oss-sec mailing list archives
Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks
From: Marcus Meissner <meissner () suse de>
Date: Wed, 30 Jun 2010 17:22:40 +0200
On Mon, Jun 28, 2010 at 04:26:06PM -0400, Josh Bressers wrote:
----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:Hi Steve, vendors, libpng upstream has released latest v1.4.3 and v1.2.44 versions, addressing two security issues: [a], out-of-bounds write to memory -- this already got a CVE id of "CVE-2010-1205", [b], memory-leak bug, involving images with malformed sCAL chunks, which could lead to an application crash. References: [1] http://www.libpng.org/pub/png/libpng.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=608644 Steve, could you allocate a CVE id for the [b] issue?Please use CVE-2010-2249 for issue [b].
oss-sec, png-mng-implement ... do you have testimages or a reproducer for the sCAL issue? It would be helpful for our QA :/ Ciao, Marcus
Current thread:
- CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Jan Lieskovsky (Jun 28)
- Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Josh Bressers (Jun 28)
- Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Marcus Meissner (Jun 30)
- Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Josh Bressers (Jun 28)