Summary: | <media-libs/libpng-{1.5.14,1.6.0}: Two integer overflow (CVE-2013-{7353,7354}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2014/q2/83 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-11 07:48:42 UTC
From http://sourceforge.net/p/png-mng/mailman/message/32215052/ :"libpng10, 12, and 14 were not affected. Libpng15, 16, and 17beta were fixed in January 2013." The corrected versions are libpng-1.5.14 and libpng-1.6.0 as per http://sourceforge.net/p/libpng/bugs/199/ Both of these are already stabilized for later versions and cleaned up in current tree. Added to existing GLSA request. CVE-2013-7354 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7354): Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. CVE-2013-7353 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7353): Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. This issue was resolved and addressed in GLSA 201408-06 at http://security.gentoo.org/glsa/glsa-201408-06.xml by GLSA coordinator Mikle Kolyada (Zlogene). |