An out-of heap-based buffer read flaw was found in the way libpng, a library of functions or creating and manipulating PNG (Portable Network Graphics) image format files, performed reading of PNG image file data when decompressing certain images. A remote attacker could provide a specially-crafted PNG file, which once opened in an application linked against libpng would lead to that application crash. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082
The buggy (private) png_push_read_zTXt function was removed from libpng 1.0.x in 1.0.58, libpng 1.2.x in 1.2.48, and libpng 1.5.x in 1.5.10, so I don't think there are any affected Fedora or EPEL releases: * F-15 has libpng10 1.0.59, libpng 1.2.49 * F-16 has libpng10 1.0.59, libpng 1.2.49 * F-17 has libpng10 1.0.59, libpng 1.2.49 and 1.5.10 * Rawhide has libpng10 1.0.59, libpng 1.2.49 and 1.5.10 * EPEL-6 has libpng10 1.0.59
This was assigned the name CVE-2012-3425:
Statement: (none)
This issue does not affect the version of libpng and libpng10 as shipped with Fedora 16 and Fedora 17.