CVE-2007-5267

Name of the Vulnerable Software and Affected Versions: libpng versions prior to 1.2.22 beta1

Description: The issue is caused by an off-by-one error in ICC profile chunk handling in the png set iCCP function in pngset.c. This error allows remote attackers to cause a denial of service (crash) via a crafted PNG image. The issue arose due to an incorrect fix for a previous problem.

Recommendations: For versions prior to 1.2.22 beta1, update to version 1.2.22 beta1 or later to resolve the issue. As a temporary workaround, consider restricting the handling of ICC profile chunks in the png set iCCP function to minimize the risk of exploitation.