exploits , vulnerabilities , articles , Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability

Title	Libpng Library ICC Profile Chunk Off-By-One Denial of Service Vulnerability
Published	2007-10-08-12:00AM
Updated	2008-03-19-02:50PM
Class	Design Error
CVE	CVE-2007-5267 E-2007-5266
Remote	Yes
Local	No
Credit	bnanson is credited with the discovery of this vulnerability.
Vulnerable	VMWare Workstation 6.0.2 VMWare Workstation 6.0.1 VMWare Workstation 6.0 VMWare Server 1.0.4 VMWare Server 1.0.3 VMWare Server 1.0.2 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux 12.0 Slackware Linux 11.0 rPath rPath Linux 1 RedHat Fedora 7 0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 libpng libpng3 1.2.13 Slackware Linux 11.0 libpng libpng3 1.2.12 Slackware Linux 11.0 libpng libpng3 1.2.8 Slackware Linux 10.2 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.1 Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 libpng libpng3 1.2.5 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.2 Gentoo Linux 1.2 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.1 ppc MandrakeSoft Linux Mandrake 9.1 ppc MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 RedHat Fedora Core1 RedHat Fedora Core1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 9.0 Slackware Linux current Slackware Linux current Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Ubuntu Ubuntu Linux 4.1 ia32 libpng libpng 1.2.21 Google Android Software Development Kit (SDK) m3rc37a Foresight Linux Foresight Linux 1.1 Apple Mac OS X Server 10.5.2 Apple Mac OS X 10.5.2
Not Vulnerable	VMWare Workstation 6.0.3 VMWare Server 1.0.5 libpng libpng 1.2.22 rc1 Google Android Software Development Kit (SDK) m5-rc15
Code	To exploit this issue, an attacker must entice an unsuspecting victim into opening a malicious PNG file.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Drupal Sections Module HTML Injection Vulnerability
• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
• 2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• 2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 13:02:18 +0000