[MeeGo-security] [MeeGo-SA-10:21.libpng] Buffer overflow in libpng might allow arbitrary code

Ware, Ryan R ryan.r.ware at intel.com
Tue Jan 18 19:52:47 PST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:21.libpng				            Security Advisory
                                                                MeeGo Project

Topic:          Buffer overflow in libpng might allow arbitrary code

Category:       Graphics
Module:         libpng
Announced:      September 3, 2010
Affects:        MeeGo 1.0
Corrected:      September 3, 2010
MeeGo BID:	3855
CVE:		CVE-2010-1205

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.  PNG
is a bit-mapped graphics format similar to the GIF format.  PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.

II.  Problem Description

CVE-2010-1205: Buffer overflow in pngpread.c in libpng before 1.2.44
and 1.4.x before 1.4.3, as used in progressive applications, might
allow remote attackers to execute arbitrary code via a PNG image that
triggers an additional data row.
CVSS v2 Base: 7.5 (HIGH)
Access Vector: Network exploitable

III. Impact

CVE-2010-1205: Denial of service or arbitrary code execution via
buffer errors (CWE-119)

IV.  Workaround

None

V.   Solution

Update to package libpng-1.2.44-3.1 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=3855
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1205
http://cwe.mitre.org/data/definitions/119.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNNlqjAAoJEEsJm1wYvCMbP/8H/1bipdWX+Ntc71i5LVqem88k
nyUaLSukRRhXNOM7Fn/DQt79Bx0NQoM3XtStWMzQZCVBstYGqw/n893Cgll9LH8j
1rXEZTEL0oB84M9xrZQ1k7GttNnnJRmb7KokuiLZaYnMRNz02yulZq/ZP4jQ7eNW
bItgb+jgzGEUDQg1p7gLhzovrzPsT9H/T7PQTqZ0oIa4Ai0mM0Z6z2bO2kIOgGLE
ji0KiDnNOzONT/nG10DAATswoC7wVVkwbEmBu0Ddn/1ncxHJSfPiz1eIPGRrBTjI
m2t1ICJoFkAzs27/66NpdMyrueURn6O6IhSERzi1gM0BIgolo7M69re/6KqvUwc=
=D3uH
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MeeGo-SA-10-21.libpng.asc
Type: application/octet-stream
Size: 2254 bytes
Desc: MeeGo-SA-10-21.libpng.asc
URL: <http://lists.meego.com/pipermail/meego-security/attachments/20110118/a22f9573/attachment.obj>

More information about the MeeGo-security mailing list