Hi, please see <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045>. This affects *every* lipng version. It a different vulnerability than CVE-2011-3026. Some hours ago, they release libpng-1.5.10 which contains a fix: <http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d5a80e094465b2feb448e8d291ea696dc408a097> Reproducible: Always Expected Results: Bump media-libs/libpng to 1.5.10.
Thanks for the bug, Thomas.
There is no apng patch for 1.5.10 release out yet, and the patch for 1.5.9 doesn't apply because: 1.5.10 would like to #define PNG_HAVE_iCCP to 0x4000 in pngpriv.h, and apng patch for 1.5.9 would like to #define PNG_HAVE_acTL to the same 0x4000 value. I'm inclined to wait for official apng 1.5.10 patch here.
New apng patch is now available at the usual place...
Please test and stabilize: =media-libs/libpng-1.2.49 "amd64 x86" =media-libs/libpng-1.5.10 "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
amd64/hardened/mixed: ok (emerges fine, I also tested few rdeps).
amd64 stable
x86 stable. Thanks
arm/ia64/m68k/s390/sh done
CVE-2011-3045 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045): Integer signedness error in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
(CVE-2012-3048) This seemed pertinent to add as it applies to the same versions http://secunia.com/advisories/48587/ A vulnerability has been reported in libpng, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an error within the "png_set_text_2()" function (pngset.c) when parsing certain text chunks and can be exploited to corrupt heap memory via a specially crafted PNG file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 1.5.10, 1.4.11, 1.2.49, and 1.0.59. Solution Update to version 1.5.10, 1.4.11, 1.2.49, or 1.0.59.
ppc done
ppc64 done
alpha/sparc stable
Thanks, everyone. Already on existing GLSA request.
CVE-2011-3048 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048): The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
This issue was resolved and addressed in GLSA 201206-15 at http://security.gentoo.org/glsa/glsa-201206-15.xml by GLSA coordinator Sean Amoss (ackle).