CVE-2007-5269

Name of the Vulnerable Software and Affected Versions: libpng versions prior to 1.0.29 libpng versions 1.2.x prior to 1.2.21

Description: The issue allows remote attackers to cause a denial of service (crash) via crafted chunking in PNG images, specifically in (1) pCAL, (2) sCAL, (3) tEXt, (4) iTXt, and (5) ztXT chunks, which trigger out-of-bounds read operations. This can lead to disruption of protected information.

Recommendations: For libpng versions prior to 1.0.29, update to version 1.0.29 or later. For libpng versions 1.2.x prior to 1.2.21, update to version 1.2.21 or later. As a temporary workaround, consider restricting the use of png handle pCAL, png handle sCAL, png push read tEXt, png handle iTXt, and png handle ztXt functions until a patch is available.