CVE-2007-2445

Name of the Vulnerable Software and Affected Versions libgd2-xpm-dev (affected versions not specified) libgd2-noxpm (affected versions not specified) libgd2-noxpm-dev (affected versions not specified) libgd2-xpm (affected versions not specified) libpng versions prior to 1.2.17

Description The issue concerns multiple vulnerabilities in the libgd2 and libpng packages of various Linux distributions, including Debian GNU/Linux and Gentoo Linux. These vulnerabilities can be exploited remotely, potentially leading to disruptions in confidentiality, integrity, and availability of protected information. Specifically, the png handle tRNS function in libpng is vulnerable to a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

Recommendations For libgd2-xpm-dev, consider disabling the vulnerable components until a patch is available. For libgd2-noxpm, restrict access to the vulnerable modules to minimize the risk of exploitation. For libgd2-noxpm-dev, avoid using the vulnerable functions until the issue is resolved. For libgd2-xpm, apply configuration changes to mitigate the risk of remote exploitation. For libpng versions prior to 1.2.17, update to version 1.2.17 or later to resolve the vulnerability.