Unrated severityNVD Advisory· Published Jan 15, 2009· Updated Jun 16, 2026
CVE-2008-5907
CVE-2008-5907
Description
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4Patches
Vulnerability mechanics
References
10- libpng.sourceforge.net/index.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlnvdThird Party Advisory
- openwall.com/lists/oss-security/2009/01/09/1nvdMailing ListThird Party Advisory
- secunia.com/advisories/34320nvdThird Party Advisory
- secunia.com/advisories/34388nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-200903-28.xmlnvdThird Party Advisory
- sourceforge.net/mailarchive/forum.phpnvdThird Party Advisory
- www.debian.org/security/2009/dsa-1750nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/48128nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.