Bug 1086516 (CVE-2013-7354)
Summary: | CVE-2013-7354 libpng: integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | drizt72, erik-fedora, fedora-mingw, jkoncick, jkurik, ktietz, lfarkas, paul, pfrields, phracek, rdieter, rjones |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-04-21 09:04:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1086669, 1086670, 1086671, 1086672, 1086673, 1086674 | ||
Bug Blocks: | 1086521 |
Description
Huzaifa S. Sidhpurwala
2014-04-11 04:00:28 UTC
This issue was addressed by the following upstream commits for libpng-1.6: http://sourceforge.net/p/libpng/code/ci/590c8b0987f192ae588f6d952bfff5b398c4cb8b http://sourceforge.net/p/libpng/code/ci/2414bd99d8c76f92ca9272f1b1b1eff55709298a/ This issue was addressed by the following upstream commits for libpng-1.5.14: http://sourceforge.net/p/libpng/code/ci/798d3de5f66b6df6d6605f968da641c24725b15e http://sourceforge.net/p/libpng/code/ci/77a0a2ea113e699c7021caf1a530d2e2dd90b497 Created libpng tracking bugs for this issue: Affects: fedora-19 [bug 1086669] Created libpng10 tracking bugs for this issue: Affects: epel-6 [bug 1086673] Created libpng15 tracking bugs for this issue: Affects: fedora-20 [bug 1086670] Created mingw-libpng tracking bugs for this issue: Affects: fedora-19 [bug 1086671] Created mingw32-libpng tracking bugs for this issue: Affects: epel-5 [bug 1086672] Affects: epel-6 [bug 1086674] Upstream says libpng10, 12, and 14 were not affected. http://sourceforge.net/p/png-mng/mailman/message/32215052/ Statement: Not vulnerable. This issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 5 and 6. Does this affect also libpng in Fedora 20 where is version 1.6.6? This is already fixed in libpng-1.6.6 version. I have checked that against upstream. |