CVE 2008-1382
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Related bugs and status
CVE-2008-1382 (Candidate) is related to these bugs:
Bug #185178: Please sponsor libpng 1.2.24
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
185178 | Please sponsor libpng 1.2.24 | libpng (Ubuntu) | Wishlist | Fix Released |
Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu) | Undecided | Fix Released | ||
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Dapper) | Undecided | Fix Released | ||
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Feisty) | Undecided | Won't Fix | ||
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Gutsy) | Undecided | Fix Released | ||
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Hardy) | Undecided | Fix Released |
Bug #217345: libpng 1.0.6 through 1.2.26, unknown chunks with zero data length
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
217345 | libpng 1.0.6 through 1.2.26, unknown chunks with zero data length | PLD Linux | High | Fix Released |
Bug #226009: Several security vulnerabilities
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
226009 | Several security vulnerabilities | libpng (Ubuntu) | Undecided | Fix Released | ||
226009 | Several security vulnerabilities | libpng (Ubuntu Dapper) | Undecided | Confirmed | ||
226009 | Several security vulnerabilities | libpng (Ubuntu Feisty) | Undecided | Confirmed | ||
226009 | Several security vulnerabilities | libpng (Ubuntu Gutsy) | Undecided | Confirmed | ||
226009 | Several security vulnerabilities | libpng (Ubuntu Hardy) | Undecided | Confirmed |
Bug #324258: [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Dapper) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Gutsy) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Jaunty) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Intrepid) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Hardy) | Low | Fix Released |
Bug #338027: libpng code injection CVE-2009-0040
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Dapper) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Gutsy) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Hardy) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Intrepid) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Jaunty) | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.