oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks

From: Marcus Meissner <meissner () suse de>
Date: Mon, 5 Jul 2010 13:32:37 +0200
On Wed, Jun 30, 2010 at 05:22:40PM +0200, Marcus Meissner wrote:

On Mon, Jun 28, 2010 at 04:26:06PM -0400, Josh Bressers wrote:


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:


Hi Steve, vendors,

   libpng upstream has released latest v1.4.3 and v1.2.44 versions,
addressing two
security issues:
[a], out-of-bounds write to memory -- this already got a CVE id of
"CVE-2010-1205",
[b], memory-leak bug, involving images with malformed sCAL chunks,
which could
    lead to an application crash.

References:
   [1] http://www.libpng.org/pub/png/libpng.html
   [2] https://bugzilla.redhat.com/show_bug.cgi?id=608644

Steve, could you allocate a CVE id for the [b] issue?



Please use CVE-2010-2249 for issue [b].


oss-sec, png-mng-implement ... do you have testimages or a reproducer for the sCAL issue?

It would be helpful for our QA :/


As found on:
http://code.google.com/p/chromium/issues/detail?id=45983

The sample crashing PNG is:
http://www.ee.oulu.fi/~aki/spark.png

Ciao, Marcus
Previous By Date Next
Previous By Thread Next

Current thread: