Secunia wrote: A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error within the "png_push_read_zTXt()" function in pngread.c when processing malicious PNG images with specially crafted zTXt chunks, which can be exploited to crash an application using the library. The vulnerability was reportedly introduced in version 1.2.30beta04 and is reported in version 1.2.31. Other versions may also be affected. Note: An off-by-one error in pngtest.c was also fixed. SOLUTION: Fixed in version 1.2.32beta01. PROVIDED AND/OR DISCOVERED BY: Harald van Dijk ORIGINAL ADVISORY: http://sourceforge.net/project/shownotes.php?release_id=624518
CVE-2008-3964 has been assigned.
As a side note, before >libpng-1.2.30 goes stable. cairo-1.6.4-r1 needs to go stable otherwise any app that uses PNG images and cairo (which is anything that uses GTK+) will segfault due to an API change in libpng 1.2.30 and higher.
This was introduced in libpng-1.2.30beta04, so it does not affect stable. The only version we have in the tree affected by this is 1.2.31, and since that is superseded by 1.2.32, this bug can be closed. Please remove 1.2.31 and do not process it for stabling.
