Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 507378 (CVE-2013-7353) - <media-libs/libpng-{1.5.14,1.6.0}: Two integer overflow (CVE-2013-{7353,7354})
Summary: <media-libs/libpng-{1.5.14,1.6.0}: Two integer overflow (CVE-2013-{7353,7354})
Status: RESOLVED FIXED
Alias: CVE-2013-7353
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://seclists.org/oss-sec/2014/q2/83
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-11 07:48 UTC by Agostino Sarubbo
Modified: 2014-08-14 14:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-04-11 07:48:42 UTC
From ${URL} :

http://sourceforge.net/p/libpng/bugs/199/

Use CVE-2013-7353 for "png_set_unknown_chunks in libpng/pngset.c ...
Fixed in libpng-1.5.14beta08"

("has four integer overflow bugs" is apparently a typo of "has one
integer overflow bug")

Use CVE-2013-7354 for "The png_set_sPLT() and png_set_text_2()
functions have a similar bug, which is fixed in libpng-1.5.14rc03" --
this has a different discoverer.

The vendor mentions that internal calls use safe values. These issues
could potentially affect applications that use the libpng API.
Apparently no such applications were identified as part of the work on
bug 199.



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2014-06-15 22:55:34 UTC
From http://sourceforge.net/p/png-mng/mailman/message/32215052/ :"libpng10, 12, and 14 were not affected. Libpng15, 16, and 17beta were fixed in January 2013."

The corrected versions are libpng-1.5.14 and libpng-1.6.0 as per http://sourceforge.net/p/libpng/bugs/199/ 

Both of these are already stabilized for later versions and cleaned up in current tree. 

Added to existing GLSA request.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-06-16 00:00:56 UTC
CVE-2013-7354 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7354):
  Multiple integer overflows in libpng before 1.5.14rc03 allow remote
  attackers to cause a denial of service (crash) via a crafted image to the
  (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based
  buffer overflow.

CVE-2013-7353 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7353):
  Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c
  in libpng before 1.5.14beta08 allows context-dependent attackers to cause a
  denial of service (segmentation fault and crash) via a crafted image, which
  triggers a heap-based buffer overflow.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-08-14 14:33:07 UTC
This issue was resolved and addressed in
 GLSA 201408-06 at http://security.gentoo.org/glsa/glsa-201408-06.xml
by GLSA coordinator Mikle Kolyada (Zlogene).