CVE-2008-6218
Vulnerability Summary
Timeline
Description
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
CVSS Metrics
- v2.0•HIGH•Score: 7.1AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 2.55%• Percentile: 86%
Techniques & Countermeasures
- CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
Affected Systems
- libpng•libpng
1.2.0 | 1.2.0:beta1 | 1.2.0:beta2 | 1.2.0:beta3 | 1.2.0:beta4 | 1.2.0:beta5 | 1.2.0:rc1 | 1.2.1 | 1.2.1:beta1 | 1.2.1:beta2 | 1.2.1:beta3 | 1.2.1:beta4 | 1.2.1:rc1 | 1.2.1:rc2 | 1.2.2 | 1.2.2:beta1 | 1.2.2:beta2 | 1.2.2:beta3 | 1.2.2:beta4 | 1.2.2:beta5 | 1.2.2:beta6 | 1.2.2:rc1 | 1.2.3 | 1.2.3:rc1 | 1.2.3:rc2 | 1.2.3:rc3 | 1.2.3:rc4 | 1.2.3:rc5 | 1.2.3:rc6 | 1.2.4 | 1.2.4:beta1 | 1.2.4:beta2 | 1.2.4:beta3 | 1.2.4:rc1 | 1.2.5 | 1.2.5:beta1 | 1.2.5:beta2 | 1.2.5:beta3 | 1.2.5:rc1 | 1.2.5:rc2 | 1.2.5:rc3 | 1.2.6 | 1.2.6:beta1 | 1.2.6:beta2 | 1.2.6:beta3 | 1.2.6:beta4 | 1.2.6:rc1 | 1.2.6:rc2 | 1.2.6:rc3 | 1.2.6:rc4 | 1.2.6:rc5 | 1.2.7 | 1.2.7:beta1 | 1.2.7:beta2 | 1.2.8 | 1.2.8:beta1 | 1.2.8:beta2 | 1.2.8:beta3 | 1.2.8:beta4 | 1.2.8:beta5 | 1.2.8:rc1 | 1.2.8:rc2 | 1.2.8:rc3 | 1.2.8:rc4 | 1.2.8:rc5 | 1.2.9 | 1.2.9:beta1 | 1.2.9:beta10 | 1.2.9:beta2 | 1.2.9:beta3 | 1.2.9:beta4 | 1.2.9:beta5 | 1.2.9:beta6 | 1.2.9:beta7 | 1.2.9:beta8 | 1.2.9:beta9 | 1.2.9:rc1 | 1.2.10 | 1.2.10:beta1 | 1.2.10:beta2 | 1.2.10:beta3 | 1.2.10:beta4 | 1.2.10:beta5 | 1.2.10:beta6 | 1.2.10:beta7 | 1.2.10:rc1 | 1.2.10:rc2 | 1.2.10:rc3 | 1.2.11 | 1.2.11:beta1 | 1.2.11:beta2 | 1.2.11:beta3 | 1.2.11:beta4 | 1.2.11:rc1 | 1.2.11:rc2 | 1.2.11:rc3 | 1.2.11:rc5 | 1.2.13 | 1.2.13:beta1 | 1.2.13:rc1 | 1.2.13:rc2 | 1.2.14 | 1.2.14:beta1 | 1.2.14:beta2 | 1.2.14:rc1 | 1.2.15 | 1.2.15:beta1 | 1.2.15:beta2 | 1.2.15:beta3 | 1.2.15:beta4 | 1.2.15:beta5 | 1.2.15:beta6 | 1.2.15:rc1 | 1.2.15:rc2 | 1.2.15:rc3 | 1.2.15:rc4 | 1.2.15:rc5 | 1.2.16 | 1.2.16:beta1 | 1.2.16:beta2 | 1.2.16:rc1 | 1.2.17 | 1.2.17:beta1 | 1.2.17:beta2 | 1.2.17:rc1 | 1.2.17:rc2 | 1.2.17:rc3 | 1.2.17:rc4 | 1.2.18 | 1.2.19 | 1.2.19:beta1 | 1.2.19:beta10 | 1.2.19:beta11 | 1.2.19:beta12 | 1.2.19:beta13 | 1.2.19:beta14 | 1.2.19:beta15 | 1.2.19:beta16 | 1.2.19:beta17 | 1.2.19:beta18 | 1.2.19:beta19 | 1.2.19:beta2 | 1.2.19:beta20 | 1.2.19:beta21 | 1.2.19:beta22 | 1.2.19:beta23 | 1.2.19:beta24 | 1.2.19:beta25 | 1.2.19:beta26 | 1.2.19:beta27 | 1.2.19:beta28 | 1.2.19:beta29 | 1.2.19:beta3 | 1.2.19:beta30 | 1.2.19:beta31 | 1.2.19:beta32 | 1.2.19:beta33 | 1.2.19:beta4 | 1.2.19:beta5 | 1.2.19:beta6 | 1.2.19:beta7 | 1.2.19:beta8 | 1.2.19:beta9 | 1.2.19:rc1 | 1.2.19:rc2 | 1.2.19:rc3 | 1.2.19:rc4 | 1.2.19:rc5 | 1.2.19:rc6 | 1.2.20 | 1.2.20:beta01 | 1.2.20:beta02 | 1.2.20:beta03 | 1.2.20:beta04 | 1.2.20:rc1 | 1.2.20:rc2 | 1.2.20:rc3 | 1.2.20:rc4 | 1.2.20:rc5 | 1.2.20:rc6 | 1.2.21 | 1.2.21:beta1 | 1.2.21:beta2 | 1.2.21:rc1 | 1.2.21:rc2 | 1.2.21:rc3 | 1.2.22 | 1.2.22:beta1 | 1.2.22:beta2 | 1.2.22:beta2-1.2.21 | 1.2.22:beta3 | 1.2.22:beta3-1.2.21 | 1.2.22:beta4 | 1.2.22:beta4-1.2.21 | 1.2.22:rc1 | 1.2.22:rc1-1.2.21 | 1.2.23 | 1.2.23:beta01 | 1.2.23:beta01-1.2.22 | 1.2.23:beta02 | 1.2.23:beta02-1.2.22 | 1.2.23:beta03 | 1.2.23:beta03-1.2.22 | 1.2.23:beta04 | 1.2.23:beta04-1.2.22 | 1.2.23:beta05 | 1.2.23:beta05-1.2.22 | 1.2.23:rc01 | 1.2.23:rc01-1.2.22 | 1.2.24 | 1.2.24:beta01 | 1.2.24:beta01-1.2.23 | 1.2.24:beta02 | 1.2.24:beta02-1.2.23 | 1.2.24:beta03 | 1.2.24:beta03-1.2.23 | 1.2.24:rc01 | 1.2.24:rc01-1.2.23 | 1.2.25 | 1.2.25:beta01 | 1.2.25:beta02 | 1.2.25:beta03 | 1.2.25:beta04 | 1.2.25:beta05 | 1.2.25:beta06 | 1.2.25:rc01 | 1.2.25:rc02 | 1.2.26 | 1.2.26:beta01 | 1.2.26:beta02 | 1.2.26:beta03 | 1.2.26:beta04 | 1.2.26:beta05 | 1.2.26:beta06 | 1.2.26:rc01 | 1.2.27 | 1.2.28 | 1.2.29 | 1.2.30 | 1.2.31 | 1.2.32 | 1.2.33 | 1.4.0:beta36
References (16)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46115
- http://security.gentoo.org/glsa/glsa-200903-28.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
- http://www.vupen.com/english/advisories/2008/2917
- http://www.securityfocus.com/bid/31920
- http://www.vupen.com/english/advisories/2010/1837
- http://secunia.com/advisories/34388
- http://secunia.com/advisories/32418
- http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624
- http://secunia.com/advisories/34265
- http://sourceforge.net/project/shownotes.php?release_id=635837
- http://wiki.rpath.com/Advisories:rPSA-2009-0046
- http://www.securitytracker.com/id?1021104
- http://www.debian.org/security/2009/dsa-1750
- http://www.securityfocus.com/archive/1/501767/100/0/threaded
- http://secunia.com/advisories/34320