The same releases and their immediate predecessors also fix an out-of-bounds by one memory read and a second buffer overrun, this one in the code that writes the sCAL "physical scale of subject" chunk which is rather rare in any case. Both bugs are fixed in versions 1. All of these issues are fixed in version 1. A libpng patch is available, and versions 1. These bugs are fixed in version 1. If one of these calls fails, libpng's cleanup routine will attempt to free the entire array, including any uninitialized pointers, which could lead to execution of an attacker's code with the privileges of the libpng user including remote compromise in the case of a libpng-based browser visiting a hostile web site. Insofar as the function has existed for only four weeks and the chunk itself for only six, it's unlikely there are any applications affected by it at this time, but they might come into existence in the future.
| Uploader: | Fektilar |
| Date Added: | 8 June 2016 |
| File Size: | 12.88 Mb |
| Operating Systems: | Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X |
| Downloads: | 52113 |
| Price: | Free* [*Free Regsitration Required] |
The overrun is always by exactly two bytes 'k' and NULL so it seems highly unlikely that it could be used for anything more nefarious than denial of service e.
Index of /MIRROR/ftp/png/src/history/libpng12
Vulnerability Warning All versions of libpng from 1. The current branch 1. The pngtest sample application distributed with libpng, pngcrushand certain versions of ImageMagick are known to be affected, but the bug is otherwise believed to be quite rare.
All of these issues are fixed in version ttar. Get the latest releases or an appropriate combo patch either from SourceForge headings 1. Vulnerability Warning libpng versions 1. It is unclear whether this could lead to an actual exploit.
libpng Home Page
Vulnerability Warning Several versions of libpng through 1. Specifically, 1-bit 2-color interlaced images whose widths are not divisible by 8 may result in several uninitialized bits at the end of yz rows in certain interlace passes being returned to the user. The bug is fixed in versions 1. Portability Note The libpng 1. If one of these calls fails, libpng's cleanup routine will attempt to free the entire array, including any uninitialized pointers, which could lead to execution of an attacker's code with the privileges of the libpng user including remote compromise in the case of a libpng-based browser visiting a hostile web site.
SDL_image 1.2
This bug is fixed in version 1. The bugs are fixed in versions 1. An additional memory-leak bug, involving images with malformed sCAL chunks, is also present; it could lead to 1.2.112 application crash denial of service when viewing such images.
Vulnerability Warning Lobpng 1. This bug may be fixed in version 1. Graphical browsers and e-mail clients are particularly at risk. Vulnerability Warning Jeff Phillips reported that several versions of libpng through 1. This bug does not affect pure viewers, nor are there any known editors that could trigger it without interactive user input. Vulnerability Warning libpng 1.
Crash Warning Most versions of libpng up through 1. These bugs are fixed in version 1. This could allow a local attacker on the build host to silently replace the extracted libpng library with a malicious version, conceivably poisoning an official binary distribution of libpng though the likelihood of this seems remotebut more generally allowing the attacker to execute arbitrary commands with the permissions of the user running make.
A libpng patch is available, and versions 1. This is not quite as bad as it sounds since the two-byte header can be corrected fairly easily e. Nevertheless, it's worth fixing, and versions libpng 1.
Broken-Image Warning Versions 1. Vulnerability Warning Version 1. The bug is fixed in libpng 1.
Vulnerability Warning All "modern" versions of libpng through 1. The vulnerability is fixed in version 1. Vulnerability Warning Virtually all old-branch libpng versions through 1. An arbitrary amount of memory may be overwritten in this case, with arbitrary attacker-controlled data. Vulnerability Warning All released versions of libpng from 1. Vulnerability Hz Versions up through 1.
Комментариев нет:
Отправить комментарий