Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-3425

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

Related bugs and status

CVE-2012-3425 (Candidate) is related to these bugs:

Bug #1516592: CVE-2015-8126: Multiple buffer overflows

		In	Importance	Status
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu)	High	Fix Released
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu Trusty)	High	Fix Released
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu Wily)	High	Fix Released
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu Vivid)	High	Fix Released
1516592	CVE-2015-8126: Multiple buffer overflows	libpng (Ubuntu Precise)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2012072...
MLIST: [oss-security] 2012072...
MISC: http://bugs.debian.org...
MISC: http://libpng.git.sour...
MISC: http://libpng.git.sour...
MISC: http://libpng.git.sour...
MISC: http://libpng.git.sour...
SUSE: openSUSE-SU-2012:0934
UBUNTU: USN-2815-1