[Bug 1086514] New: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks()

Fri Apr 11 03:53:57 UTC 2014

https://bugzilla.redhat.com/show_bug.cgi?id=1086514

            Bug ID: 1086514
           Summary: CVE-2013-7353 Integer overflow leading to a heap-based
                    buffer overflow in png_set_unknown_chunks()
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: huzaifas at redhat.com
                CC: drizt at land.ru, erik-fedora at vanpienbroek.nl,
                    fedora-mingw at lists.fedoraproject.org,
                    jkoncick at redhat.com, jkurik at redhat.com,
                    ktietz at redhat.com, lfarkas at lfarkas.org,
                    pfrields at redhat.com, phracek at redhat.com,
                    rjones at redhat.com

An integer overflow leading to a heap-based buffer overflow was found in the
png_set_unknown_chunks() API function of libpng. A attacker could create a
specially-crafated image file and render it with an application written to
explicitly call png_set_unknown_chunks() function, could cause libpng to crash
or execute arbitrary code with the permissions of the user running such an
application.

The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.

Reference:

http://sourceforge.net/p/libpng/bugs/199/
http://seclists.org/oss-sec/2014/q2/83

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe