CVE 2008-3964
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.
Related bugs and status
CVE-2008-3964 (Candidate) is related to these bugs:
Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Dapper) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Feisty) | Undecided | Won't Fix | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Gutsy) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Hardy) | Undecided | Fix Released | ||
Bug #307239: Please backport vlc to 0.9.8a in Intrepid (important security update)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Intrepid Ibex Backports | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Hardy Backports | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu) | Undecided | Fix Released | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Intrepid) | Undecided | Invalid | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | vlc (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 307239 | Please backport vlc to 0.9.8a in Intrepid (important security update) | Karmic Backports | Undecided | Invalid | ||
Bug #313626: Backport 0.9.8a to Intrepid
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 313626 | Backport 0.9.8a to Intrepid | vlc (Ubuntu) | Undecided | New | ||
Bug #324258: [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Dapper) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Gutsy) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Jaunty) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Intrepid) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Hardy) | Low | Fix Released | ||
Bug #338027: libpng code injection CVE-2009-0040
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Dapper) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Gutsy) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Hardy) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Intrepid) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Jaunty) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
