[SECURITY] libpng vulnerabilities
Yaakov (Cygwin/X)
yselkowitz@users.sourceforge.net
Fri Mar 30 00:00:00 GMT 2012
On 2012-02-26 02:02, marco atzeri wrote:
> again, libpng announced security vulnerabilities:
>
> from : http://www.libpng.org/pub/png/libpng.html
>
> Vulnerability Warning
>
> All versions of libpng from 1.0.6 through 1.5.8, 1.4.8, 1.2.46, and
> 1.0.56, respectively, fail to correctly validate a heap allocation in
> png_decompress_chunk(), which can lead to a buffer-overrun and the
> possibility of execution of hostile code on 32-bit systems. This serious
> vulnerability has been assigned ID CVE-2011-3026 and is fixed in version
> 1.5.9 (and versions 1.4.9, 1.2.47, and 1.0.57, respectively, on the
> older branches), released 18 February 2012.
Now there's YA one, CVE-2011-3048, fixed in 1.5.10, 1.4.11, 1.2.49, and
1.0.59.
Yaakov
More information about the Cygwin-apps
mailing list