https://bugzilla.redhat.com/show_bug.cgi?id=1086514
Bug ID: 1086514
Summary: CVE-2013-7353 Integer overflow leading to a heap-based
buffer overflow in png_set_unknown_chunks()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: huzaifas(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jkoncick(a)redhat.com, jkurik(a)redhat.com,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
pfrields(a)redhat.com, phracek(a)redhat.com,
rjones(a)redhat.com
An integer overflow leading to a heap-based buffer overflow was found in the
png_set_unknown_chunks() API function of libpng. A attacker could create a
specially-crafated image file and render it with an application written to
explicitly call png_set_unknown_chunks() function, could cause libpng to crash
or execute arbitrary code with the permissions of the user running such an
application.
The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.
Reference:
http://sourceforge.net/p/libpng/bugs/199/
http://seclists.org/oss-sec/2014/q2/83
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe