Bug 745027 - VUL-0: CVE-2011-0408: libpng: buffer overflow
VUL-0: CVE-2011-0408: libpng: buffer overflow
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:45321:important
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-03 12:32 UTC by Matthias Weckbecker
Modified: 2012-02-13 10:49 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-02-03 12:32:33 UTC
======================================================
Name: CVE-2011-0408
pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow.  NOTE: some of these details are obtained from third party information.

Reference: CERT-VN: http://www.kb.cert.org/vuls/id/643140
Reference: XF: http://xforce.iss.net/xforce/xfdb/64637
Reference: VUPEN: http://www.vupen.com/english/advisories/2011/0080
Reference: CONFIRM: http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement
Reference: SECTRACK: http://securitytracker.com/id?1024955
Reference: SECUNIA: http://secunia.com/advisories/42863
Reference: OSVDB: http://osvdb.org/70417
Comment 1 Swamp Workflow Management 2012-02-03 12:38:34 UTC
The SWAMPID for this issue is 45321.
This issue was rated as important.
Please submit fixed packages until 2012-02-10.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Petr Gajdos 2012-02-06 08:29:42 UTC
osc se libpng15
No matches found for 'libpng15' in projects
####################################################################
matches for 'libpng15' in packages:

# Project                       # Package
graphics                        libpng15
home:elvigia:branches:graphics  libpng15
home:pgajdos:libpng15           libpng15
home:pheinlein:typo3            libpng15
openSUSE:Factory                libpng15


As far as I can see and read your first comment, we don't have libpng15 in any released product ;-) (factory has newest libpng15).

Btw:
Could you please consider to not set the priority for bugs? If I understand correctly, the reporter should set only severity and asignee should set priority. Otherwise one of these ratings seems to be redundant to me.
Comment 4 Marcus Meissner 2012-02-10 13:10:20 UTC
we need to review if it affects other libpngs before closing
Comment 5 Michal Vyskocil 2012-02-13 10:03:31 UTC
It seems it does not

https://bugzilla.redhat.com/show_bug.cgi?id=671502
Comment 6 Marcus Meissner 2012-02-13 10:49:29 UTC
then close.