CVE-2006-5793

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5793
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
http://bugs.gentoo.org/attachment.cgi?id=101400&action=view Patch
http://bugs.gentoo.org/show_bug.cgi?id=154380 Patch
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://secunia.com/advisories/22889 Patch Vendor Advisory
http://secunia.com/advisories/22900 Patch Vendor Advisory
http://secunia.com/advisories/22941 Vendor Advisory
http://secunia.com/advisories/22950 Vendor Advisory
http://secunia.com/advisories/22951 Vendor Advisory
http://secunia.com/advisories/22956 Patch Vendor Advisory
http://secunia.com/advisories/22958 Patch Vendor Advisory
http://secunia.com/advisories/23208 Vendor Advisory
http://secunia.com/advisories/23335 Vendor Advisory
http://secunia.com/advisories/25329 Vendor Advisory
http://secunia.com/advisories/25742 Vendor Advisory
http://secunia.com/advisories/29420 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200611-09.xml Patch Vendor Advisory
http://securitytracker.com/id?1017244
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.465035
http://sourceforge.net/project/shownotes.php?release_id=464278 Patch
http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
http://www.coresecurity.com/?action=item&id=2148
http://www.mandriva.com/security/advisories?name=MDKSA-2006:209
http://www.mandriva.com/security/advisories?name=MDKSA-2006:210
http://www.mandriva.com/security/advisories?name=MDKSA-2006:211
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.036.html
http://www.redhat.com/support/errata/RHSA-2007-0356.html
http://www.securityfocus.com/archive/1/451874/100/200/threaded
http://www.securityfocus.com/archive/1/453484/100/100/threaded
http://www.securityfocus.com/archive/1/489135/100/0/threaded
http://www.securityfocus.com/bid/21078
http://www.trustix.org/errata/2006/0065/
http://www.ubuntu.com/usn/usn-383-1 Patch
http://www.vupen.com/english/advisories/2006/4521 Vendor Advisory
http://www.vupen.com/english/advisories/2006/4568 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0924/references Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30290
https://issues.rpath.com/browse/RPL-790 Patch
https://issues.rpath.com/browse/RPL-824
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10324
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:greg_roelofs:libpng:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.7rc1:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:greg_roelofs:libpng:1.2.12:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-11-17 23:07

Updated : 2024-02-28 11:01

NVD link : CVE-2006-5793

Mitre link : CVE-2006-5793

CVE.ORG link : CVE-2006-5793

JSON object : View

Products Affected

greg_roelofs

  • libpng
CWE
CWE-20

Improper Input Validation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024