CVE-2007-5266

Published Oct 8, 2007

Last updated 6 years ago

Overview

Description: Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A6442D5-8045-49D3-9F30-C4FF1D991BE3",
            "versionEndIncluding": "1.0.28"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF36838B-2645-4803-987A-5DB49486A52D",
            "versionEndIncluding": "1.2.20",
            "versionStartIncluding": "1.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References