[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG imag
From: Marcus Meissner <meissner () suse ! de>
Date: 2010-06-30 15:22:40
Message-ID: 20100630152240.GH1474 () suse ! de
[Download RAW message or body]
On Mon, Jun 28, 2010 at 04:26:06PM -0400, Josh Bressers wrote:
>
> ----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
>
> > Hi Steve, vendors,
> >
> > libpng upstream has released latest v1.4.3 and v1.2.44 versions,
> > addressing two
> > security issues:
> > [a], out-of-bounds write to memory -- this already got a CVE id of
> > "CVE-2010-1205",
> > [b], memory-leak bug, involving images with malformed sCAL chunks,
> > which could
> > lead to an application crash.
> >
> > References:
> > [1] http://www.libpng.org/pub/png/libpng.html
> > [2] https://bugzilla.redhat.com/show_bug.cgi?id=608644
> >
> > Steve, could you allocate a CVE id for the [b] issue?
> >
>
> Please use CVE-2010-2249 for issue [b].
oss-sec, png-mng-implement ... do you have testimages or a reproducer for the sCAL issue?
It would be helpful for our QA :/
Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic