libpng

• Author: voroskoi
• Vulnerable: 1.2.20-1
• Unaffected: 1.2.22-1sayshell1

Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service).

1. Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency extension, and an incorrect use of sizeof() may be exploited to crash an application using the library.
2. Various out-of-bounds read errors exist within the functions “png_handle_pCAL()”, “png_handle_sCAL()”, “png_push_read_tEXt()”, “png_handle_iTXt()”, and “png_handle_ztXt()”, which may be exploited by exploited to crash an application using the library.
3. The vulnerability is caused due to an off-by-one error within the ICC profile chunk handling, which potentially can be exploited to crash an application using the library.

• Bug Tracker URL: http://bugs.frugalware.org/task/2475

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269