Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 178729 - media-libs/libpng <= 1.2.16 NULL pointer dereference (CVE-2007-2445)
Summary: media-libs/libpng <= 1.2.16 NULL pointer dereference (CVE-2007-2445)
Status: RESOLVED DUPLICATE of bug 178004
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2/3 [ebuild] Falco
Depends on:
Reported: 2007-05-16 09:14 UTC by Dawid Stawiarski
Modified: 2007-05-18 19:48 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Dawid Stawiarski 2007-05-16 09:14:41 UTC
Versions up through 1.2.16 (and 1.0.24) have an NULL-pointer-dereference vulnerability involving palette images with a malformed tRNS chunk (i.e., one with a bad CRC value). This bug can, at a minimum, cause crashes in browsers simply by visiting a page displaying such an image; reportedly it also crashes the Microsoft Windows display manager. CERT refers to it as VU#684664 and MITRE as CVE-2007-2445. It's fixed in versions libpng 1.2.18 and libpng 1.0.26 (also 1.2.17 and 1.0.25, which had a bug in their configure scripts), released 15 May 2007.
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-05-16 09:49:42 UTC
hum sorry for bugspam

*** This bug has been marked as a duplicate of bug 178004 ***