Red Hat Bugzilla – Bug 813249
CVE-2012-3425 libpng: Out-of heap-based buffer read by inflating certain PNG images
Last modified: 2015-11-25 03:13:52 EST
An out-of heap-based buffer read flaw was found in the way libpng, a library of functions or creating and manipulating PNG (Portable Network Graphics) image format files, performed reading of PNG image file data when decompressing certain images. A remote attacker could provide a specially-crafted PNG file, which once opened in an application linked against libpng would lead to that application crash.
The buggy (private) png_push_read_zTXt function was removed from libpng 1.0.x in 1.0.58, libpng 1.2.x in 1.2.48, and libpng 1.5.x in 1.5.10, so I don't think there are any affected Fedora or EPEL releases:
* F-15 has libpng10 1.0.59, libpng 1.2.49
* F-16 has libpng10 1.0.59, libpng 1.2.49
* F-17 has libpng10 1.0.59, libpng 1.2.49 and 1.5.10
* Rawhide has libpng10 1.0.59, libpng 1.2.49 and 1.5.10
* EPEL-6 has libpng10 1.0.59
This was assigned the name CVE-2012-3425:
This issue does not affect the version of libpng and libpng10 as shipped with Fedora 16 and Fedora 17.