Search for vulnerabilities
Vulnerability details: VCID-6x8e-69wm-aaam
Vulnerability ID VCID-6x8e-69wm-aaam
Aliases CVE-2007-2445
Summary The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0356
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.47508 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.5261 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.68903 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.68903 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.68903 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.68903 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
epss 0.88735 https://api.first.org/data/v1/epss?cve=CVE-2007-2445
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=239425
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2007-2445
Reference id Reference type URL
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html
http://docs.info.apple.com/article.html?artnum=307562
http://irrlicht.sourceforge.net/changes.txt
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://openpkg.com/go/OpenPKG-SA-2007.013
http://osvdb.org/36196
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2445.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
http://secunia.com/advisories/25268
http://secunia.com/advisories/25273
http://secunia.com/advisories/25292
http://secunia.com/advisories/25329
http://secunia.com/advisories/25353
http://secunia.com/advisories/25461
http://secunia.com/advisories/25554
http://secunia.com/advisories/25571
http://secunia.com/advisories/25742
http://secunia.com/advisories/25787
http://secunia.com/advisories/25867
http://secunia.com/advisories/27056
http://secunia.com/advisories/29420
http://secunia.com/advisories/30161
http://secunia.com/advisories/31168
http://secunia.com/advisories/34388
https://exchange.xforce.ibmcloud.com/vulnerabilities/34340
https://issues.rpath.com/browse/RPL-1381
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.492650
http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624
http://sourceforge.net/project/shownotes.php?release_id=508656&group_id=5624
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10094
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102987-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200871-1
http://support.avaya.com/elmodocs2/security/ASA-2007-254.htm
http://www.coresecurity.com/?action=item&id=2148
http://www.debian.org/security/2008/dsa-1613
http://www.debian.org/security/2009/dsa-1750
http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.kb.cert.org/vuls/id/684664
http://www.mandriva.com/security/advisories?name=MDKSA-2007:116
http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0356.html
http://www.securityfocus.com/archive/1/468910/100/0/threaded
http://www.securityfocus.com/archive/1/489135/100/0/threaded
http://www.securityfocus.com/bid/24000
http://www.securityfocus.com/bid/24023
http://www.securitytracker.com/id?1018078
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-472-1
http://www.vupen.com/english/advisories/2007/1838
http://www.vupen.com/english/advisories/2007/2385
http://www.vupen.com/english/advisories/2008/0924/references
239425 https://bugzilla.redhat.com/show_bug.cgi?id=239425
CVE-2007-2445 https://nvd.nist.gov/vuln/detail/CVE-2007-2445
GLSA-200705-24 https://security.gentoo.org/glsa/200705-24
GLSA-201412-11 https://security.gentoo.org/glsa/201412-11
RHSA-2007:0356 https://access.redhat.com/errata/RHSA-2007:0356
USN-472-1 https://usn.ubuntu.com/472-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-2445
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.97449
EPSS Score 0.47508
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.