Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216706 Summary: CVE-2006-5793 libpng, libpng10 DoS Product: Fedora Core Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: libpng AssignedTo: tgl@xxxxxxxxxx ReportedBy: ville.skytta@xxxxxx CC: fedora-security-list@xxxxxxxxxx,mclasen@xxxxxxxxxx +++ This bug was initially created as a clone of Bug #215405 +++ Tavis Ormandy told vendor-sec about a OOB memory read flaw in libpng. This flaw is a denial of service flaw. quoting the mail from Tavis: Hello, there's a typo in the sPLT chunk handling code in libpng, potentially resulting in an OOB read. AFAICT, the extent of the vulnerability is denial of service, but would appreciate a second pair of eyes to verify. Around line ~983 of pngset.c, in png_set_sPLT() to->entries =3D (png_sPLT_entryp)png_malloc(png_ptr,=20 from->nentries * png_sizeof(png_sPLT_t)); should be `png_sizeof(png_sPLT_entry)` and the same on this line: png_memcpy(to->entries, from->entries, from->nentries * png_sizeof(png_sPLT_t)); This issue also affects RHEL2.1 and RHEL3 -- Additional comment from bressers@xxxxxxxxxx on 2006-11-14 16:28 EST -- This issue is now public: http://bugs.gentoo.org/show_bug.cgi?id=154380 --- Possibly affected: libpng in FC5, FC6, and devel, and libpng10 in FC5. (libpng10 in Extras has been updated, see bug 216263) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
