Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 335887 (CVE-2010-2249)

Summary: media-libs/libpng: Memory leak in pngrutil.c in (CVE-2010-2249)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: base-system, jaak
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=608644
Whiteboard: A4 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:22:08 UTC 
CVE-2010-2249 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2249):
  Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
  1.4.3, allows remote attackers to cause a denial of service (memory
  consumption and application crash) via a PNG image containing
  malformed Physical Scale (aka sCAL) chunks.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:23:04 UTC 
We already have 1.2.44 and 1.4.3, just need to decide on a glsa.
Vote: no.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2010-09-28 18:33:26 UTC 
yes with #324153 and #307637
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2010-10-06 07:11:16 UTC 
GLSA 201010-01