Bug 843179 (CVE-2011-3464)

Summary: CVE-2011-3464 libpng: One-byte stack buffer overrun in png_formatted_warning
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: drizt72, erik-fedora, fedora-mingw, ktietz, lfarkas, rjones, tgl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-27 22:09:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 843190    
Bug Blocks:    

Description Kurt Seifried 2012-07-25 19:38:35 UTC 
The libpng project announced that libpng 1.5.4 through 1.5.7 contain a 
one-byte (stack) buffer-overrun bug in png_formatted_warning(), which could 
lead to crashes (denial of service) or, conceivably, execution of hostile 
code. This vulnerability has been assigned ID CVE-2011-3464 and is fixed in 
version 1.5.8, released 1 February 2012. 

References:
http://www.libpng.org/pub/png/libpng.html
Comment 1 Kurt Seifried 2012-07-25 20:24:08 UTC 
Created mingw-libpng tracking bugs for this issue

Affects: fedora-17 [bug 843190]
Comment 2 Tomas Hoger 2013-08-14 14:04:42 UTC 
Statement:

Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 4, 5, and 6.