CVE-2008-1382

Loading...

General

Score:7.5/10.0
Severity:High
Category:Numeric Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2006-0747, CVE-2006-5793, CVE-2007-2445, CVE-2007-2754, CVE-2007-5269, CVE-2008-0314, CVE-2008-0456, CVE-2008-1100, CVE-2008-1387, CVE-2008-1447, CVE-2008-1483, CVE-2008-1517, CVE-2008-1657, CVE-2008-1833, CVE-2008-1835, CVE-2008-1836, CVE-2008-1837, CVE-2008-2305, CVE-2008-2312, CVE-2008-2327, CVE-2008-2329, CVE-2008-2330, CVE-2008-2331, CVE-2008-2332, CVE-2008-2371, CVE-2008-2376, CVE-2008-2383, CVE-2008-2665, CVE-2008-2666, CVE-2008-2713, CVE-2008-2829, CVE-2008-2939, CVE-2008-3215, CVE-2008-3443, CVE-2008-3529, CVE-2008-3530, CVE-2008-3608, CVE-2008-3609, CVE-2008-3610, CVE-2008-3611, CVE-2008-3613, CVE-2008-3614, CVE-2008-3616, CVE-2008-3617, CVE-2008-3618, CVE-2008-3619, CVE-2008-3621, CVE-2008-3622, CVE-2008-3651, CVE-2008-3652, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-3790, CVE-2008-3863, CVE-2008-4309, CVE-2008-5077, CVE-2008-5557, CVE-2008-5907, CVE-2008-6218, CVE-2009-0010, CVE-2009-0021, CVE-2009-0025, CVE-2009-0040, CVE-2009-0114, CVE-2009-0144, CVE-2009-0145, CVE-2009-0146, CVE-2009-0147, CVE-2009-0148, CVE-2009-0149, CVE-2009-0150, CVE-2009-0152, CVE-2009-0153, CVE-2009-0154, CVE-2009-0155, CVE-2009-0156, CVE-2009-0157, CVE-2009-0158, CVE-2009-0159, CVE-2009-0160, CVE-2009-0161, CVE-2009-0162, CVE-2009-0164, CVE-2009-0165, CVE-2009-0519, CVE-2009-0520, CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-0942, CVE-2009-0943, CVE-2009-0944, CVE-2009-0945, CVE-2009-0946, CVE-2009-1805, CVE-2009-2042, CVE-2010-0205, CVE-2010-1205, CVE-2010-2249, CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692, CVE-2011-3026

Published on 14/04/08 - Updated on 29/09/17

Description

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

Category: Numeric Error

CWE-189 (Numeric Errors)
Weaknesses in this category are related to improper calculation or conversion of numbers.

Security Notices

US National Vulnerability DatabaseCVE-2008-1382
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-463, CERTA-2009-AVI-186
Oracle Linux ELSA-2012-0317
Redhat RHSA-2009:0333
Renater 2008/VULN349, 2009/VULN115, 2009/VULN175, 2009/VULN212

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
libpnglibpng

Share this vulnerability with:

Twitter Facebook LinkedIn Mail