Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-5269

Publication date 8 October 2007

Last updated 24 July 2024


Ubuntu priority

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.

Read the notes from the security team

Status

Package Ubuntu Release Status
libpng 7.10 gutsy
Fixed 1.2.15~beta5-2ubuntu0.1
7.04 feisty
Fixed 1.2.15~beta5-1ubuntu1.1
6.10 edgy
Fixed 1.2.8rel-5.1ubuntu0.3
6.06 LTS dapper
Fixed 1.2.8rel-5ubuntu0.3

Notes


jdstrand

assigned medium because of wide install base looking at diff between 1.2.20 and 1.2.21, it appears that Ubuntu is affected, though Debian thinks not. After weeding out the changes, there are 9 chunks over pngpread.c and pngrutil.c that appear to be for this CVE (the original patch improperly used png_strncpy, where our versions have png_strcpy). TODO: get a reproducer and/or verify png_strcpy is really not vulnerable. after talking on IRC, Debian agreed they are in fact affected 2007/10/24 RH update: https://rhn.redhat.com/errata/RHSA-2007-0992.html RH has added code to pngrtran.c that was not included upstream. Sticking with changes to pngpread.c and pngrutil.c until upstream can provide a reproducer.

References

Related Ubuntu Security Notices (USN)

    • USN-538-1
    • libpng vulnerabilities
    • 25 October 2007
    • USN-730-1
    • libpng vulnerabilities
    • 6 March 2009

Other references