CVE-2008-1382
Published: 14 April 2008
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Priority
Status
Package | Release | Status |
---|---|---|
libpng Launchpad, Ubuntu, Debian |
dapper |
Released
(1.2.8rel-5ubuntu0.4)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(1.2.15~beta5-2ubuntu0.2)
|
|
hardy |
Released
(1.2.15~beta5-3ubuntu0.1)
|
|
intrepid |
Not vulnerable
(1.2.27-1)
|
|
upstream |
Released
(1.2.27)
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2009-0333.html |