PublicDate: 2008-04-14 16:05:00 UTC
Candidate: CVE-2008-1382
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
 https://ubuntu.com/security/notices/USN-730-1
Description:
 libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through
 1.4.0beta19 allows context-dependent attackers to cause a denial of service
 (crash) and possibly execute arbitrary code via a PNG file with zero length
 "unknown" chunks, which trigger an access of uninitialized memory.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/217128
Priority: low
Discovered-by: Tavis Ormandy
Assigned-to: jdstrand
CVSS: 

Patches_libpng:
 vendor: https://rhn.redhat.com/errata/RHSA-2009-0333.html
upstream_libpng: released (1.2.27)
dapper_libpng: released (1.2.8rel-5ubuntu0.4)
edgy_libpng: needed (reached end-of-life)
feisty_libpng: needed (reached end-of-life)
gutsy_libpng: released (1.2.15~beta5-2ubuntu0.2)
hardy_libpng: released (1.2.15~beta5-3ubuntu0.1)
intrepid_libpng: not-affected (1.2.27-1)
devel_libpng: not-affected (1.2.27-1)