{"vuid":"VU#684664","idnumber":"684664","name":"libpng denial of service vulnerability","keywords":["libpng","DoS","denial of service","png_handle_tRNS","PNG","tRNS","CRC"],"overview":"The libpng library contains a denial-of-service vulnerability.","clean_desc":"The libpng library can be used to allow other applications to render PNG images. The libpng library contains a denial-of-service vulnerability. From the Libpng-1.2.16-ADVISORY: This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited otherwise. The reason is that png_ptr->num_trans is set to 1 and then there is an error return after checking the CRC, so the trans[ ] array is never allocated. Since png_ptr->num_trans is nonzero, libpng tries to use the array later. An attacker may be able to exploit this vulnerability by convincing a user to open a specially crafted PNG image. The malicious image may be hosted on a website, or sent as an email attachment.","impact":"A remote, unauthenticated attacker may be able to create a denial-of-service condition.","resolution":"Upgrade\nThe libpng team has released a patch for libpng 1.0.25 and 1.2.17 to address this vulnerability. Administrators are encouraged to upgrade as soon as possible. Administrators who receive the libpng library from their operating system vendor should see the systems affected portion of this document for a list of affected vendors.","workarounds":"","sysaffected":"","thanks":"Thanks to the libpng team for information that was used in this report.","author":"This document was written by Ryan Giobbi.","public":["http://sourceforge.net/project/showfiles.php?group_id=5624","http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt","http://secunia.com/advisories/25292/","http://secunia.com/advisories/25353/","http://secunia.com/advisories/25742/"],"cveids":["CVE-2007-2445"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-05-07T12:51:50Z","publicdate":"2007-05-16T00:00:00Z","datefirstpublished":"2007-05-16T17:46:37Z","dateupdated":"2007-08-23T01:06:01Z","revision":22,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"2","cam_widelyknown":"19","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"20","cam_impact":"2","cam_easeofexploitation":"14","cam_attackeraccessrequired":"16","cam_scorecurrent":"3.864","cam_scorecurrentwidelyknown":"4.032","cam_scorecurrentwidelyknownexploited":"7.392","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":3.864,"vulnote":null}