CVE-2008-5907

NONECVSS 0.0

0.0

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

🔗 References (20)

cve@mitrehttp://libpng.sourceforge.net/index.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
cve@mitrehttp://openwall.com/lists/oss-security/2009/01/09/1
cve@mitrehttp://secunia.com/advisories/34320
cve@mitrehttp://secunia.com/advisories/34388
cve@mitrehttp://security.gentoo.org/glsa/glsa-200903-28.xml
cve@mitrehttp://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement
cve@mitrehttp://www.debian.org/security/2009/dsa-1750
cve@mitrehttp://www.mandriva.com/security/advisories?name=MDVSA-2009:051
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/48128
af854a3a-2127-422b-91ae-364da2661108http://libpng.sourceforge.net/index.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2009/01/09/1
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34320
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34388

Is Your Infrastructure Affected by CVE-2008-5907?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-5907

📅 Published

🔄 Last Modified

🔗 References (20)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-5907?