SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   libpng Vendors:   libpng.sourceforge.net
(Fedora Issues Fix) libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions
SecurityTracker Alert ID:  1010202
SecurityTracker URL:  http://securitytracker.com/id/1010202
CVE Reference:   CAN-2004-0421   (Links to External Site)
Date:  May 18 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.2.2-20
Description:   A vulnerability was reported in libpng. A remote user can create a PNG image that, when processed by libpng, may cause denial of service conditions.

Mandrake reported that when libpng creates an error message, libpng may access invalid memory locations. As a result, an application using libpng may crash or core dump when processing certain PNG images, the report said.

Steve Grubb is credited with discovering this flaw.

Impact:   A remote user can create a malformed PNG image that, when processed by an application using libpng, may cause the application to crash. The specific impact depends on the application using libpng.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

4ceffa6a0fe2b293ec48c2f1a4ca2fe6 SRPMS/libpng-1.2.2-20.src.rpm
876f87e9de276ed92b2e1425439233af i386/libpng-1.2.2-20.i386.rpm
afcfe9d01bfa437e24ee4ea2fc898168 i386/libpng-devel-1.2.2-20.i386.rpm
a966d3380fc2f761a49e2235b119eae2
i386/debug/libpng-debuginfo-1.2.2-20.i386.rpm
848573832baaaec56f60395c97a198ed x86_64/libpng-1.2.2-20.x86_64.rpm
9f182bc4e203c9e85fc2d216c45b638a
x86_64/libpng-devel-1.2.2-20.x86_64.rpm
e3f298fdf2f49bc6b239e209bd164cc2
x86_64/debug/libpng-debuginfo-1.2.2-20.x86_64.rpm
876f87e9de276ed92b2e1425439233af x86_64/libpng-1.2.2-20.i386.rpm

Vendor URL:  www.libpng.org/pub/png/libpng.html (Links to External Site)
Cause:   Access control error, Resource error
Underlying OS:   Linux (Red Hat Fedora)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 30 2004 libpng Memory Access Violation When Creating Error Messages May Cause Denial of Service Conditions



 Source Message Contents

Date:  Wed, 05 May 2004 15:56:08 -0400
Subject:  [SECURITY] Fedora Core 1 Update: libpng-1.2.2-20


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-105
2004-05-05
---------------------------------------------------------------------
 
Name        : libpng
Version     : 1.2.2
Release     : 20
Summary     : A library of functions for manipulating PNG image format
files.
Description :
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.  PNG
is a bit-mapped graphics format similar to the GIF format.  PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.
 
Libpng should be installed if you need to manipulate PNG format image
files.
 
---------------------------------------------------------------------
 
* Mon Apr 19 2004 Matthias Clasen <mclasen@redhat.com>
 
- fix a possible out-of-bounds read in the error message
  handler. #121229
 
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
 
- rebuilt
 
* Fri Feb 27 2004 Mark McLoughlin <markmc@redhat.com> 2:1.2.2-19
 
- rebuild with changed bits/setjmp.h on ppc
 
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
 
- rebuilt
 
 
---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
 
4ceffa6a0fe2b293ec48c2f1a4ca2fe6  SRPMS/libpng-1.2.2-20.src.rpm
876f87e9de276ed92b2e1425439233af  i386/libpng-1.2.2-20.i386.rpm
afcfe9d01bfa437e24ee4ea2fc898168  i386/libpng-devel-1.2.2-20.i386.rpm
a966d3380fc2f761a49e2235b119eae2 
i386/debug/libpng-debuginfo-1.2.2-20.i386.rpm
848573832baaaec56f60395c97a198ed  x86_64/libpng-1.2.2-20.x86_64.rpm
9f182bc4e203c9e85fc2d216c45b638a 
x86_64/libpng-devel-1.2.2-20.x86_64.rpm
e3f298fdf2f49bc6b239e209bd164cc2 
x86_64/debug/libpng-debuginfo-1.2.2-20.x86_64.rpm
876f87e9de276ed92b2e1425439233af  x86_64/libpng-1.2.2-20.i386.rpm
 
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
 



--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC