CVE-2008-1382: libpng zero-length chunks incorrect handling
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpng (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Hardy |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
From the oCERT advisory:
"Applications using libpng that install unknown chunk handlers, or copy unknown chunks, may be vulnerable to a security issue which may result in incorrect output, information leaks, crashes, or arbitrary code execution.
The issue involves libpng incorrectly handling zero length chunks which results in uninitialized memory affecting the control flow of the application."
Details:
http://
http://
From the upstream advisory:
"We believe this is a rare circumstance. It occurs in "pngtest"
that is a part of the libpng distribution, in pngcrush, and in
recent versions of ImageMagick (6.2.5 through 6.4.0-4). We are
not aware of any other vulnerable applications."
Ubuntu might be affected by this issue through ImageMagick version 6.3.7.9 in Hardy, the pngcrush package (in universe) or pngtest.c example in package libpng12-0.
Changed in libpng: | |
status: | New → In Progress |
assignee: | nobody → jdstrand |
status: | New → In Progress |
assignee: | nobody → jdstrand |
status: | New → In Progress |
assignee: | nobody → jdstrand |
libpng12-0 is part of main in all stable releases.