Ubuntu
libpng package

Integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed

Bug #934372 reported by Zubin Mithra on 2012-02-17

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libpng (Ubuntu)	Fix Released	Undecided	Jamie Strandboge

Bug Description

Integer overflow in the libpng PNG library, which could lead to the execution
of arbitrary code if a malformed image is processed

The line,
png_charp text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);

inside libpng/pngrutil.c needs to be checked for truncation and integer overflow.

CVE-2011-3026.

http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492

CVE References

2011-3026

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-02-17:

Thanks for using Ubuntu and reporting a bug. This is already fixed in 1.2.46-3ubuntu2 in Ubuntu 12.04 and the stable releases of Ubuntu in http://www.ubuntu.com/usn/usn-1367-1/.

visibility:	private → public
Changed in libpng (Ubuntu):
assignee:	nobody → Jamie Strandboge (jdstrand)
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibpng package