Candidate: CVE-2008-5907
PublicDate: 2009-01-15 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
 http://libpng.sourceforge.net/index.html
 https://ubuntu.com/security/notices/USN-730-1
Description:
 The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and
 1.2.x before 1.2.34, might allow context-dependent attackers to set the
 value of an arbitrary memory location to zero via vectors involving
 creation of crafted PNG files with keywords, related to an implicit cast of
 the '\0' character constant to a NULL pointer.  NOTE: some sources
 incorrectly report this as a double free vulnerability.
Ubuntu-Description:
Notes:
 mdeslaur> This may not be a security issue, as it seems it's when writing png
 mdeslaur> see: http://openwall.com/lists/oss-security/2009/01/09/1
Bugs:
 https://bugs.launchpad.net/bugs/324258
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_libpng:
upstream_libpng: released (1.2.35-1)
dapper_libpng: released (1.2.8rel-5ubuntu0.4)
gutsy_libpng: released (1.2.15~beta5-2ubuntu0.2)
hardy_libpng: released (1.2.15~beta5-3ubuntu0.1)
intrepid_libpng: released (1.2.27-1ubuntu0.1)
devel_libpng: released (1.2.27-2ubuntu2)