Bug 813249 (CVE-2012-3425) - CVE-2012-3425 libpng: Out-of heap-based buffer read by inflating certain PNG images
Summary: CVE-2012-3425 libpng: Out-of heap-based buffer read by inflating certain PNG ...
Alias: CVE-2012-3425
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
Blocks: 813287
TreeView+ depends on / blocked
Reported: 2012-04-17 10:25 UTC by Jan Lieskovsky
Modified: 2021-02-24 12:41 UTC (History)
5 users (show)

Fixed In Version: libpng 1.0.58, libpng 1.2.48, libpng 1.5.10
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-11-24 09:12:48 UTC

Attachments (Terms of Use)

Description Jan Lieskovsky 2012-04-17 10:25:25 UTC
An out-of heap-based buffer read flaw was found in the way libpng, a library of functions or creating and manipulating PNG (Portable Network Graphics) image format files, performed reading of PNG image file data when decompressing certain images. A remote attacker could provide a specially-crafted PNG file, which once opened in an application linked against libpng would lead to that application crash.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082

Comment 1 Paul Howarth 2012-04-17 10:47:03 UTC
The buggy (private) png_push_read_zTXt function was removed from libpng 1.0.x in 1.0.58, libpng 1.2.x in 1.2.48, and libpng 1.5.x in 1.5.10, so I don't think there are any affected Fedora or EPEL releases:

* F-15 has libpng10 1.0.59, libpng 1.2.49
* F-16 has libpng10 1.0.59, libpng 1.2.49
* F-17 has libpng10 1.0.59, libpng 1.2.49 and 1.5.10
* Rawhide has libpng10 1.0.59, libpng 1.2.49 and 1.5.10

* EPEL-6 has libpng10 1.0.59

Comment 5 Vincent Danen 2012-07-24 18:15:42 UTC
This was assigned the name CVE-2012-3425:

Comment 6 Huzaifa S. Sidhpurwala 2012-07-26 04:58:36 UTC


Comment 7 Huzaifa S. Sidhpurwala 2012-07-26 04:59:29 UTC
This issue does not affect the version of libpng and libpng10 as shipped with Fedora 16 and Fedora 17.

Note You need to log in before you can comment on or make changes to this bug.