Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Jun 2010 13:35:51 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>
Subject: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing
 PNG image with malformed sCAL chunks

Hi Steve, vendors,

   libpng upstream has released latest v1.4.3 and v1.2.44 versions, addressing two
security issues:
[a], out-of-bounds write to memory -- this already got a CVE id of "CVE-2010-1205",
[b], memory-leak bug, involving images with malformed sCAL chunks, which could
    lead to an application crash.

References:
   [1] http://www.libpng.org/pub/png/libpng.html
   [2] https://bugzilla.redhat.com/show_bug.cgi?id=608644

Steve, could you allocate a CVE id for the [b] issue?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ