The png_check_keyword function in pngwutil.c in libpng before 1.0.42,
and 1.2.x before 1.2.34, might allow context-dependent attackers to
set the value of an arbitrary memory location to zero via vectors
involving creation of crafted PNG files with keywords, related to an
implicit cast of the '\0' character constant to a NULL pointer.
NOTE: some sources incorrectly report this as a double free
base-system: can this go stable?
The summary is misleading as it includes version 1.2.34 which seems to be unaffected.
ive seen no regressions with 1.2.34 ... it's fine to stabilize
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Sparc stable (I've been using it with no problems for 3 or 4 weeks now).
Stable on alpha.
Stable for HPPA.
GLSA together with bug 244808.
Redhat is disputing this issue: