CVE-2006-5793

Publication date 17 November 2006

Last updated 24 July 2024

Ubuntu priority

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libpng	7.04 feisty	Fixed 1.2.15~beta5-1ubuntu1
	6.10 edgy	Fixed 1.2.8rel-5.1ubuntu0.2
	6.06 LTS dapper	Fixed 1.2.8rel-5ubuntu0.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-383-1
libpng vulnerability
17 November 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-5793