Date: Mon, 28 Jun 2010 13:35:51 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com> Subject: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Hi Steve, vendors, libpng upstream has released latest v1.4.3 and v1.2.44 versions, addressing two security issues: [a], out-of-bounds write to memory -- this already got a CVE id of "CVE-2010-1205", [b], memory-leak bug, involving images with malformed sCAL chunks, which could lead to an application crash. References:  http://www.libpng.org/pub/png/libpng.html  https://bugzilla.redhat.com/show_bug.cgi?id=608644 Steve, could you allocate a CVE id for the [b] issue? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ