CVE-2008-1382

Publication date 14 April 2008

Last updated 24 July 2024

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libpng	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 1.2.15~beta5-3ubuntu0.1
	7.10 gutsy	Fixed 1.2.15~beta5-2ubuntu0.2
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 1.2.8rel-5ubuntu0.4

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libpng	Vendor: https://rhn.redhat.com/errata/RHSA-2009-0333.html

References

Related Ubuntu Security Notices (USN)

USN-730-1
libpng vulnerabilities
6 March 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1382