Bug 445487 - libpng a subject to CVE-2008-1382 advisory
Summary: libpng a subject to CVE-2008-1382 advisory
Keywords:
Status: CLOSED DUPLICATE of bug 441839
Alias: None
Product: Fedora
Classification: Fedora
Component: libpng
Version: 8
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Tom Lane
QA Contact: Fedora Extras Quality Assurance
URL: http://libpng.sourceforge.net/Advisor...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-07 04:49 UTC by Michal Jaegermann
Modified: 2013-07-03 03:18 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-05-07 04:58:25 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Michal Jaegermann 2008-05-07 04:49:45 UTC
Description of problem:

Quote: "Tavis Ormandy advised us of a bug in libpng in its handling
of unknown chunks with zero data length. We have examined the report
and find that the bug exists in all libpng versions since 1.0.6".

An advisory notes that various versions of ImageMagick are
affected by the bug.  A version 1.2.28 with a fix was released.

Version-Release number of selected component (if applicable):
libpng-1.2.22-1.fc8 (but this is clearly not limited to F8)

Comment 1 Tom Lane 2008-05-07 04:58:25 UTC
yeah, we've heard of it ... doesn't appear significant enough to mandate a security exercise.

*** This bug has been marked as a duplicate of 441839 ***


Note You need to log in before you can comment on or make changes to this bug.