740864 – (CVE-2011-3328) CVE-2011-3328 libpng: malformed cHRM divide-by-zero vulnerability in 1.5.4

Bug 740864 (CVE-2011-3328) - CVE-2011-3328 libpng: malformed cHRM divide-by-zero vulnerability in 1.5.4

Summary: CVE-2011-3328 libpng: malformed cHRM divide-by-zero vulnerability in 1.5.4

Keywords:
Status:	CLOSED UPSTREAM
Alias:	CVE-2011-3328
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-23 15:15 UTC by Vincent Danen
Modified:	2021-02-24 14:42 UTC (History)
CC List:	1 user (show)
Fixed In Version:	libpng 1.5.5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-23 15:17:17 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vincent Danen 2011-09-23 15:15:49 UTC

It was reported [1] that libpng 1.5.4 suffered from a flaw when encountering a malformed cHRM chunk in a PNG graphics file.  libpng would perform a divide-by-zero, which would cause libpng, or any application linked to libpng, to crash.

This flaw only affected libpng 1.5.4 where it was introduced, and is corrected in version 1.5.5. [2]

[1] http://www.kb.cert.org/vuls/id/477046
[2] http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624


Statement:

Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 4, 5, or 6.

Comment 1 Vincent Danen 2011-09-23 15:17:17 UTC

This does not affect anything we ship; we do not provide libpng 1.5.x in any product.

Note You need to log in before you can comment on or make changes to this bug.