CVE Vulnerabilities

CVE-2007-5266

Published: Oct 08, 2007 | Modified: Oct 26, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.

Affected Software

Name Vendor Start Version End Version
Libpng Libpng * 1.0.28 (including)
Libpng Libpng 1.2.0 (including) 1.2.20 (including)
Libpng Ubuntu upstream *

References