Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 09 Sep 2008 06:16:33 +0300
From: Pınar Yanardağ <>
Subject: CVE request (libpng)

Hi all,

libpng 1.2.32beta01 fixes an off-by-one error within the 
"png_push_read_zTXt()" function in pngread.c when processing malicious 
PNG images with specially crafted zTXt chunks.

 From release notes [1]:

*Notes:* Fixed 1-byte buffer overflow in pngpread.c Fixed 1-byte buffer 
overflow in pngtest.c




Pınar Yanardağ

"Always program as if the person who will be maintaining your program is a violent psychopath that knows where you live."
-- Martin Golding

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ