Vulnerabilità: CVE-2007-2445

Le png_handle_tRNS funzionano in pngrutil.c in libpng prima 1.0.25 e 1.2.17 1.2.x prima consente agli aggressori remoti di causare un denial of service (applicazione crash) tramite un’immagine PNG in scala di grigi, con un valore di Trns cattivo pezzo CRC.


http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.securityfocus.com/bid/24000
http://www.securityfocus.com/bid/24023
http://www.securityfocus.com/archive/1/468910/100/0/threaded
http://www.securityfocus.com/archive/1/489135/100/0/threaded
http://www.kb.cert.org/vuls/id/684664
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
http://docs.info.apple.com/article.html?artnum=307562
http://irrlicht.sourceforge.net/changes.txt
http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624
http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624
http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt
https://issues.rpath.com/browse/RPL-1381
http://www.debian.org/security/2008/dsa-1613
http://www.debian.org/security/2009/dsa-1750
http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:116
http://www.coresecurity.com/?action=item&id=2148
http://openpkg.com/go/OpenPKG-SA-2007.013
http://osvdb.org/36196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094
http://www.redhat.com/support/errata/RHSA-2007-0356.html
http://www.securitytracker.com/id?1018078
http://secunia.com/advisories/25268
http://secunia.com/advisories/25273
http://secunia.com/advisories/25292
http://secunia.com/advisories/25329
http://secunia.com/advisories/25353
http://secunia.com/advisories/25461
http://secunia.com/advisories/25554
http://secunia.com/advisories/25571
http://secunia.com/advisories/25742
http://secunia.com/advisories/25787
http://secunia.com/advisories/25867
http://secunia.com/advisories/27056
http://secunia.com/advisories/29420
http://secunia.com/advisories/30161
http://secunia.com/advisories/31168
http://secunia.com/advisories/34388
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-472-1
http://www.vupen.com/english/advisories/2007/1838
http://www.vupen.com/english/advisories/2007/2385
http://www.vupen.com/english/advisories/2008/0924/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/34340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi