CVE-2007-2445 — libgd2 - multiple vulnerabilities

Description

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

How to fix CVE-2007-2445

To remediate CVE-2007-2445, upgrade the affected package to a fixed version below.

Debian/libgd2—upgrade to 2.0.35.dfsg-1 or later
Debian/libgd2—upgrade to 2.0.33-5.2etch1 or later

Is CVE-2007-2445 being exploited?

Moderate — EPSS is 38.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 2.0.35.dfsg-1
from 0, < 2.0.33-5.2etch1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2445