CVE-2007-5266

Publication date 8 October 2007

Last updated 24 July 2024


Ubuntu priority

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.

Read the notes from the security team

Status

Package Ubuntu Release Status
libpng 7.10 gutsy
Not affected
7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected

Notes


jdstrand

DoS on many systems theoretically not vulnerable because the affected code uses png_strncpy with bad args, but our versions use png_strcpy. TODO: get reproducer and/or verify png_strcpy usage upstream did not provide reproducer. code not in existing versions fully fixed in 1.2.22