what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2008-1382

Status Candidate

Overview

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

Related Files

Gentoo Linux Security Advisory 201412-08
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251
MD5 | 4988293251dc9709a0f0caf5c1076c9b
VMware Security Advisory 2009-0007
Posted May 29, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware Hosted products and ESX and ESXi patches resolve a security issue. Update patch 13 for ESX 2.5.5 updates the libpng Service Console RPM.

tags | advisory
advisories | CVE-2009-1805, CVE-2009-0040, CVE-2008-1382
MD5 | e321e1b1f68ac98ae02ac51e9497b6c7
Debian Linux Security Advisory 1750-1
Posted Mar 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1750-1 - Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-2445, CVE-2007-5269, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2009-0040
MD5 | 083131ff682dc91a93d2365ba18a5826
Ubuntu Security Notice 730-1
Posted Mar 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-730-1 - A large amount of vulnerabilities in libpng have been addressed. These range from denial of service to remote code execution issues.

tags | advisory, remote, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2007-5268, CVE-2007-5269, CVE-2008-1382, CVE-2008-3964, CVE-2008-5907, CVE-2009-0040
MD5 | 1fca946060331888f2fd899bad007ec7
Gentoo Linux Security Advisory 200812-15
Posted Dec 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-15 - POV-Ray includes a version of libpng that might allow for the execution of arbitrary code when reading a specially crafted PNG file POV-Ray uses a statically linked copy of libpng to view and output PNG files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in POV-Ray's build system caused it to load the old version when your installed copy of libpng was >=media-libs/libpng-1.2.10. Versions less than 3.6.1-r4 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2004-0768, CVE-2006-0481, CVE-2006-3334, CVE-2008-1382, CVE-2008-3964
MD5 | d39fa87c82396bf38c5d53b799a5a959
Mandriva Linux Security Advisory 2008-156
Posted Jul 29, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy of the Google Security Team discovered a flaw in how libpng handles zero-length unknown chunks in PNG files, which could lead to memory corruption in applications that make use of certain functions. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2008-1382
MD5 | c762fa86f5124a5d2f6fe8cbbfb224ec
Gentoo Linux Security Advisory 200805-10
Posted May 12, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-10 - It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption (GLSA 200804-15). Versions less than 1.6.4-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-1382
MD5 | 7cfec10bfa57130b88afb7bff74c84e3
Gentoo Linux Security Advisory 200804-15
Posted Apr 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-15 - Tavis Ormandy of the Google Security Team discovered that libpng does not handle zero-length unknown chunks in PNG files correctly, which might lead to memory corruption in applications that call png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks(). Versions less than 1.2.26-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-1382
MD5 | e635114ddc8d6feceebe6b7970ef6481
Open Source CERT Security Advisory 2008.3
Posted Apr 14, 2008
Authored by Tavis Ormandy, Open Source CERT | Site ocert.org

Applications using libpng that install unknown chunk handlers, or copy unknown chunks, may be vulnerable to a security issue which may result in incorrect output, information leaks, crashes, or arbitrary code execution. The libpng project indicates libpng-1.0.6 through 1.0.32, libpng-1.2.0 through 1.2.26, and libpng-1.4.0beta01 through libpng-1.4.0beta19 built with PNG_READ_UNKNOWN_CHUNKS_SUPPORTED or PNG_READ_USER_CHUNKS_SUPPORTED (default configuration) are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2008-1382
MD5 | 95c71dc1fb7cff1e7190e752ae50d625
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close