Computer Security
[EN] securityvulns.ru no-pyccku


Google Android SDK multiple security vulnerabilities
Published:05.03.2008
Source:
SecurityVulns ID:8754
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities on graphics formats parsing.
CVE:CVE-2008-0986
 CVE-2008-098
 CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.)
 CVE-2007-52679
 CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.)
 CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.)
 CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.)
 CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK (05.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod