.0.14
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 6.2 i386
libpng libpng 1.0.13
libpng libpng 1.0.12
-Caldera OpenLinux Server 3.1.1
-Caldera OpenLinux Server 3.1
-Caldera OpenLinux Workstation 3.1.1
-Caldera OpenLinux Workstation 3.1
+ Debian Linux 3.0
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
libpng libpng 1.0.11
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
libpng libpng 1.0.10
+ S.u.S.E. Linux 7.2
libpng libpng 1.0.9
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
libpng libpng 1.0.8
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
-Ximian GNOME 1.4
libpng libpng 1.0.7
libpng libpng 1.0.6
libpng libpng 1.0.5
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 7.1
libpng libpng 1.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
libpng libpng 0.90
Gentoo Linux
Foresight Linux Foresight Linux 1.1

NOT VULNERABLE:

libpng libpng 1.2.17
libpng libpng 1.0.25

Vai alla pagina originale su Security Focus

Discussion

The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.16 and prior versions.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.