Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-45dp-3xz9-qyd3
Vulnerability ID VCID-45dp-3xz9-qyd3
Aliases CVE-2007-2445
Summary A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images.
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.38264 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2007-2445
Reference id Reference type URL
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
http://docs.info.apple.com/article.html?artnum=307562
http://irrlicht.sourceforge.net/changes.txt
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://openpkg.com/go/OpenPKG-SA-2007.013
http://osvdb.org/36196
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2445.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
http://secunia.com/advisories/25268
http://secunia.com/advisories/25273
http://secunia.com/advisories/25292
http://secunia.com/advisories/25329
http://secunia.com/advisories/25353
http://secunia.com/advisories/25461
http://secunia.com/advisories/25554
http://secunia.com/advisories/25571
http://secunia.com/advisories/25742
http://secunia.com/advisories/25787
http://secunia.com/advisories/25867
http://secunia.com/advisories/27056
http://secunia.com/advisories/29420
http://secunia.com/advisories/30161
http://secunia.com/advisories/31168
http://secunia.com/advisories/34388
https://exchange.xforce.ibmcloud.com/vulnerabilities/34340
https://issues.rpath.com/browse/RPL-1381
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650
http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624
http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1
http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
http://www.coresecurity.com/?action=item&id=2148
http://www.debian.org/security/2008/dsa-1613
http://www.debian.org/security/2009/dsa-1750
http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.kb.cert.org/vuls/id/684664
http://www.mandriva.com/security/advisories?name=MDKSA-2007:116
http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0356.html
http://www.securityfocus.com/archive/1/468910/100/0/threaded
http://www.securityfocus.com/archive/1/489135/100/0/threaded
http://www.securityfocus.com/bid/24000
http://www.securityfocus.com/bid/24023
http://www.securitytracker.com/id?1018078
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-472-1
http://www.vupen.com/english/advisories/2007/1838
http://www.vupen.com/english/advisories/2007/2385
http://www.vupen.com/english/advisories/2008/0924/references
239425 https://bugzilla.redhat.com/show_bug.cgi?id=239425
cpe:2.3:a:png_reference_library:libpng:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:png_reference_library:libpng:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVE-2007-2445 https://nvd.nist.gov/vuln/detail/CVE-2007-2445
GLSA-200705-24 https://security.gentoo.org/glsa/200705-24
GLSA-201412-11 https://security.gentoo.org/glsa/201412-11
RHSA-2007:0356 https://access.redhat.com/errata/RHSA-2007:0356
USN-472-1 https://usn.ubuntu.com/472-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-2445
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.972
EPSS Score 0.38264
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:26.537298+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200705-24 38.0.0