1
Candidate: CVE-2008-5907
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
5
http://libpng.sourceforge.net/index.html
6
https://usn.ubuntu.com/usn/usn-730-1
8
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and
9
1.2.x before 1.2.34, might allow context-dependent attackers to set the
10
value of an arbitrary memory location to zero via vectors involving
11
creation of crafted PNG files with keywords, related to an implicit cast of
12
the '\0' character constant to a NULL pointer. NOTE: some sources
13
incorrectly report this as a double free vulnerability.
16
mdeslaur> This may not be a security issue, as it seems it's when writing png
17
mdeslaur> see: http://openwall.com/lists/oss-security/2009/01/09/1
19
https://bugs.launchpad.net/bugs/324258
25
upstream_libpng: released (1.2.35-1)
26
dapper_libpng: released (1.2.8rel-5ubuntu0.4)
27
gutsy_libpng: released (1.2.15~beta5-2ubuntu0.2)
28
hardy_libpng: released (1.2.15~beta5-3ubuntu0.1)
29
intrepid_libpng: released (1.2.27-1ubuntu0.1)
30
devel_libpng: released (1.2.27-2ubuntu2)