please see <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045>. This affects *every* lipng version. It a different vulnerability than CVE-2011-3026.
Some hours ago, they release libpng-1.5.10 which contains a fix: <http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d5a80e094465b2feb448e8d291ea696dc408a097>
Bump media-libs/libpng to 1.5.10.
Thanks for the bug, Thomas.
There is no apng patch for 1.5.10 release out yet, and the patch for 1.5.9 doesn't apply because:
1.5.10 would like to #define PNG_HAVE_iCCP to 0x4000 in pngpriv.h, and apng patch for 1.5.9 would like to #define PNG_HAVE_acTL to the same 0x4000 value.
I'm inclined to wait for official apng 1.5.10 patch here.
New apng patch is now available at the usual place...
Please test and stabilize:
=media-libs/libpng-1.2.49 "amd64 x86"
=media-libs/libpng-1.5.10 "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
amd64/hardened/mixed: ok (emerges fine, I also tested few rdeps).
x86 stable. Thanks
Integer signedness error in pngrutil.c in libpng before 1.4.10beta01, as
used in Google Chrome before 17.0.963.83 and other products, allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted PNG file, a different vulnerability
This seemed pertinent to add as it applies to the same versions
A vulnerability has been reported in libpng, which can be exploited by malicious people to compromise an application using the library.
The vulnerability is caused due to an error within the "png_set_text_2()" function (pngset.c) when parsing certain text chunks and can be exploited to corrupt heap memory via a specially crafted PNG file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 1.5.10, 1.4.11, 1.2.49, and 1.0.59.
Update to version 1.5.10, 1.4.11, 1.2.49, or 1.0.59.
Thanks, everyone. Already on existing GLSA request.
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x
before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote
attackers to cause a denial of service (crash) or execute arbitrary code via
a crafted text chunk in a PNG image file, which triggers a memory allocation
failure that is not properly handled, leading to a heap-based buffer
This issue was resolved and addressed in
GLSA 201206-15 at http://security.gentoo.org/glsa/glsa-201206-15.xml
by GLSA coordinator Sean Amoss (ackle).