Bug 745027

Summary: VUL-0: CVE-2011-0408: libpng: buffer overflow
Product: [Novell Products] SUSE Security Incidents Reporter: Matthias Weckbecker <mweckbecker>
Component: GeneralAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: meissner, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:running:45321:important
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Matthias Weckbecker 2012-02-03 12:32:33 UTC 
======================================================
Name: CVE-2011-0408
pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow.  NOTE: some of these details are obtained from third party information.

Reference: CERT-VN: http://www.kb.cert.org/vuls/id/643140
Reference: XF: http://xforce.iss.net/xforce/xfdb/64637
Reference: VUPEN: http://www.vupen.com/english/advisories/2011/0080
Reference: CONFIRM: http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement
Reference: SECTRACK: http://securitytracker.com/id?1024955
Reference: SECUNIA: http://secunia.com/advisories/42863
Reference: OSVDB: http://osvdb.org/70417
Comment 1 Swamp Workflow Management 2012-02-03 12:38:34 UTC 
The SWAMPID for this issue is 45321.
This issue was rated as important.
Please submit fixed packages until 2012-02-10.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Petr Gajdos 2012-02-06 08:29:42 UTC 
osc se libpng15
No matches found for 'libpng15' in projects
####################################################################
matches for 'libpng15' in packages:

# Project                       # Package
graphics                        libpng15
home:elvigia:branches:graphics  libpng15
home:pgajdos:libpng15           libpng15
home:pheinlein:typo3            libpng15
openSUSE:Factory                libpng15


As far as I can see and read your first comment, we don't have libpng15 in any released product ;-) (factory has newest libpng15).

Btw:
Could you please consider to not set the priority for bugs? If I understand correctly, the reporter should set only severity and asignee should set priority. Otherwise one of these ratings seems to be redundant to me.
Comment 4 Marcus Meissner 2012-02-10 13:10:20 UTC 
we need to review if it affects other libpngs before closing
Comment 5 Michal Vyskocil 2012-02-13 10:03:31 UTC 
It seems it does not

https://bugzilla.redhat.com/show_bug.cgi?id=671502
Comment 6 Marcus Meissner 2012-02-13 10:49:29 UTC 
then close.