FS#7218 : Warning on libpng

FS#7218 - Warning on libpng

Attached to Project: Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Sunday, 20 May 2007, 07:43 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 20 May 2007, 16:06 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	High
Priority	Normal
Reported Version	0.8 Voodoo
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#32
------------------------------------------------------------

Name: libpng
Date: 2007-05-20
Severity: High
Warning #: 2007-#32

------------------------------------------------------------

Product Background
===================
libpng is the official PNG reference library. It supports almost all PNG features, is extensible, and has been extensively tested for over 12 years.

Problem Background
===================
Versions up through 1.2.16 (and 1.0.24) have an NULL-pointer-dereference vulnerability involving palette images with a malformed tRNS chunk (i.e., one with a bad CRC value).

Impact
==================
This bug can, at a minimum, cause crashes in browsers simply by visiting a page displaying such an image.

Problem Packages
===================
Package: libpng
Repo: current
Group: lib
Unsafe: < 1.2.18
Safe: >= 1.2.18

Package Fix
===================
Upgrade to 1.2.18

===================

Unofficial ArchLinux Security Bug Tracker:
http://jjdanimoth.netsons.org/alsw.html

Reference(s)
===================
http://www.libpng.org/pub/png/libpng.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
http://www.kb.cert.org/vuls/id/684664

This task depends upon

Closed by Tobias Powalowski (tpowa)
Sunday, 20 May 2007, 16:06 GMT
Reason for closing: Fixed

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#7218 - Warning on libpng

Details

Loading...