Giuseppe Iuculano
2009-Feb-20 07:17 UTC
[Secure-testing-team] Bug#516256: [SA33970] libpng Uninitialised Pointer Arrays Vulnerability
Package: libpng Version: 1.2.33-2 Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for libpng: SA33970[1]> DESCRIPTION: > A vulnerability has been reported in libpng, which can be exploited > by malicious people to cause a DoS (Denial of Service) or to > potentially compromise an application using the library. > > The vulnerability is caused due to the library improperly > initialising certain pointer arrays prior to freeing array elements > in case the application runs out of memory. This can potentially be > exploited to cause a memory corruption via a specially crafted PNG > file. > > Successful exploitation may allow execution of arbitrary code. > > The vulnerability is reported in versions prior to 1.0.43 and 1.2.35. > > SOLUTION: > Update to version 1.0.43 or 1.2.35. > > PROVIDED AND/OR DISCOVERED BY: > The vendor credits Tavis Ormandy. > > ORIGINAL ADVISORY: > http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.comIf you fix the vulnerability please also make sure to include the CVE id (if available) in the changelog entry. [1]http://secunia.com/advisories/33970/ Cheers, Giuseppe. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmeWP0ACgkQNxpp46476ard4ACglM1D7zbtmMmwPFIOMdTNqv4o hPIAniyEtTJQdNb2NaH6J1ZNSj9qDx0a =c6uu -----END PGP SIGNATURE-----