oss-sec mailing list archives

CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 28 Jun 2010 13:35:51 +0200

Hi Steve, vendors,

  libpng upstream has released latest v1.4.3 and v1.2.44 versions, addressing two
security issues:
[a], out-of-bounds write to memory -- this already got a CVE id of "CVE-2010-1205",
[b], memory-leak bug, involving images with malformed sCAL chunks, which could
   lead to an application crash.

References:
  [1] http://www.libpng.org/pub/png/libpng.html
  [2] https://bugzilla.redhat.com/show_bug.cgi?id=608644

Steve, could you allocate a CVE id for the [b] issue?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Jan Lieskovsky (Jun 28)
- Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Josh Bressers (Jun 28)
  - Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Marcus Meissner (Jun 30)