Bug 813249 - (CVE-2012-3425) CVE-2012-3425 libpng: Out-of heap-based buffer read by inflating certain PNG images
CVE-2012-3425 libpng: Out-of heap-based buffer read by inflating certain PNG ...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
Blocks: 813287
  Show dependency treegraph
Reported: 2012-04-17 06:25 EDT by Jan Lieskovsky
Modified: 2015-11-25 03:13 EST (History)
5 users (show)

See Also:
Fixed In Version: libpng 1.0.58, libpng 1.2.48, libpng 1.5.10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-11-24 04:12:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-04-17 06:25:25 EDT
An out-of heap-based buffer read flaw was found in the way libpng, a library of functions or creating and manipulating PNG (Portable Network Graphics) image format files, performed reading of PNG image file data when decompressing certain images. A remote attacker could provide a specially-crafted PNG file, which once opened in an application linked against libpng would lead to that application crash.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082
Comment 1 Paul Howarth 2012-04-17 06:47:03 EDT
The buggy (private) png_push_read_zTXt function was removed from libpng 1.0.x in 1.0.58, libpng 1.2.x in 1.2.48, and libpng 1.5.x in 1.5.10, so I don't think there are any affected Fedora or EPEL releases:

* F-15 has libpng10 1.0.59, libpng 1.2.49
* F-16 has libpng10 1.0.59, libpng 1.2.49
* F-17 has libpng10 1.0.59, libpng 1.2.49 and 1.5.10
* Rawhide has libpng10 1.0.59, libpng 1.2.49 and 1.5.10

* EPEL-6 has libpng10 1.0.59
Comment 5 Vincent Danen 2012-07-24 14:15:42 EDT
This was assigned the name CVE-2012-3425:
Comment 6 Huzaifa S. Sidhpurwala 2012-07-26 00:58:36 EDT

Comment 7 Huzaifa S. Sidhpurwala 2012-07-26 00:59:29 EDT
This issue does not affect the version of libpng and libpng10 as shipped with Fedora 16 and Fedora 17.

Note You need to log in before you can comment on or make changes to this bug.