|
Message-Id: <201404101152.s3ABqNvF011294@linus.mitre.org> Date: Thu, 10 Apr 2014 07:52:23 -0400 (EDT) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE-2013-7353 CVE-2013-7354 libpng integer overflows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://sourceforge.net/p/libpng/bugs/199/ Use CVE-2013-7353 for "png_set_unknown_chunks in libpng/pngset.c ... Fixed in libpng-1.5.14beta08" ("has four integer overflow bugs" is apparently a typo of "has one integer overflow bug") Use CVE-2013-7354 for "The png_set_sPLT() and png_set_text_2() functions have a similar bug, which is fixed in libpng-1.5.14rc03" -- this has a different discoverer. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified as part of the work on bug 199. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTRoV4AAoJEKllVAevmvmsNLsH/A5nbaRfwAC28nkR6WkYTCwS yhsnl6x4Ns3I60HGoZBrUolPd15hlACJyR4YMzd9gwuh8vMIrWr5t5P+m+wRKhaM eyrr9z66zw/KPyVe6ZhU8Ev9O3stoSR5wm26awIpGPeV9NhfKg4FNyHDoSU7Ii5y 4RapXaJRkKirzU7pEBt4fjNjAnikWoJew9Acc/aeNpwJ0lV9pk5+eNVmxghyPwQi UfccNfEXnxmnsET0u5n29a2QgxMRGhCeBZkbtFRzCgU9Od1YLO56wtb82sJEwBTK WCKZ1f8ko9hdGNjt3sNXhrrmXqaOHvuUszjg3NCk596b+73eBgA+TvPI2EG2Dp8= =zAbJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.