[Bug 216706] New: CVE-2006-5793 libpng, libpng10 DoS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216706

           Summary: CVE-2006-5793 libpng, libpng10 DoS
           Product: Fedora Core
           Version: fc6
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: libpng
        AssignedTo: tgl@xxxxxxxxxx
        ReportedBy: ville.skytta@xxxxxx
                CC: fedora-security-list@xxxxxxxxxx,mclasen@xxxxxxxxxx


+++ This bug was initially created as a clone of Bug #215405 +++

Tavis Ormandy told vendor-sec about a OOB memory read flaw in libpng.  This flaw
is a denial of service flaw.

quoting the mail from Tavis:

    Hello, there's a typo in the sPLT chunk handling code in libpng,
    potentially resulting in an OOB read. AFAICT, the extent of the
    vulnerability is denial of service, but would appreciate a second pair
    of eyes to verify.

    Around line ~983 of pngset.c, in png_set_sPLT()

    to->entries =3D (png_sPLT_entryp)png_malloc(png_ptr,=20
        from->nentries * png_sizeof(png_sPLT_t));

    should be `png_sizeof(png_sPLT_entry)`

    and the same on this line:

    png_memcpy(to->entries, from->entries,
        from->nentries * png_sizeof(png_sPLT_t));

This issue also affects RHEL2.1 and RHEL3

-- Additional comment from bressers@xxxxxxxxxx on 2006-11-14 16:28 EST --
This issue is now public:
http://bugs.gentoo.org/show_bug.cgi?id=154380

---

Possibly affected: libpng in FC5, FC6, and devel, and libpng10 in FC5. 
(libpng10 in Extras has been updated, see bug 216263)

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux