Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=504782
--- Comment #9 from Tom Lane tgl@redhat.com 2009-06-09 12:52:46 EDT --- Well, it would have to have a bug that causes it to process whole bytes (groups of 8 pixels) without regard to the declared image width. That seems unlikely to escape notice for long so far as "display" actions go. I suppose the most plausible route for an information leak is if the bytes get shoved directly into some other image file (either an output PNG or some other format with similar representational details), and then the attacker manages to get access to that file. I think we've previously decided that bugs in PNG-writing applications aren't really grounds for security responses, and this would effectively be in that category.