MDVSA-2014:084 -- Mandriva libpngID: oval:org.secpod.oval:def:1300304 | Date: (C)2014-06-11 (M)2022-10-10 |
Class: PATCH | Family: unix |
Updated libpng packages fix security vulnerabilities: An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT and png_set_text_2 API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT or png_set_text_2 function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application . An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application .
Platform: |
Mandriva Enterprise Server 5.2 |