oss-sec mailing list archives

Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks

From: Josh Bressers <bressers () redhat com>
Date: Mon, 28 Jun 2010 16:26:06 -0400 (EDT)


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hi Steve, vendors,

   libpng upstream has released latest v1.4.3 and v1.2.44 versions,
addressing two
security issues:
[a], out-of-bounds write to memory -- this already got a CVE id of
"CVE-2010-1205",
[b], memory-leak bug, involving images with malformed sCAL chunks,
which could
    lead to an application crash.

References:
   [1] http://www.libpng.org/pub/png/libpng.html
   [2] https://bugzilla.redhat.com/show_bug.cgi?id=608644

Steve, could you allocate a CVE id for the [b] issue?


Please use CVE-2010-2249 for issue [b].

Thanks.

-- 
    JB

Current thread:

CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Jan Lieskovsky (Jun 28)
- Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Josh Bressers (Jun 28)
  - Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Marcus Meissner (Jun 30)