Retired: Libpng Library Grayscale Image CRC Check Remote Denial of Service Vulnerability

TITLE: Retired: Libpng Library Grayscale Image CRC Check Remote Denial of Service Vulnerability
CLASS: Design Error
CVE: CVE-2007-2445

REMOTE: Yes
LOCAL: No
PUBLISHED: May 16 2007 12:00AM
UPDATE: May 30 2007 12:04AM
CREDIT: The vendor reported this issue.
VULNERABLE:

libpng libpng 1.0.24
libpng libpng 1.0.18
libpng libpng 1.0.17
libpng libpng 1.0.16
libpng libpng 1.0.15
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
libpng libpng 1.0.14
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 6.2 i386
libpng libpng 1.0.13
libpng libpng 1.0.12
-Caldera OpenLinux Server 3.1.1
-Caldera OpenLinux Server 3.1
-Caldera OpenLinux Workstation 3.1.1
-Caldera OpenLinux Workstation 3.1
+ Debian Linux 3.0
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
libpng libpng 1.0.11
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
libpng libpng 1.0.10
+ S.u.S.E. Linux 7.2
libpng libpng 1.0.9
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
libpng libpng 1.0.8
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
-Ximian GNOME 1.4
libpng libpng 1.0.7
libpng libpng 1.0.6
libpng libpng 1.0.5
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 7.1
libpng libpng 1.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
libpng libpng 0.90
Gentoo Linux
NOT VULNERABLE:
libpng libpng 1.2.17
libpng libpng 1.0.25

Vai alla pagina originale su Security Focus

Discussion

The libpng library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects libpng-0.90 through libpng-1.2.16.

This BID is being retired because this issue was addressed in BID 24000 (Libpng Library Remote Denial of Service Vulnerability).

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
The vendor has released an advisory to address this issue; please see the references for details.


libpng libpng 0.90


libpng libpng 1.0

libpng libpng 1.0.10

libpng libpng 1.0.11

libpng libpng 1.0.12

libpng libpng 1.0.13

libpng libpng 1.0.14

libpng libpng 1.0.15

libpng libpng 1.0.16

libpng libpng 1.0.17

libpng libpng 1.0.18

libpng libpng 1.0.24

References

References:

PhpLog

BNLug Benevento Linux Users Group