[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: libpng memory leak
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2011-03-28 15:00:00
Message-ID: Pine.GSO.4.64.1103281054270.7261 () faron ! mitre ! org
[Download RAW message or body]


On Tue, 22 Mar 2011, Ludwig Nussel wrote:

> libpng has this in it's changelog¹:
> version 1.2.39beta05 [August 1, 2009]
> Reject attempt to write iCCP chunk with negative embedded profile length
> (JD Chen)
> 
> As it turned out this fixes a DoS (memory consumption on x86_64 and
> a segfault on i386) if e.g. GraphicsMagick is used to convert certain
> jpeg files to png.
> The bug was introduced in 1.2.13beta1:
> http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=0ff85c6923d2c4fca4ac0bad28e387e3b1777d7a#patch19
> 

> Then an incomplete attempt to fix it in 1.2.15beta3, due to 
> http://bugs.gentoo.org/159216:

> http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18
> 

This gets CVE-2006-7244

> And finally fixed in 1.2.39beta5:
> http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19
> 

Since CVE-2006-7244 was a partial fix, this final fix should probably get 
its own ID.

So, use CVE-2009-5063.

- Steve



[prev in list] [next in list] [prev in thread] [next in thread]