|
| 1 | +[id] |
| 2 | +ave_id = "AVE-2007-0005" |
| 3 | +cve_id = "CVE-2007-2445" |
| 4 | +aliases = ["CVE-2007-2445"] |
| 5 | + |
1 | 6 | [basic] |
2 | | -description = "Vulnerability identified as CVE-2007-2445. Please refer to vendor advisory for details." |
3 | | -published = "2026-07-10" |
4 | | -remediation = "Refer to vendor advisory and upgrade to fixed version." |
5 | | -score = 5.0 |
| 7 | +title = "libpng tRNS块CRC校验拒绝服务漏洞" |
| 8 | +description = "libpng的png_handle_tRNS函数在处理tRNS透明块时存在缺陷,未能正确校验灰度PNG图像中tRNS块的CRC校验值。远程攻击者可通过构造特制的灰度PNG图像,诱使用户或应用程序解析该图像,触发png_handle_tRNS函数中的越界访问导致应用程序崩溃,造成拒绝服务。该漏洞影响libpng 1.0.25之前及1.2.x系列1.2.17之前的所有版本,攻击无需身份验证且复杂度较低。" |
6 | 9 | severity = "MEDIUM" |
7 | | -sources = ["tenable"] |
8 | | -title = "CVE-2007-2445 vulnerability" |
9 | | -updated = "2026-07-10" |
| 10 | +score = 5.0 |
| 11 | +remediation = "升级libpng至1.0.25或1.2.17及以上版本。各Linux发行版已发布安全更新(如Debian DSA-1613、Gentoo GLSA 200705-24、Ubuntu USN-472-1等),建议用户及时安装对应补丁。" |
| 12 | +published = "2007-05-16" |
| 13 | +updated = "2026-06-16" |
| 14 | +sources = ["tenable", "nvd"] |
| 15 | + |
| 16 | +[score] |
| 17 | +cvss_v2 = 5.0 |
| 18 | +cvss_v2_vector = "AV:N/AC:L/Au:N/C:N/I:N/A:P" |
| 19 | + |
| 20 | +[affected] |
| 21 | +vendor = "libpng" |
| 22 | +product = "libpng" |
| 23 | + |
| 24 | +[references] |
| 25 | +nvd = "https://nvd.nist.gov/vuln/detail/CVE-2007-2445" |
| 26 | +other = [ |
| 27 | + "http://www.libpng.org/pub/png/libpng.html", |
| 28 | + "http://sourceforge.net/project/shownotes.php?release_id=508653", |
| 29 | + "http://www.redhat.com/support/errata/RHSA-2007-0356.html", |
| 30 | + "http://www.debian.org/security/2008/dsa-1613", |
| 31 | + "http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml", |
| 32 | + "http://www.ubuntu.com/usn/usn-472-1", |
| 33 | + "http://secunia.com/advisories/25268", |
| 34 | + "http://www.securityfocus.com/bid/24000", |
| 35 | + "https://exchange.xforce.ibmcloud.com/vulnerabilities/34340", |
| 36 | +] |
10 | 37 |
|
11 | 38 | [exploit] |
12 | | -exp_urls = [] |
13 | 39 | poc_urls = [] |
14 | | - |
15 | | -[id] |
16 | | -aliases = ["CVE-2007-2445"] |
17 | | -ave_id = "AVE-2007-0005" |
18 | | -cve_id = "CVE-2007-2445" |
| 40 | +exp_urls = [] |
19 | 41 |
|
20 | 42 | [meta] |
21 | | -collected_at = "2026-07-10T19:14:40.038763253+00:00" |
| 43 | +collected_at = "2026-07-11T00:00:00Z" |
22 | 44 | status = "completed" |
23 | | - |
24 | | -[references] |
25 | | -urls = [] |
|
0 commit comments