Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 194683

Summary: <dev-games/irrlicht-1.3.1 libpng tRNS Chunk Denial of Service
Product: Gentoo Security Reporter: Tobias Heinlein (RETIRED) <keytoaster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: games
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/27056/
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---

Description Tobias Heinlein (RETIRED) gentoo-dev 2007-10-04 07:37:06 UTC 
A vulnerability has been reported in Irrlicht, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the use of vulnerable libpng code.

The vulnerability is reported in versions prior to 1.3.1.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2007-10-04 07:41:15 UTC 
Version 1.3.1 is already in the tree. 
Games, is this version ready to go stable? Or is there a good reason why it isn't stable yet (even 1.3 is in the tree for 4 months now, without any bugs)? Please advise.
Comment 2 Tristan Heaven (RETIRED) gentoo-dev 2007-10-04 09:02:24 UTC 
I don't think we're affected by this because all of the versions in the tree are built without the bundled jpeg, zlib and libpng.
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-10-04 09:45:17 UTC 
i would close it as INVALID, as Tristan says that the gentoo versions don't use the vulnerable code. Furthermore the relevance of that bug is questionable, since we don't handle client-side DoS, and i'm not sure a DoS could be triggered on a server here.
Feel free to reopen if you have clue that we're affected and a server using this engine could be remotely crashed.