A vulnerability has been reported in libpng, which can be exploited
by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a memory leak error within the
"png_handle_tEXt()" function in pngrutil.c. This can be exploited to
potentially exhaust all available memory via a specially crafted PNG
The vulnerability is reported in version 1.2.32. Other versions may
also be affected.
Fixed in version 1.2.33rc02.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
base-system, can we have a unaffected version (libpng-1.2.33rc02 is what secunia says), please?
Created attachment 170150 [details, diff]
changes from rc01 to rc02
The patch applies to 1.2.26 as well (with some fuzz), but png_struct was changed since then, so it does not work.
FYI libpng-1.2.33 is in the tree and has been for a while ...
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
Ready for vote, I vote YES.
Yes, too. Request filed.