Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 56307 - media-libs/libpng: buffer overflow due to loop offset values
Summary: media-libs/libpng: buffer overflow due to loop offset values
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2004-07-07 01:57 UTC by Thierry Carrez (RETIRED)
Modified: 2011-10-30 22:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Mandrake patch for CAN-2002-1363 (libpng-1.2.5-transfix.patch,1.89 KB, patch)
2004-07-07 03:07 UTC, Thierry Carrez (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2004-07-07 01:57:00 UTC
From Mandrake advisory ( :
A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise.
This vulnerability was initially patched in January of 2003, but it has since been noted that fixes were required in two additional places that had not been corrected with the earlier patch.

The OpenPKG advisory ( lists several other affected packages :
<= doxygen-1.3.7-20040507 (app-doc/doxygen)
<= ghostscript-8.14-20040604 (app-text/ghostscript)
<= kde-qt-3.2.3-20040429 (?)
<= pdflib-5.0.3-20040625 (media-libs/pdflib)
<= perl-tk-5.8.4-20040622 (dev-perl/perl-tk)
<= qt-3.3.2-20040615 (x11-libs/qt)
<= rrdtool-1.0.48-20040513 (net-analyzer/rrdtool)
<= tetex-2.0.2-20040429 (app-text/tetex)
<= wx-2.4.2-20040425 (?)

I don't know which of them really include a vulnerable copy of libpng...
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-07-07 03:07:54 UTC
Created attachment 34898 [details, diff]
Mandrake patch for CAN-2002-1363

Mandrake and OpenPKG talk about "2 additional places" were a fix is required to
solve CAN-2002-1363. Here is the Mandrake patch (OpenPKG uses the same).

Note that the PNG team did not issue a corrected patch, the one at
is still incomplete.

We should merge this patch to the Gentoo patch.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2004-07-07 03:10:44 UTC
Mike: you did the last cleanups on this, could you apply patch and bump ?
Comment 3 SpanKY gentoo-dev 2004-07-07 07:38:35 UTC
version bumped to 1.2.5-r7 and made stable for all arches since -r6 was stable
and the patch changes very little
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-07-07 07:47:15 UTC
We probably don't have any other vulnerable package (since we link dynamically to libpng) so this is ready for a GLSA.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-07 14:05:35 UTC
GLSA drafted: security please review
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-08 09:31:19 UTC
GLSA 200407-06