CVE-2007-5267

Publication date 8 October 2007

Last updated 24 July 2024

Ubuntu priority

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libpng	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

this is a fix for 1.2.21 only, which had an improper fix for CVE-2007-5266

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-5267