Description
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Published: 2008-04-14
Score: 7.5 High
EPSS: 6.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1750-1 New libpng packages fix several vulnerabilities
EUVD EUVD EUVD-2008-1389 libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Ubuntu USN Ubuntu USN USN-730-1 libpng vulnerabilities
References
Link Providers
http://libpng.sourceforge.net/Advisory-1.2.26.txt cve-icon cve-icon
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html cve-icon cve-icon
http://secunia.com/advisories/29678 cve-icon cve-icon
http://secunia.com/advisories/29792 cve-icon cve-icon
http://secunia.com/advisories/29957 cve-icon cve-icon
http://secunia.com/advisories/29992 cve-icon cve-icon
http://secunia.com/advisories/30009 cve-icon cve-icon
http://secunia.com/advisories/30157 cve-icon cve-icon
http://secunia.com/advisories/30174 cve-icon cve-icon
http://secunia.com/advisories/30402 cve-icon cve-icon
http://secunia.com/advisories/30486 cve-icon cve-icon
http://secunia.com/advisories/31882 cve-icon cve-icon
http://secunia.com/advisories/33137 cve-icon cve-icon
http://secunia.com/advisories/34152 cve-icon cve-icon
http://secunia.com/advisories/34388 cve-icon cve-icon
http://secunia.com/advisories/35074 cve-icon cve-icon
http://secunia.com/advisories/35258 cve-icon cve-icon
http://secunia.com/advisories/35302 cve-icon cve-icon
http://secunia.com/advisories/35386 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200804-15.xml cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200805-10.xml cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200812-15.xml cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 cve-icon cve-icon
http://support.apple.com/kb/HT3549 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm cve-icon cve-icon
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151 cve-icon cve-icon
http://www.debian.org/security/2009/dsa-1750 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:156 cve-icon cve-icon
http://www.ocert.org/advisories/ocert-2008-003.html cve-icon cve-icon
http://www.osvdb.org/44364 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-0333.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/490823/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/491424/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/503912/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/28770 cve-icon cve-icon
http://www.securitytracker.com/id?1019840 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA08-260A.html cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA09-133A.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2009-0007.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/1225/references cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/2584 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1297 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1451 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1462 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1560 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/41800 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-1382 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-1382 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html cve-icon cve-icon
History

No history.

Subscriptions

Libpng Libpng
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T08:17:34.684Z

Reserved: 2008-03-18T00:00:00.000Z

Link: CVE-2008-1382

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-04-14T16:05:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2008-1382

cve-icon Redhat

Severity : Low

Publid Date: 2008-04-12T00:00:00Z

Links: CVE-2008-1382 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses