CVE-2006-7244

Impact:
Low
Public Date:
2009-08-01
CWE:
CWE-401
Bugzilla:
690200: libpng10, libpng: Memory leak by write of iCCP chunk with negative embedded profile length (CVE-2006-7244, CVE-2009-5063)

The MITRE CVE dictionary describes this issue as:

Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.

Find out more about CVE-2006-7244 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

These flaws do not affect any version of libpng shipped with Red Hat Enterprise Linux.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 libpng Not affected
Red Hat Enterprise Linux 5 libpng Not affected
Red Hat Enterprise Linux 4 libpng10 Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.