Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Tue, 09 Sep 2008 06:16:33 +0300
From: Pınar YanardaÄ. <pinar@...dus.org.tr>
To: oss-security@...ts.openwall.com
Subject: CVE request (libpng)

Hi all,

libpng 1.2.32beta01 fixes an off-by-one error within the 
"png_push_read_zTXt()" function in pngread.c when processing malicious 
PNG images with specially crafted zTXt chunks.

 From release notes [1]:

*Notes:* Fixed 1-byte buffer overflow in pngpread.c Fixed 1-byte buffer 
overflow in pngtest.c

[1]: http://sourceforge.net/project/shownotes.php?release_id=624518

Reference: 
http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624

Cheers,

-- 
Pınar YanardaÄ.
http://pinguar.org
_____________________________

"Always program as if the person who will be maintaining your program is a violent psychopath that knows where you live."
-- Martin Golding

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux