Bug 843179 (CVE-2011-3464)

Summary: CVE-2011-3464 libpng: One-byte stack buffer overrun in png_formatted_warning
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: drizt, erik-fedora, fedora-mingw, ktietz, lfarkas, rjones, tgl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20120201,reported=20120201,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhel-4/libpng=notaffected,rhel-5/libpng=notaffected,rhel-6/libpng=notaffected,fedora-all/libpng=notaffected,fedora-17/mingw-libpng=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-27 18:09:11 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 843190    
Bug Blocks:    

Description Kurt Seifried 2012-07-25 15:38:35 EDT
The libpng project announced that libpng 1.5.4 through 1.5.7 contain a 
one-byte (stack) buffer-overrun bug in png_formatted_warning(), which could 
lead to crashes (denial of service) or, conceivably, execution of hostile 
code. This vulnerability has been assigned ID CVE-2011-3464 and is fixed in 
version 1.5.8, released 1 February 2012. 

References:
http://www.libpng.org/pub/png/libpng.html
Comment 1 Kurt Seifried 2012-07-25 16:24:08 EDT
Created mingw-libpng tracking bugs for this issue

Affects: fedora-17 [bug 843190]
Comment 2 Tomas Hoger 2013-08-14 10:04:42 EDT
Statement:

Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 4, 5, and 6.