DSA-1750-1 libpng -- severalID: oval:org.secpod.oval:def:600371 | Date: (C)2011-05-13 (M)2024-02-15 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. For the old stable distribution , these problems have been fixed in version1.2.15~beta5-1+etch2. For the stable distribution , these problems have been fixed in version 1.2.27-2+lenny2. For the unstable distribution , these problems have been fixed in version 1.2.35-1. We recommend that you upgrade your libpng packages.
Platform: |
Debian 5.0 |
Debian 4.0 |