CVE-2008-1382

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.6 through 1.0.32 libpng versions 1.2.0 through 1.2.26 libpng versions 1.4.0beta01 through 1.4.0beta19

Description The issue allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. Exploitation of the vulnerabilities may lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For libpng versions 1.0.6 through 1.0.32, update to a version outside of this range to mitigate the risk. For libpng versions 1.2.0 through 1.2.26, update to a version outside of this range to mitigate the risk. For libpng versions 1.4.0beta01 through 1.4.0beta19, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of libpng until a patch is available. Avoid using libpng to process untrusted PNG files until the issue is resolved.