Bug 445487 - libpng a subject to CVE-2008-1382 advisory
libpng a subject to CVE-2008-1382 advisory
Status: CLOSED DUPLICATE of bug 441839
Product: Fedora
Classification: Fedora
Component: libpng (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Tom Lane
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-05-07 00:49 EDT by Michal Jaegermann
Modified: 2013-07-02 23:18 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-07 00:58:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michal Jaegermann 2008-05-07 00:49:45 EDT
Description of problem:

Quote: "Tavis Ormandy advised us of a bug in libpng in its handling
of unknown chunks with zero data length. We have examined the report
and find that the bug exists in all libpng versions since 1.0.6".

An advisory notes that various versions of ImageMagick are
affected by the bug.  A version 1.2.28 with a fix was released.

Version-Release number of selected component (if applicable):
libpng-1.2.22-1.fc8 (but this is clearly not limited to F8)
Comment 1 Tom Lane 2008-05-07 00:58:25 EDT
yeah, we've heard of it ... doesn't appear significant enough to mandate a security exercise.

*** This bug has been marked as a duplicate of 441839 ***

Note You need to log in before you can comment on or make changes to this bug.