CVE-2008-5907 in libpnginfo

Summary

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the \0 character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

01/15/2009

Disclosure

01/15/2009

Moderation

VulDB entry created

Entries

1: VDB-45917

CPE

ready

CWE

CWE-476 (Unconfirmed)

CVSS

5.3

EPSS

0.00786

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-5907
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5907
CVE Details	https://www.cvedetails.com/cve/CVE-2008-5907/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!