Unrated severityNVD Advisory· Published May 16, 2007· Updated Apr 23, 2026

CVE-2007-2445

Description

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

Affected products

Png Reference Library/Libpng
cpe:2.3:a:png_reference_library:libpng:*:*:*:*:*:*:*:*
Range: <=1.0.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceforge.net/project/shownotes.phpnvdPatch
sourceforge.net/project/shownotes.phpnvdPatch
secunia.com/advisories/25268nvdVendor Advisory
secunia.com/advisories/25273nvdVendor Advisory
secunia.com/advisories/25292nvdVendor Advisory
secunia.com/advisories/25329nvdVendor Advisory
www.kb.cert.org/vuls/id/684664nvdThird Party AdvisoryUS Government Resource
www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txtnvdVendor Advisory
android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.htmlnvd
docs.info.apple.com/article.htmlnvd
irrlicht.sourceforge.net/changes.txtnvd
lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlnvd
openpkg.com/go/OpenPKG-SA-2007.013nvd
osvdb.org/36196nvd
secunia.com/advisories/25353nvd
secunia.com/advisories/25461nvd
secunia.com/advisories/25554nvd
secunia.com/advisories/25571nvd
secunia.com/advisories/25742nvd
secunia.com/advisories/25787nvd
secunia.com/advisories/25867nvd
secunia.com/advisories/27056nvd
secunia.com/advisories/29420nvd
secunia.com/advisories/30161nvd
secunia.com/advisories/31168nvd
secunia.com/advisories/34388nvd
slackware.com/security/viewer.phpnvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
support.avaya.com/elmodocs2/security/ASA-2007-254.htmnvd
www.coresecurity.comnvd
www.debian.org/security/2008/dsa-1613nvd
www.debian.org/security/2009/dsa-1750nvd
www.gentoo.org/security/en/glsa/glsa-200705-24.xmlnvd
www.gentoo.org/security/en/glsa/glsa-200805-07.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2007_13_sr.htmlnvd
www.redhat.com/support/errata/RHSA-2007-0356.htmlnvd
www.securityfocus.com/archive/1/468910/100/0/threadednvd
www.securityfocus.com/archive/1/489135/100/0/threadednvd
www.securityfocus.com/bid/24000nvd
www.securityfocus.com/bid/24023nvd
www.securitytracker.com/idnvd
www.trustix.org/errata/2007/0019/nvd
www.ubuntu.com/usn/usn-472-1nvd
www.vupen.com/english/advisories/2007/1838nvd
www.vupen.com/english/advisories/2007/2385nvd
www.vupen.com/english/advisories/2008/0924/referencesnvd
exchange.xforce.ibmcloud.com/vulnerabilities/34340nvd
issues.rpath.com/browse/RPL-1381nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.031
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000