CVE-2007-2445 — Reference Library Libpng vulnerability

8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

38.3%

top 2.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libgd2 PNG Reference Library Libpng

Timeline

PublishedMay 16

Latest updateMay 1

Description

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDpng_reference_library/libpng1.0.15+1

▶debiandebian/libgd2< libgd2 2.0.35.dfsg-1 (bookworm)

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-v9wg-49f7-4f43: The png_handle_tRNS function in pngrutil↗2022-05-01

▶

OSV

CVE-2007-2445: The png_handle_tRNS function in pngrutil↗2007-05-16

▶

📋Vendor Advisories

Ubuntu

libpng vulnerability↗2007-06-12

▶

Red Hat

libpng png_handle_tRNS flaw↗2007-05-15

▶

Debian

CVE-2007-2445: libgd2 - The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x bef...↗2007

▶

💬Community

Bugzilla

CVE-2007-2445: libpng10 DoS↗2007-05-17

▶

Bugzilla

CVE-2007-2445 libpng png_handle_tRNS flaw↗2007-05-08

▶