Bug 480321 (CVE-2008-5907)
Summary: | CVE-2008-5907 libpng,libpng10: Zeroing value of an arbitrary memory location in utilities for writing PNG files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bressers, tgl |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-01-16 14:05:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2009-01-16 13:51:06 UTC
This issue affects all version of the libpng package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. This issue affects all versions of the libpng and libpng10 package, as shipped with Fedora releases of 9, 10 and devel. Please fix. Closing due http://openwall.com/lists/oss-security/2009/01/09/1, overlooked this part :(. Red Hat does not consider CVE-2008-5907 to be a security vulnerability. The affected function validating the proper format of special keywords in the chunks constructing the whole PNG image file can be used only for writing of such improperly formatted keywords into the particular chunks of resulting PNG image format files, not reading them. Also, in typical usage the keywords being checked would be constant strings in the applications, thus even less likely to trigger the over-length error. |