Date: Tue, 09 Sep 2008 06:16:33 +0300 From: Pınar Yanardağ <pinar@...dus.org.tr> To: oss-security@...ts.openwall.com Subject: CVE request (libpng) Hi all, libpng 1.2.32beta01 fixes an off-by-one error within the "png_push_read_zTXt()" function in pngread.c when processing malicious PNG images with specially crafted zTXt chunks. From release notes : *Notes:* Fixed 1-byte buffer overflow in pngpread.c Fixed 1-byte buffer overflow in pngtest.c : http://sourceforge.net/project/shownotes.php?release_id=624518 Reference: http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624 Cheers, -- Pınar Yanardağ http://pinguar.org _____________________________ "Always program as if the person who will be maintaining your program is a violent psychopath that knows where you live." -- Martin Golding
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ