[Bug 934372] Re: Integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed
Jamie Strandboge
jamie at ubuntu.com
Fri Feb 17 19:25:18 UTC 2012
Thanks for using Ubuntu and reporting a bug. This is already fixed in
1.2.46-3ubuntu2 in Ubuntu 12.04 and the stable releases of Ubuntu in
http://www.ubuntu.com/usn/usn-1367-1/.
** Visibility changed to: Public
** Changed in: libpng (Ubuntu)
Status: New => Fix Released
** Changed in: libpng (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libpng in Ubuntu.
https://bugs.launchpad.net/bugs/934372
Title:
Integer overflow in the libpng PNG library, which could lead to the
execution of arbitrary code if a malformed image is processed
Status in “libpng” package in Ubuntu:
Fix Released
Bug description:
Integer overflow in the libpng PNG library, which could lead to the execution
of arbitrary code if a malformed image is processed
The line,
png_charp text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
inside libpng/pngrutil.c needs to be checked for truncation and
integer overflow.
CVE-2011-3026.
http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/934372/+subscriptions
More information about the foundations-bugs
mailing list