Red Hat Bugzilla – Bug 461599
CVE-2008-3964 libpng: off-by-one error in png_push_read_zTXt()
Last modified: 2016-03-04 07:23:17 EST
libpng upstream version 1.2.32beta01 fixes an insufficient memory allocation flaw in the "png_push_read_zTXt()" function in pngpread.c, that results in a write of once null byte past the end of allocated buffer.
Upstream bug report:
As noted in the upstream bug report, this issue was introduced upstream in libpng-1.2.30beta04 and currently only affect 1.2.31 as available in Fedora Rawhide. Versions of libpng as shipped in Red Hat Enterprise Linux 2.1, 3, 4 and 5 are not affected by this flaw.
Fixed now in Fedora Rawhide, no other affected product -> closing.