製品・ソフトウェアに関する情報

JVN脆弱性詳細

libpng の pngset.c における一つずれエラーの脆弱性

Title	libpng の pngset.c における一つずれエラーの脆弱性
Summary	libpng の pngset.c には、png_set_iCCP() 関数の ICC プロファイルチャンクにおいて PNG ファイル name フィールドの NULL 終端を適切に防がないため、一つずれエラーの脆弱性が存在します。
Possible impacts	第三者により巧妙に細工された PNG イメージによりアプリケーションをサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 18, 2007, midnight
Registration Date	April 11, 2008, 5:31 p.m.
Last Update	April 18, 2012, 6:51 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

アップル

Apple Mac OS X v10.5.3 未満

Apple Mac OS X Server v10.5.3 未満

PNG Development Group

libpng 1.0.29 beta1 およびそれ以前

libpng 1.2.21 beta1 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-5266	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
National Vulnerability Database (NVD)
2	CVE-2007-5266	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	Security Update 2008-002	http://support.apple.com/kb/HT1249?viewlocale=en_US
2	Security Update 2008-003	http://support.apple.com/kb/HT1897
Apple セキュリティアップデート
3	Security Update 2008-002	http://support.apple.com/kb/HT1249?viewlocale=ja_JP
4	Security Update 2008-003	http://support.apple.com/kb/HT1897?viewlocale=ja_JP&locale=ja_JP
libpng.org
5	Top Page	http://www.libpng.org/
6	[png-mng-implement] libpng-1.0.29beta1 and libpng-1.2.21beta1	http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com
SECURITY BLOG
7	Multiple Denial of Service vulnerabilities in libpng	https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities6
Sun Alert Notification
8	259989	http://download.oracle.com/sunalerts/1020521.1.html

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2008-0924	http://www.frsirt.com/english/advisories/2008/0924
JVN
2	JVNTA08-079A	http://jvn.jp/cert/JVNTA08-079A/index.html
3	JVNTA08-150A	http://jvn.jp/cert/JVNTA08-150A/
JVN Status Tracking Notes
4	TRTA08-079A	http://jvn.jp/tr/TRTA08-079A/index.html
5	TRTA08-150A	http://jvn.jp/tr/TRTA08-150A/index.html
Secunia Advisory
6	SA27130	http://secunia.com/advisories/27130
SecurityFocus
7	25957	http://www.securityfocus.com/bid/25957
US-CERT Cyber Security Alerts
8	SA08-079A	http://www.us-cert.gov/cas/alerts/SA08-079A.html
9	SA08-150A	http://www.us-cert.gov/cas/alerts/SA08-150A.html
US-CERT Technical Cyber Security Alert
10	TA08-079A	http://www.us-cert.gov/cas/techalerts/TA08-079A.html
11	TA08-150A	http://www.us-cert.gov/cas/techalerts/TA08-150A.html
VUPEN Security
12	VUPEN/ADV-2007-3391	http://www.vupen.com/english/advisories/2007/3391

Change Log

No	Changed Details	Date of change
0	[2008年04月11日] 掲載 [2008年06月18日] 影響を受けるシステム：アップル (Security Update 2008-003) の情報を追加ベンダ情報：アップル (Security Update 2008-003) を追加 [2009年07月02日] 影響を受けるシステム：サン・マイクロシステムズ (259989) の情報を追加ベンダ情報：サン・マイクロシステムズ (259989) を追加 [2012年04月18日] ベンダ情報：オラクル (Multiple Denial of Service vulnerabilities in libpng) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-5266

Summary	Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.
Summary	Error de superación de límite (off-by-one) en el manejo de perfiles ICC en la función png_set_iCCP de pngset.c en libpng anterior a 1.0.29 beta1 y 1.2.x anterior a 1.2.21 beta1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una imagen PNG manipulada artesanalmente que provoca que el campo de nombre no termine con NULL.
Publication Date	Oct. 9, 2007, 6:17 a.m.
Registration Date	Jan. 29, 2021, 2:21 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libpng:libpng::::::::		1.0.28
cpe:2.3:a:libpng:libpng::::::::	1.2.0	1.2.20

Related information, measures and tools

No	URL	refsource
1	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html	cve@mitre.org
2	http://bugs.gentoo.org/show_bug.cgi?id=195261	cve@mitre.org
3	http://docs.info.apple.com/article.html?artnum=307562	cve@mitre.org
4	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html	cve@mitre.org
5	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	cve@mitre.org
6	http://secunia.com/advisories/27284	cve@mitre.org
7	http://secunia.com/advisories/27529	cve@mitre.org
8	http://secunia.com/advisories/27629	cve@mitre.org
9	http://secunia.com/advisories/27746	cve@mitre.org
10	http://secunia.com/advisories/29420	cve@mitre.org
11	http://secunia.com/advisories/30161	cve@mitre.org
12	http://secunia.com/advisories/30430	cve@mitre.org
13	http://secunia.com/advisories/35302	cve@mitre.org
14	http://secunia.com/advisories/35386	cve@mitre.org
15	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323	cve@mitre.org
16	http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement	cve@mitre.org
17	http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com	cve@mitre.org
18	http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1	cve@mitre.org
19	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1	cve@mitre.org
20	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm	cve@mitre.org
21	http://www.coresecurity.com/?action=item&id=2148	cve@mitre.org
22	http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml	cve@mitre.org
23	http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	cve@mitre.org
24	http://www.mandriva.com/security/advisories?name=MDKSA-2007:217	cve@mitre.org
25	http://www.securityfocus.com/archive/1/483582/100/0/threaded	cve@mitre.org
26	http://www.securityfocus.com/archive/1/489135/100/0/threaded	cve@mitre.org
27	http://www.securityfocus.com/bid/25957	cve@mitre.org
28	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	cve@mitre.org
29	http://www.vupen.com/english/advisories/2008/0924/references	cve@mitre.org
30	http://www.vupen.com/english/advisories/2008/1697	cve@mitre.org
31	http://www.vupen.com/english/advisories/2009/1462	cve@mitre.org
32	http://www.vupen.com/english/advisories/2009/1560	cve@mitre.org
33	https://issues.rpath.com/browse/RPL-1814	cve@mitre.org
34	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html	af854a3a-2127-422b-91ae-364da2661108
35	http://bugs.gentoo.org/show_bug.cgi?id=195261	af854a3a-2127-422b-91ae-364da2661108
36	http://docs.info.apple.com/article.html?artnum=307562	af854a3a-2127-422b-91ae-364da2661108
37	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html	af854a3a-2127-422b-91ae-364da2661108
38	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	af854a3a-2127-422b-91ae-364da2661108
39	http://secunia.com/advisories/27284	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/27529	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/27629	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/27746	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/29420	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/30161	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/30430	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/35302	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/35386	af854a3a-2127-422b-91ae-364da2661108
48	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323	af854a3a-2127-422b-91ae-364da2661108
49	http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement	af854a3a-2127-422b-91ae-364da2661108
50	http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com	af854a3a-2127-422b-91ae-364da2661108
51	http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1	af854a3a-2127-422b-91ae-364da2661108
52	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1	af854a3a-2127-422b-91ae-364da2661108
53	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm	af854a3a-2127-422b-91ae-364da2661108
54	http://www.coresecurity.com/?action=item&id=2148	af854a3a-2127-422b-91ae-364da2661108
55	http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml	af854a3a-2127-422b-91ae-364da2661108
56	http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	af854a3a-2127-422b-91ae-364da2661108
57	http://www.mandriva.com/security/advisories?name=MDKSA-2007:217	af854a3a-2127-422b-91ae-364da2661108
58	http://www.securityfocus.com/archive/1/483582/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
59	http://www.securityfocus.com/archive/1/489135/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
60	http://www.securityfocus.com/bid/25957	af854a3a-2127-422b-91ae-364da2661108
61	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	af854a3a-2127-422b-91ae-364da2661108
62	http://www.vupen.com/english/advisories/2008/0924/references	af854a3a-2127-422b-91ae-364da2661108
63	http://www.vupen.com/english/advisories/2008/1697	af854a3a-2127-422b-91ae-364da2661108
64	http://www.vupen.com/english/advisories/2009/1462	af854a3a-2127-422b-91ae-364da2661108
65	http://www.vupen.com/english/advisories/2009/1560	af854a3a-2127-422b-91ae-364da2661108
66	https://issues.rpath.com/browse/RPL-1814	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html