Home page logo

oss-sec logo oss-sec mailing list archives

Security issues fixed in libpng 1.5.4
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Wed, 13 Jul 2011 10:16:36 +0530


There are three security issues which are fixed in libpng 1.5.4 [1].
The following CVE ids are assigned for those issues:

1. buffer overwrite in png_rgb_to_gray
CVE: CVE-2011-2690
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720607

2. Crash in png_default_error due to use of NULL Pointer
CVE: CVE-2011-2691
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720608

3. Memory corruption when handling empty sCAL chunks
CVE: CVE-2011-2692
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720612


[1] http://libpng.org/pub/png/libpng.html

Huzaifa Sidhpurwala / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
  • Security issues fixed in libpng 1.5.4 Huzaifa Sidhpurwala (Jul 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]