CVE-2006-5793

Published: Nov 17, 2006Modified: Apr 23, 2026

2.6

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability: 4.9 / Impact: 2.9

Source: NVD

Description

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.

Affected (18)

Products: Greg Roelofs: Libpng

Greg Roelofs

1 product

Libpng

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Greg Roelofs Libpng	Version 1.0.6
Greg Roelofs Libpng	Version 1.0.7
Greg Roelofs Libpng	Version 1.0.8
Greg Roelofs Libpng	Version 1.0.9
Greg Roelofs Libpng	Version 1.2.0
Greg Roelofs Libpng	Version 1.2.10
Greg Roelofs Libpng	Version 1.2.11
Greg Roelofs Libpng	Version 1.2.12
Greg Roelofs Libpng	Version 1.2.1
Greg Roelofs Libpng	Version 1.2.2
Greg Roelofs Libpng	Version 1.2.3
Greg Roelofs Libpng	Version 1.2.4
Greg Roelofs Libpng	Version 1.2.5
Greg Roelofs Libpng	Version 1.2.6
Greg Roelofs Libpng	Version 1.2.7
Greg Roelofs Libpng	Version 1.2.7rc1
Greg Roelofs Libpng	Version 1.2.8
Greg Roelofs Libpng	Version 1.2.9

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (86)

http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html

Source: cve@mitre.org

http://bugs.gentoo.org/attachment.cgi?id=101400&action=view

Source: cve@mitre.org

Patch

http://bugs.gentoo.org/show_bug.cgi?id=154380

Source: cve@mitre.org

Patch

http://docs.info.apple.com/article.html?artnum=307562

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/22889

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/22900

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/22941

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/22950

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/22951

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/22956

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/22958

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/23208

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/23335

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/25329

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/25742

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29420

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200611-09.xml

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1017244

Source: cve@mitre.org

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.465035

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=464278

Source: cve@mitre.org

Patch

http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm

Source: cve@mitre.org

http://www.coresecurity.com/?action=item&id=2148

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:209

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:210

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:211

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:212

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_28_sr.html

Source: cve@mitre.org

http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.036.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0356.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/451874/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/453484/100/100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/489135/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/21078

Source: cve@mitre.org

http://www.trustix.org/errata/2006/0065/

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-383-1

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2006/4521

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2006/4568

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/0924/references

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/30290

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-790

Source: cve@mitre.org

Patch

https://issues.rpath.com/browse/RPL-824

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10324

Source: cve@mitre.org

http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html