Libpng Pngwutil.c NULL Pointer Vulnerability Network Vulnerability

Summary

The host has libpng installed and is prone to memory overwrite vulnerability.

Impact

Successful remote exploitation could result in arbitrary code execution on the affected system. Impact Level: Application

Solution

Upgrade to libpng 1.0.42 or 1.2.34, http://libpng.sourceforge.net/index.html

Insight

Attackers can set the value of arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer.

Affected

libpng 1.0.41 and prior and 1.2.x to 1.2.33 on Linux.

References

http://openwall.com/lists/oss-security/2009/01/09/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5907

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)

libpng pngwutil.c NULL pointer Vulnerability

Take action and discover your vulnerabilities