LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

libpng10: code execution

Package(s):libpng10 CVE #(s):CVE-2011-3045
Created:March 19, 2012 Updated:April 2, 2012
Description: From the Red Hat bugzilla:

A type conversion flaw leading to an out-of-bounds heap buffer read was found in the way libpng, a library of functions for manipulation PNG image format files, performed expansion of certain iCCP, iTXt, and zTXt PNG image file chunks.

A remote attacker could provide a specially-crafted Portable Network Graphics (PNG) image file, which once opened in an application, linked against libpng, could lead to denial of service or in some cases, execution of arbitrary code with permission of the user running such an application.

Alerts:
Fedora FEDORA-2012-3545 2012-03-19
Fedora FEDORA-2012-3536 2012-03-19
Red Hat RHSA-2012:0407-01 2012-03-20
CentOS CESA-2012:0407 2012-03-20
CentOS CESA-2012:0407 2012-03-21
Mandriva MDVSA-2012:033 2012-03-21
Oracle ELSA-2012-0407 2012-03-20
Oracle ELSA-2012-0407 2012-03-20
Ubuntu USN-1402-1 2012-03-22
Scientific Linux SL-libp-20120321 2012-03-21
Debian DSA-2439-1 2012-03-22
Fedora FEDORA-2012-3739 2012-03-24
openSUSE openSUSE-SU-2012:0432-1 2012-03-30
Fedora FEDORA-2012-3705 2012-03-31
openSUSE openSUSE-SU-2012:0466-1 2012-04-04
Gentoo 201206-15 2012-06-22
Slackware SSA:2012-206-01 2012-07-24
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds