oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Security issues fixed in libpng 1.5.4

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Wed, 13 Jul 2011 10:16:36 +0530
Hi,

There are three security issues which are fixed in libpng 1.5.4 [1].
The following CVE ids are assigned for those issues:

1. buffer overwrite in png_rgb_to_gray
CVE: CVE-2011-2690
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720607

2. Crash in png_default_error due to use of NULL Pointer
CVE: CVE-2011-2691
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720608

3. Memory corruption when handling empty sCAL chunks
CVE: CVE-2011-2692
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720612

Thanks.

[1] http://libpng.org/pub/png/libpng.html

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: