240398 – CVE-2007-2445: libpng10 DoS

Bug 240398 - CVE-2007-2445: libpng10 DoS

Summary: CVE-2007-2445: libpng10 DoS

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libpng10
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Paul Howarth
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-05-17 08:00 UTC by Ville Skyttä
Modified:	2007-11-30 22:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:	1.0.26-1.fc6
Clone Of:
Environment:
Last Closed:	2007-06-01 10:12:30 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ville Skyttä 2007-05-17 08:00:09 UTC

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445

"The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x
before 1.2.17 allows remote attackers to cause a denial of service (application
crash) via a grayscale PNG image with a bad tRNS chunk CRC value."

Comment 1 Paul Howarth 2007-06-01 10:12:30 UTC

libpng10-1.0.26-1.fc6 has been released for Fedora Extras 6, which should
resolve this problem.

There is also a release libpng10-1.0.26-1.fc7.1 in Fedora 7 updates and
libpng10-1.0.26-1.fc8 for development.

Note You need to log in before you can comment on or make changes to this bug.