Summary
The host has libpng installed and is prone to memory overwrite vulnerability.
Impact
Successful remote exploitation could result in arbitrary code execution on the affected system.
Impact Level: Application
Solution
Upgrade to libpng 1.0.42 or 1.2.34,
http://libpng.sourceforge.net/index.html
Insight
Attackers can set the value of arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer.
Affected
libpng 1.0.41 and prior and 1.2.x to 1.2.33 on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5907 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
- Apache Tomcat Multiple Vulnerabilities - 01 Mar14
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability