blob: 1f4738b9ae2b52738ed285b5b3da613fa945b975 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200711-08">
<title>libpng: Multiple Denials of Service</title>
Several vulnerabilities in libpng may allow a remote attacker to crash
applications that handle untrusted images.
<product type="ebuild">libpng</product>
<announced>November 07, 2007</announced>
<revised>November 07, 2007: 01</revised>
<package name="media-libs/libpng" auto="yes" arch="*">
<unaffected range="ge">1.2.21-r3</unaffected>
<vulnerable range="lt">1.2.21-r3</vulnerable>
libpng is a free ANSI C library used to process and manipulate PNG
An off-by-one error when handling ICC profile chunks in the
png_set_iCCP() function was discovered (CVE-2007-5266). George Cook and
Jeff Phillips reported several errors in pngrtran.c, the use of logical
instead of a bitwise functions and incorrect comparisons
(CVE-2007-5268). Tavis Ormandy reported out-of-bounds read errors in
several PNG chunk handling functions (CVE-2007-5269).
<impact type="normal">
A remote attacker could craft an image that when processed or viewed by
an application using libpng would cause the application to terminate
There is no known workaround at this time.
All libpng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/libpng-1.2.21-r3&quot;</code>
<uri link="">CVE-2007-5266</uri>
<uri link="">CVE-2007-5268</uri>
<uri link="">CVE-2007-5269</uri>
<metadata tag="requester" timestamp="Sat, 20 Oct 2007 09:57:33 +0000">
<metadata tag="bugReady" timestamp="Sat, 20 Oct 2007 09:57:41 +0000">
<metadata tag="submitter" timestamp="Fri, 26 Oct 2007 00:26:03 +0000">