漏洞信息详情

Libpng库ICC配置文件 'pngset.c'文件块单字节错误拒绝服务漏洞

漏洞简介

libpng是多种应用程序使用的解析PNG图象格式的库。

libpng库在处理ICC配置文件块时存在缓冲区长度计算错误,远程攻击者利用构造恶意恶意的PNG图形文件,就可能导致使用该函数库的应用程序崩溃。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

http://downloads.sourceforge.net/libpng/libpng-1.2.22rc1.tar.gz

参考网址

来源: US-CERT

名称: TA08-150A

链接:http://www.us-cert.gov/cas/techalerts/TA08-150A.html

来源: MLIST

名称: [png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1

链接:http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com

来源: VUPEN

名称: ADV-2009-1560

链接:http://www.vupen.com/english/advisories/2009/1560

来源: VUPEN

名称: ADV-2009-1462

链接:http://www.vupen.com/english/advisories/2009/1462

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

来源: SUNALERT

名称: 259989

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1

来源: MLIST

名称: [png-mng-implement] 20070911 FW: Suspicious `sizeof' line 694 of pngset.c

链接:http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement

来源: SECUNIA

名称: 35386

链接:http://secunia.com/advisories/35386

来源: SECUNIA

名称: 35302

链接:http://secunia.com/advisories/35302

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-1814

来源: BID

名称: 25957

链接:http://www.securityfocus.com/bid/25957

来源: BUGTRAQ

名称: 20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK

链接:http://www.securityfocus.com/archive/1/archive/1/489135/100/0/threaded

来源: BUGTRAQ

名称: 20071112 FLEA-2007-0065-1 libpng

链接:http://www.securityfocus.com/archive/1/archive/1/483582/100/0/threaded

来源: MANDRIVA

名称: MDKSA-2007:217

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:217

来源: GENTOO

名称: GLSA-200805-07

链接:http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

来源: GENTOO

名称: GLSA-200711-08

链接:http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml

来源: VUPEN

名称: ADV-2008-1697

链接:http://www.frsirt.com/english/advisories/2008/1697

来源: VUPEN

名称: ADV-2008-0924

链接:http://www.frsirt.com/english/advisories/2008/0924/references

来源: MISC

链接:http://www.coresecurity.com/?action=item&id=2148

来源: SLACKWARE

名称: SSA:2007-325-01

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323

来源: SECUNIA

名称: 30430

链接:http://secunia.com/advisories/30430

来源: SECUNIA

名称: 30161

链接:http://secunia.com/advisories/30161

来源: SECUNIA

名称: 29420

链接:http://secunia.com/advisories/29420

来源: SECUNIA

名称: 27746

链接:http://secunia.com/advisories/27746

来源: SECUNIA

名称: 27629

链接:http://secunia.com/advisories/27629

来源: SECUNIA

名称: 27529

链接:http://secunia.com/advisories/27529

来源: SECUNIA

名称: 27284

链接:http://secunia.com/advisories/27284

来源: APPLE

名称: APPLE-SA-2008-03-18

链接:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

来源: APPLE

名称: APPLE-SA-2008-05-28

链接:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

来源: docs.info.apple.com

链接:http://docs.info.apple.com/article.html?artnum=307562

来源: bugs.gentoo.org

链接:http://bugs.gentoo.org/show_bug.cgi?id=195261

来源: android-developers.blogspot.com

链接:http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多