Fwd: [Bug 504782] New: libpng: Interlaced Images Information Disclosure Vulnerability

Richard W.M. Jones rjones at redhat.com
Tue Jun 9 12:45:30 UTC 2009 

----- Forwarded message from bugzilla at redhat.com -----

Subject: [Bug 504782] New: libpng: Interlaced Images Information Disclosure
	Vulnerability
Date: Tue, 9 Jun 2009 08:37:47 -0400

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: libpng: Interlaced Images Information Disclosure Vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=504782

           Summary: libpng: Interlaced Images Information Disclosure
                    Vulnerability
           Product: Security Response
           Version: unspecified
          Platform: All
        OS/Version: Linux
            Status: NEW
 Status Whiteboard: source=gentoo,reported=20090606,public=20090604,impact
                    =low?
          Keywords: Security
          Severity: medium
          Priority: medium
         Component: vulnerability
        AssignedTo: security-response-team at redhat.com
        ReportedBy: thoger at redhat.com
                CC: paul at city-fan.org, lfarkas at lfarkas.org,
                    tgl at redhat.com, berrange at redhat.com,
                    rjones at redhat.com,
                    fedora-mingw at lists.fedoraproject.org
   Estimated Hours: 0.0
    Classification: Other
    Target Release: ---


Quoting Secunia advisory SA35346:

  http://secunia.com/advisories/35346/

  A vulnerability has been reported in libpng, which can be exploited
  by malicious people to disclose potentially sensitive information.

  The vulnerability is caused due to an error when processing 1-bit
  interlaced images. This can be exploited to disclose uninitialised
  memory via specially crafted images having widths that are not
  divisible by 8.

  The vulnerability is reported in versions prior to 1.2.37.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

----- End forwarded message -----

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/

More information about the mingw mailing list