NVD脆弱性詳細

CVE-2007-2445

概要	The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
公表日	2007年5月17日7:30
登録日	2021年1月29日14:12
最終更新日	2018年10月17日1:43

CVSS2.0 : MEDIUM
スコア	5.0
ベクター	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:png_reference_library:libpng::::::::		1.0.15
cpe:2.3:a:png_reference_library:libpng::::::::		1.2.16

関連情報、対策とツール

No	URL	refsource	タグ
1	http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html	CONFIRM
2	http://docs.info.apple.com/article.html?artnum=307562	CONFIRM
3	http://irrlicht.sourceforge.net/changes.txt	CONFIRM
4	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	APPLE
5	http://openpkg.com/go/OpenPKG-SA-2007.013	OPENPKG
6	http://osvdb.org/36196	OSVDB
7	http://secunia.com/advisories/25268	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/25273	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/25292	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/25329	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/25353	SECUNIA
12	http://secunia.com/advisories/25461	SECUNIA
13	http://secunia.com/advisories/25554	SECUNIA
14	http://secunia.com/advisories/25571	SECUNIA
15	http://secunia.com/advisories/25742	SECUNIA
16	http://secunia.com/advisories/25787	SECUNIA
17	http://secunia.com/advisories/25867	SECUNIA
18	http://secunia.com/advisories/27056	SECUNIA
19	http://secunia.com/advisories/29420	SECUNIA
20	http://secunia.com/advisories/30161	SECUNIA
21	http://secunia.com/advisories/31168	SECUNIA
22	http://secunia.com/advisories/34388	SECUNIA
23	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650	SLACKWARE
24	http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624	CONFIRM	Patch
25	http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624	CONFIRM	Patch
26	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1	SUNALERT
27	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1	SUNALERT
28	http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm	CONFIRM
29	http://www.coresecurity.com/?action=item&id=2148	MISC
30	http://www.debian.org/security/2008/dsa-1613	DEBIAN
31	http://www.debian.org/security/2009/dsa-1750	DEBIAN
32	http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml	GENTOO
33	http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	GENTOO
34	http://www.kb.cert.org/vuls/id/684664	CERT-VN	Third Party Advisory US Government Resource
35	http://www.mandriva.com/security/advisories?name=MDKSA-2007:116	MANDRIVA
36	http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt	CONFIRM	Vendor Advisory
37	http://www.novell.com/linux/security/advisories/2007_13_sr.html	SUSE
38	http://www.redhat.com/support/errata/RHSA-2007-0356.html	REDHAT
39	http://www.securityfocus.com/archive/1/468910/100/0/threaded	BUGTRAQ
40	http://www.securityfocus.com/archive/1/489135/100/0/threaded	BUGTRAQ
41	http://www.securityfocus.com/bid/24000	BID
42	http://www.securityfocus.com/bid/24023	BID
43	http://www.securitytracker.com/id?1018078	SECTRACK
44	http://www.trustix.org/errata/2007/0019/	TRUSTIX
45	http://www.ubuntu.com/usn/usn-472-1	UBUNTU
46	http://www.vupen.com/english/advisories/2007/1838	VUPEN
47	http://www.vupen.com/english/advisories/2007/2385	VUPEN
48	http://www.vupen.com/english/advisories/2008/0924/references	VUPEN
49	https://exchange.xforce.ibmcloud.com/vulnerabilities/34340	XF
50	https://issues.rpath.com/browse/RPL-1381	CONFIRM
51	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094	OVAL

共通脆弱性一覧