CVE-2008-5907

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the 0 character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

Affected Software

References

• http://libpng.sourceforge.net/index.html
• http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
• http://openwall.com/lists/oss-security/2009/01/09/1
• http://secunia.com/advisories/34320
• http://secunia.com/advisories/34388
• http://security.gentoo.org/glsa/glsa-200903-28.xml
• http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local\u0026forum_name=png-mng-implement
• http://www.debian.org/security/2009/dsa-1750
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
• https://exchange.xforce.ibmcloud.com/vulnerabilities/48128
• http://libpng.sourceforge.net/index.html
• http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
• http://openwall.com/lists/oss-security/2009/01/09/1
• http://secunia.com/advisories/34320
• http://secunia.com/advisories/34388
• http://security.gentoo.org/glsa/glsa-200903-28.xml
• http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local\u0026forum_name=png-mng-implement
• http://www.debian.org/security/2009/dsa-1750
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
• https://exchange.xforce.ibmcloud.com/vulnerabilities/48128