[Secure-testing-team] Bug#516256: [SA33970] libpng Uninitialised Pointer Arrays Vulnerability
Giuseppe Iuculano
giuseppe at iuculano.it
Fri Feb 20 07:17:23 UTC 2009
Package: libpng
Version: 1.2.33-2
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for libpng:
SA33970[1]
> DESCRIPTION:
> A vulnerability has been reported in libpng, which can be exploited
> by malicious people to cause a DoS (Denial of Service) or to
> potentially compromise an application using the library.
>
> The vulnerability is caused due to the library improperly
> initialising certain pointer arrays prior to freeing array elements
> in case the application runs out of memory. This can potentially be
> exploited to cause a memory corruption via a specially crafted PNG
> file.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerability is reported in versions prior to 1.0.43 and 1.2.35.
>
> SOLUTION:
> Update to version 1.0.43 or 1.2.35.
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Tavis Ormandy.
>
> ORIGINAL ADVISORY:
> http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com
If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.
[1]http://secunia.com/advisories/33970/
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmeWP0ACgkQNxpp46476ard4ACglM1D7zbtmMmwPFIOMdTNqv4o
hPIAniyEtTJQdNb2NaH6J1ZNSj9qDx0a
=c6uu
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list