335887 – (CVE-2010-2249) media-libs/libpng: Memory leak in pngrutil.c in (CVE-2010-2249)

Bug 335887 (CVE-2010-2249) - media-libs/libpng: Memory leak in pngrutil.c in (CVE-2010-2249)

Summary: media-libs/libpng: Memory leak in pngrutil.c in (CVE-2010-2249)

Status:	RESOLVED FIXED

Alias:	CVE-2010-2249

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	A4 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2010-09-03 21:22 UTC by Stefan Behte (RETIRED)
Modified:	2010-10-06 07:11 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-09-03 21:22:08 UTC

CVE-2010-2249 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2249):
  Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
  1.4.3, allows remote attackers to cause a denial of service (memory
  consumption and application crash) via a PNG image containing
  malformed Physical Scale (aka sCAL) chunks.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-09-03 21:23:04 UTC

We already have 1.2.44 and 1.4.3, just need to decide on a glsa.
Vote: no.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2010-09-28 18:33:26 UTC

yes with #324153 and #307637

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2010-10-06 07:11:16 UTC

GLSA 201010-01