This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

SECURITY: libpng (CVE-2006-3334)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow.

Solution: update libpng10 to 1.0.20 and libpng12 to 1.2.12

More information:
http://security.gentoo.org/glsa/glsa-200607-06.xml
http://sourceforge.net/project/shownotes.php?release_id=428120&group_id=5624
http://sourceforge.net/project/shownotes.php?release_id=428123&group_id=5624
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334


Yaakov

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEvqSIpiWmPGlmQSMRApYoAKDbud9Gbaz5zHhoHQwWHgWMKUTMKQCg9KqG
55939kaak74FctqLKEa23Qk=
=OQP5
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]