oss-sec mailing list archives
Re: CVE request: optipng security release
From: Robert Buchholz <rbu () gentoo org>
Date: Wed, 25 Feb 2009 17:19:26 +0100
On Tuesday 24 February 2009, Marcus Meissner wrote:
Hi, According to http://optipng.sourceforge.net/ optipng released OptiPNG 0.6.2 fixing "All current OptiPNG versions are known to be vulnerable to memory reallocation attacks, due to a bug in the GIF image reader.
Note that this is not fixed in 0.6.2, but there is a patch to apply on top of 0.6.2. 0.6.2 was the release fixing CVE-2008-5101 (bmp issue). Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: optipng security release Marcus Meissner (Feb 24)
- Re: CVE request: optipng security release Robert Buchholz (Feb 25)
- Re: CVE request: optipng security release Steven M. Christey (Mar 02)
- Re: CVE request: optipng security release Robert Buchholz (Feb 25)