CVE-2008-5907 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-5907 Interim 1 9 2023-12-09T02:06:40Z current 2021-05-30T12:45:11Z 2023-12-09T02:06:40Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-5907 The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CZOJQV4WV6HDJN7CUTVCEMUCXTLUW54V/#CZOJQV4WV6HDJN7CUTVCEMUCXTLUW54V E-Mail link for SUSE-SR:2009:003 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libpng-devel-1.2.31-5.33.1 libpng-devel-32bit-1.2.31-5.33.1 libpng12-0-1.2.31-5.12.1 libpng12-0-1.2.31-5.25.1 libpng12-0-1.2.31-5.31.1 libpng12-0-1.2.31-5.33.1 libpng12-0-32bit-1.2.31-5.12.1 libpng12-0-32bit-1.2.31-5.25.1 libpng12-0-32bit-1.2.31-5.31.1 libpng12-0-32bit-1.2.31-5.33.1 libpng12-0-x86-1.2.31-5.12.1 libpng12-0-x86-1.2.31-5.25.1 libpng12-0-x86-1.2.31-5.31.1 libpng12-0-x86-1.2.31-5.33.1 libpng12-0-1.2.31-5.12.1 as a component of SUSE Linux Enterprise Server 11 SP1 libpng12-0-32bit-1.2.31-5.12.1 as a component of SUSE Linux Enterprise Server 11 SP1 libpng12-0-x86-1.2.31-5.12.1 as a component of SUSE Linux Enterprise Server 11 SP1 libpng12-0-1.2.31-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpng12-0-32bit-1.2.31-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpng12-0-x86-1.2.31-5.25.1 as a component of SUSE Linux Enterprise Server 11 SP2 libpng12-0-1.2.31-5.31.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpng12-0-32bit-1.2.31-5.31.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpng12-0-x86-1.2.31-5.31.1 as a component of SUSE Linux Enterprise Server 11 SP3 libpng12-0-1.2.31-5.33.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpng12-0-32bit-1.2.31-5.33.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpng12-0-x86-1.2.31-5.33.1 as a component of SUSE Linux Enterprise Server 11 SP4 libpng-devel-1.2.31-5.33.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libpng-devel-32bit-1.2.31-5.33.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. CVE-2008-5907 SUSE Linux Enterprise Server 11 SP1:libpng12-0-1.2.31-5.12.1 SUSE Linux Enterprise Server 11 SP1:libpng12-0-32bit-1.2.31-5.12.1 SUSE Linux Enterprise Server 11 SP1:libpng12-0-x86-1.2.31-5.12.1 SUSE Linux Enterprise Server 11 SP2:libpng12-0-1.2.31-5.25.1 SUSE Linux Enterprise Server 11 SP2:libpng12-0-32bit-1.2.31-5.25.1 SUSE Linux Enterprise Server 11 SP2:libpng12-0-x86-1.2.31-5.25.1 SUSE Linux Enterprise Server 11 SP3:libpng12-0-1.2.31-5.31.1 SUSE Linux Enterprise Server 11 SP3:libpng12-0-32bit-1.2.31-5.31.1 SUSE Linux Enterprise Server 11 SP3:libpng12-0-x86-1.2.31-5.31.1 SUSE Linux Enterprise Server 11 SP4:libpng12-0-1.2.31-5.33.1 SUSE Linux Enterprise Server 11 SP4:libpng12-0-32bit-1.2.31-5.33.1 SUSE Linux Enterprise Server 11 SP4:libpng12-0-x86-1.2.31-5.33.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-1.2.31-5.33.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libpng-devel-32bit-1.2.31-5.33.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N