CVE-2008-1382

Description

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.

Category

7.5
CVSS
Severity: High
CVSS 2.0 •
EPSS 6.92% Top 10%
Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory sun.com Vendor Advisory apple.com Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory slackware.com Vendor Advisory apple.com Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory debian.org Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html vendor advisory
http://www.redhat.com/support/errata/RHSA-2009-0333.html vendor advisory
http://secunia.com/advisories/35386 third party advisory
http://www.vupen.com/english/advisories/2008/1225/references vdb entry
http://secunia.com/advisories/30157 third party advisory
http://secunia.com/advisories/30174 third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 vendor advisory
http://support.apple.com/kb/HT3549
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html vendor advisory
http://www.osvdb.org/44364 vdb entry
http://www.vupen.com/english/advisories/2009/1560 vdb entry
http://secunia.com/advisories/34388 third party advisory
http://www.vupen.com/english/advisories/2009/1462 vdb entry
http://security.gentoo.org/glsa/glsa-200805-10.xml vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00080.html vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00960.html vendor advisory
http://secunia.com/advisories/30486 third party advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0151
http://www.vmware.com/security/advisories/VMSA-2009-0007.html
http://www.us-cert.gov/cas/techalerts/TA08-260A.html third party advisory us government resource
http://secunia.com/advisories/30402 third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 vendor advisory
http://secunia.com/advisories/35302 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00033.html vendor advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.541247 vendor advisory
http://www.securityfocus.com/archive/1/491424/100/0/threaded mailing list
http://secunia.com/advisories/35074 third party advisory
http://www.vupen.com/english/advisories/2008/2584 vdb entry
http://secunia.com/advisories/29792 third party advisory vendor advisory
http://www.securitytracker.com/id?1019840 vdb entry
http://www.vupen.com/english/advisories/2009/1451 vdb entry
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html vendor advisory
http://secunia.com/advisories/31882 third party advisory
http://security.gentoo.org/glsa/glsa-200804-15.xml vendor advisory
http://secunia.com/advisories/29992 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00721.html vendor advisory
http://www.securityfocus.com/archive/1/503912/100/0/threaded mailing list
http://secunia.com/advisories/29678 third party advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41800 vdb entry
http://security.gentoo.org/glsa/glsa-200812-15.xml vendor advisory
http://www.debian.org/security/2009/dsa-1750 vendor advisory
http://www.ocert.org/advisories/ocert-2008-003.html
http://www.securityfocus.com/archive/1/490823/100/0/threaded mailing list
http://libpng.sourceforge.net/Advisory-1.2.26.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10326 signature vdb entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html third party advisory us government resource
http://www.vupen.com/english/advisories/2009/1297 vdb entry
http://secunia.com/advisories/33137 third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6275 signature vdb entry
http://secunia.com/advisories/34152 third party advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:156 vendor advisory
http://secunia.com/advisories/35258 third party advisory
http://secunia.com/advisories/30009 third party advisory
http://www.securityfocus.com/bid/28770 vdb entry
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
http://secunia.com/advisories/29957 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00951.html vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00111.html vendor advisory

Frequently Asked Questions

What is the severity of CVE-2008-1382?
CVE-2008-1382 has been scored as a high severity vulnerability.
How to fix CVE-2008-1382?
To fix CVE-2008-1382, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2008-1382 being actively exploited in the wild?
It is possible that CVE-2008-1382 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~7% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.