Launchpad.net

CVE 2008-1382

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

Related bugs and status

CVE-2008-1382 (Candidate) is related to these bugs:

Bug #185178: Please sponsor libpng 1.2.24

Summary				In	Importance	Status
	185178	Please sponsor libpng 1.2.24		libpng (Ubuntu)	Wishlist	Fix Released

Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling

		In	Importance	Status
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu)	Undecided	Fix Released
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu Dapper)	Undecided	Fix Released
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu Feisty)	Undecided	Won't Fix
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu Gutsy)	Undecided	Fix Released
217128	CVE-2008-1382: libpng zero-length chunks incorrect handling	libpng (Ubuntu Hardy)	Undecided	Fix Released

Bug #217345: libpng 1.0.6 through 1.2.26, unknown chunks with zero data length

Summary				In	Importance	Status
	217345	libpng 1.0.6 through 1.2.26, unknown chunks with zero data length		PLD Linux	High	Fix Released

Bug #226009: Several security vulnerabilities

		In	Importance	Status
226009	Several security vulnerabilities	libpng (Ubuntu)	Undecided	Fix Released
226009	Several security vulnerabilities	libpng (Ubuntu Dapper)	Undecided	Confirmed
226009	Several security vulnerabilities	libpng (Ubuntu Feisty)	Undecided	Confirmed
226009	Several security vulnerabilities	libpng (Ubuntu Gutsy)	Undecided	Confirmed
226009	Several security vulnerabilities	libpng (Ubuntu Hardy)	Undecided	Confirmed

Bug #324258: [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location

		In	Importance	Status
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Dapper)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Gutsy)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Jaunty)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Intrepid)	Low	Fix Released
324258	[CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location	libpng (Ubuntu Hardy)	Low	Fix Released

Bug #338027: libpng code injection CVE-2009-0040

		In	Importance	Status
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Dapper)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Gutsy)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Hardy)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Intrepid)	Medium	Fix Released
338027	libpng code injection CVE-2009-0040	libpng (Ubuntu Jaunty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.ocert.org/a...
CONFIRM: http://libpng.sourcefo...
SECUNIA: 29792
GENTOO: GLSA-200804-15
BID: 28770
SECTRACK: 1019840
SECUNIA: 29678
OSVDB: 44364
SUSE: SUSE-SR:2008:010
CONFIRM: http://wiki.rpath.com/...
SECUNIA: 29992
SECUNIA: 29957
SECUNIA: 30009
FEDORA: FEDORA-2008-3683
FEDORA: FEDORA-2008-3937
FEDORA: FEDORA-2008-3979
SECUNIA: 30402
FEDORA: FEDORA-2008-4847
FEDORA: FEDORA-2008-4910
FEDORA: FEDORA-2008-4947
SECUNIA: 30486
APPLE: APPLE-SA-2008-09-15
MANDRIVA: MDVSA-2008:156
SECUNIA: 31882
CERT: TA08-260A
GENTOO: GLSA-200805-10
SECUNIA: 30157
SECUNIA: 30174
SECUNIA: 33137
GENTOO: GLSA-200812-15
DEBIAN: DSA-1750
SECUNIA: 34388
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-05-12
CERT: TA09-133A
SECUNIA: 35074
VUPEN: ADV-2009-1297
CONFIRM: http://www.vmware.com/...
SECUNIA: 35258
SUNALERT: 259989
VUPEN: ADV-2009-1451
VUPEN: ADV-2009-1462
SECUNIA: 35302
CONFIRM: http://support.avaya.c...
SECUNIA: 35386
VUPEN: ADV-2009-1560
REDHAT: RHSA-2009:0333
SECUNIA: 34152
VUPEN: ADV-2008-1225
VUPEN: ADV-2008-2584
SUNALERT: 1020521
SLACKWARE: SSA:2008-119-01
XF: libpng-zero-length-cod...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080414 [oCERT-2008-0...
BUGTRAQ: 20080429 rPSA-2008-015...
BUGTRAQ: 20090529 VMSA-2009-000...