oss-sec mailing list archives
CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 28 Jun 2010 13:35:51 +0200
Hi Steve, vendors, libpng upstream has released latest v1.4.3 and v1.2.44 versions, addressing two security issues: [a], out-of-bounds write to memory -- this already got a CVE id of "CVE-2010-1205", [b], memory-leak bug, involving images with malformed sCAL chunks, which could lead to an application crash. References: [1] http://www.libpng.org/pub/png/libpng.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=608644 Steve, could you allocate a CVE id for the [b] issue? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Jan Lieskovsky (Jun 28)