Date: Wed, 13 Jul 2011 10:16:36 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: Security issues fixed in libpng 1.5.4 Hi, There are three security issues which are fixed in libpng 1.5.4 . The following CVE ids are assigned for those issues: 1. buffer overwrite in png_rgb_to_gray CVE: CVE-2011-2690 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720607 2. Crash in png_default_error due to use of NULL Pointer CVE: CVE-2011-2691 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720608 3. Memory corruption when handling empty sCAL chunks CVE: CVE-2011-2692 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=720612 Thanks.  http://libpng.org/pub/png/libpng.html -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ