Описание
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-1382
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41800
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html
- http://libpng.sourceforge.net/Advisory-1.2.26.txt
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html
- http://secunia.com/advisories/29678
- http://secunia.com/advisories/29792
- http://secunia.com/advisories/29957
- http://secunia.com/advisories/29992
- http://secunia.com/advisories/30009
- http://secunia.com/advisories/30157
- http://secunia.com/advisories/30174
- http://secunia.com/advisories/30402
- http://secunia.com/advisories/30486
- http://secunia.com/advisories/31882
- http://secunia.com/advisories/33137
- http://secunia.com/advisories/34152
- http://secunia.com/advisories/34388
- http://secunia.com/advisories/35074
- http://secunia.com/advisories/35258
- http://secunia.com/advisories/35302
- http://secunia.com/advisories/35386
- http://security.gentoo.org/glsa/glsa-200804-15.xml
- http://security.gentoo.org/glsa/glsa-200805-10.xml
- http://security.gentoo.org/glsa/glsa-200812-15.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
- http://support.apple.com/kb/HT3549
- http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151
- http://www.debian.org/security/2009/dsa-1750
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:156
- http://www.ocert.org/advisories/ocert-2008-003.html
- http://www.osvdb.org/44364
- http://www.redhat.com/support/errata/RHSA-2009-0333.html
- http://www.securityfocus.com/archive/1/490823/100/0/threaded
- http://www.securityfocus.com/archive/1/491424/100/0/threaded
- http://www.securityfocus.com/archive/1/503912/100/0/threaded
- http://www.securityfocus.com/bid/28770
- http://www.securitytracker.com/id?1019840
- http://www.us-cert.gov/cas/techalerts/TA08-260A.html
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vmware.com/security/advisories/VMSA-2009-0007.html
- http://www.vupen.com/english/advisories/2008/1225/references
- http://www.vupen.com/english/advisories/2008/2584
- http://www.vupen.com/english/advisories/2009/1297
- http://www.vupen.com/english/advisories/2009/1451
- http://www.vupen.com/english/advisories/2009/1462
- http://www.vupen.com/english/advisories/2009/1560
EPSS
CVE ID
Связанные уязвимости
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 thr ...
Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS