oss-sec mailing list archives
CVE request (libpng)
From: Pınar Yanardağ <pinar () pardus org tr>
Date: Tue, 09 Sep 2008 06:16:33 +0300
Hi all,libpng 1.2.32beta01 fixes an off-by-one error within the "png_push_read_zTXt()" function in pngread.c when processing malicious PNG images with specially crafted zTXt chunks.
From release notes [1]:*Notes:* Fixed 1-byte buffer overflow in pngpread.c Fixed 1-byte buffer overflow in pngtest.c
[1]: http://sourceforge.net/project/shownotes.php?release_id=624518Reference: http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624
Cheers, -- Pınar Yanardağ http://pinguar.org _____________________________ "Always program as if the person who will be maintaining your program is a violent psychopath that knows where you live." -- Martin Golding
Current thread:
- CVE request (libpng) Pınar Yanardağ (Sep 09)
- Re: CVE request (libpng) Steven M. Christey (Sep 09)