oss-sec mailing list archives

CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Tue, 24 Jul 2012 12:15:47 +0530

Hi All,

An out-of heap-based buffer read flaw was found in the way libpng, a
library of functions or creating and manipulating PNG (Portable Network
Graphics) image format files, performed reading of PNG image file data
when decompressing certain images. A remote attacker could provide a
specially-crafted PNG file, which once opened in an application linked
against libpng would lead to that application crash.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082

Can a CVE id be please assigned to this issue.

Thanks!


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Current thread:

CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images Huzaifa Sidhpurwala (Jul 23)
- Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images Kurt Seifried (Jul 24)