Retired: Libpng Library Grayscale Image CRC Check Remote Denial of Service Vulnerability

Bugtraq ID:	24023
Class:	Design Error
CVE:	CVE-2007-2445
Remote:	Yes
Local:	No
Published:	May 16 2007 12:00AM
Updated:	May 30 2007 12:04AM
Credit:	The vendor reported this issue.
Vulnerable:	libpng libpng 1.0.24 libpng libpng 1.0.18 libpng libpng 1.0.17 libpng libpng 1.0.16 libpng libpng 1.0.15 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 libpng libpng 1.0.14 + Redhat Linux 7.3 i386 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.1 i386 + Redhat Linux 7.0 i386 + Redhat Linux 6.2 i386 libpng libpng 1.0.13 libpng libpng 1.0.12 - Caldera OpenLinux Server 3.1.1 - Caldera OpenLinux Server 3.1 - Caldera OpenLinux Workstation 3.1.1 - Caldera OpenLinux Workstation 3.1 + Debian Linux 3.0 + Mandriva Linux Mandrake 8.1 ia64 + Mandriva Linux Mandrake 8.1 + SuSE Linux 8.0 + SuSE Linux 7.3 sparc + SuSE Linux 7.3 ppc + SuSE Linux 7.3 libpng libpng 1.0.11 libpng libpng 1.0.10 + SuSE Linux 7.2 libpng libpng 1.0.9 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 libpng libpng 1.0.8 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + MandrakeSoft Single Network Firewall 7.2 + Mandriva Linux Mandrake 7.2 + SuSE Linux 7.1 sparc + SuSE Linux 7.1 ppc + SuSE Linux 7.1 alpha + SuSE Linux 7.1 - Ximian GNOME 1.4 libpng libpng 1.0.7 libpng libpng 1.0.6 libpng libpng 1.0.5 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + MandrakeSoft Corporate Server 1.0.1 + Mandriva Linux Mandrake 7.1 libpng libpng 1.0 + SuSE Linux 7.0 sparc + SuSE Linux 7.0 ppc + SuSE Linux 7.0 alpha + SuSE Linux 7.0 libpng libpng 0.90 Gentoo Linux
Not Vulnerable:	libpng libpng 1.2.17 libpng libpng 1.0.25

Retired: Libpng Library Grayscale Image CRC Check Remote Denial of Service Vulnerability

The libpng library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects libpng-0.90 through libpng-1.2.16.

This BID is being retired because this issue was addressed in BID 24000 (Libpng Library Remote Denial of Service Vulnerability).

Retired: Libpng Library Grayscale Image CRC Check Remote Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Retired: Libpng Library Grayscale Image CRC Check Remote Denial of Service Vulnerability

Solution:
The vendor has released an advisory to address this issue; please see the references for details.


libpng libpng 0.90

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.10

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.11

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.12

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.13

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.14

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.15

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.16

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.17

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.18

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

libpng libpng 1.0.24

• libpng libpng-1.2.18.tar.gz
  http://prdownloads.sourceforge.net/libpng/libpng-1.2.18.tar.gz

Retired: Libpng Library Grayscale Image CRC Check Remote Denial of Service Vulnerability

References:

• libpng Homepage (libpng)
  
• Libpng-1.2.16-ADVISORY.txt (PNG Development Group)