Red Hat Bugzilla – Bug 127869
CAN-2004-0597/98/99 multiple problems in libpng 1.2.5
Last modified: 2007-11-30 17:07:02 EST
libpng version up to and including 1.2.5 have a couple of secuirty holes.
Here are some CVE names
> 1) Remotely exploitable stack-based buffer overrun in
> 2) Dangerous code in png_handle_sBIT (pngrutil.c) (Similar code in
CAN-2004-0597 for these (we merge issues that have the same flaw type that
get fixed in the same versions).
> 3) Possible NULL-pointer crash in png_handle_iCCP (pngrutil.c) (this
> flaw is duplicated in multiple other locations).
CAN-2004-0598 for those
> 4) Theoretical integer overflow in allocation in png_handle_sPLT
> 5) Integer overflow in png_read_png (pngread.c)
> 6) Integer overflows during progressive reading.
> 7) Other flaws. [integer overflows]
CAN-2004-0599 for those
This issue also affects RHEL 2.1
RHEL2.1 is going to be RHSA-2004:390
RHEL3 is going to be RHSA-2004:402
The 2.1 Advisory also deals with an incomplete fix which was
I have set the release date to 2004-08-04 for the time being, when an
official embargoed date arrives, I'll fix it.
Aug 04 1200UTC - removing embargo
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.