CVE-2008-5907

NameCVE-2008-5907
DescriptionThe png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1750-1
NVD severitymedium (attack range: remote)
Debian Bugs512665
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpng (PTS)squeeze, squeeze (security)1.2.44-1+squeeze4fixed
wheezy1.2.49-1fixed
stretch, sid, jessie1.2.50-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpngsource(unstable)1.2.35-1medium512665
libpngsourceetch1.2.15~beta5-1+etch2mediumDSA-1750-1
libpngsourcelenny1.2.27-2+lenny2mediumDSA-1750-1

Notes

Only an issues when using libpng to create out-of-spec images

Search for package or bug name: Reporting problems