oss-sec mailing list archives
Security issues fixed in libpng 1.5.4
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Wed, 13 Jul 2011 10:16:36 +0530
Hi, There are three security issues which are fixed in libpng 1.5.4 [1]. The following CVE ids are assigned for those issues: 1. buffer overwrite in png_rgb_to_gray CVE: CVE-2011-2690 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720607 2. Crash in png_default_error due to use of NULL Pointer CVE: CVE-2011-2691 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720608 3. Memory corruption when handling empty sCAL chunks CVE: CVE-2011-2692 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720612 Thanks. [1] http://libpng.org/pub/png/libpng.html -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Current thread:
- Security issues fixed in libpng 1.5.4 Huzaifa Sidhpurwala (Jul 12)