Summary: | =media-libs/libpng-1.5.4 "png_handle_cHRM()" Division By Zero DoS (CVE-2011-3328) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/46148/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2011-09-23 21:13:41 UTC
libpng-1.5.5 is in the tree now (In reply to comment #1) > libpng-1.5.5 is in the tree now 1.5.4-r1 was committed yesterday for this CVE (told xarthisius to do that on Freenode) so we have been good since yesterday Thanks for 1.5.5 in any case :-) Thanks ssuominen, vapier, xarthisius. As per ~3 closing as noglsa. CVE-2011-3328 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3328): The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. |