CVE-2006-3334
Summary
| CVE | CVE-2006-3334 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-06-30 23:05:00 UTC |
| Updated | 2018-10-18 16:46:00 UTC |
| Description | Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Greg Roelofs | Libpng | 1.2.0 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.1 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.10 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.2 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.3 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.4 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.5 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.6 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.7 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.7rc1 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.8 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.9 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.0 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.1 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.10 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.2 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.3 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.4 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.5 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.6 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.7 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.7rc1 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.8 | All | All | All |
| Application | Greg Roelofs | Libpng | 1.2.9 | All | All | All |
| Application | Greg Roelofs | Libpng | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About Security Update 2008-002 | CONFIRM | docs.info.apple.com | |
| Mandriva update for libpng - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Gentoo Linux Documentation -- libpng: Buffer overflow | GENTOO | security.gentoo.org | |
| Secunia - Advisories - SUSE Updates for Multiple Packages | SECUNIA | secunia.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| Mandriva update for chromium - Advisories - Secunia | SECUNIA | secunia.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| Mandriva update for doxygen - Advisories - Secunia | SECUNIA | secunia.com | |
| Security Announcement | SUSE | www.novell.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SUSE Update for Multiple Packages - Advisories - Secunia | SECUNIA | secunia.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| SourceForge.net: Files | CONFIRM | sourceforge.net | |
| Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Security Announcement | SUSE | www.novell.com | |
| Libpng Graphics Library Chunk Error Processing Buffer Overflow Vulnerability | BID | www.securityfocus.com | |
| APPLE-SA-2008-03-18 Security Update 2008-002 | APPLE | lists.apple.com | |
| [#RPL-517] libpng vulnerable to local exploit - rPath JIRA | CONFIRM | issues.rpath.com | |
| Gentoo update for povray - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| POV-Ray: User-assisted execution of arbitrary code — Gentoo Linux Documentation | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2007-05-14 | Mark J Cox | On Red Hat Enterprise Linux 2.1, 3, 4, and 5 this is a two-byte overflow into the middle of the stack and is not exploitable. |
There are currently no legacy QID mappings associated with this CVE.