Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
Summary: libpng: Interlaced Images Information Disclosure Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=504782
Summary: libpng: Interlaced Images Information Disclosure Vulnerability Product: Security Response Version: unspecified Platform: All OS/Version: Linux Status: NEW Status Whiteboard: source=gentoo,reported=20090606,public=20090604,impact =low? Keywords: Security Severity: medium Priority: medium Component: vulnerability AssignedTo: security-response-team@redhat.com ReportedBy: thoger@redhat.com CC: paul@city-fan.org, lfarkas@lfarkas.org, tgl@redhat.com, berrange@redhat.com, rjones@redhat.com, fedora-mingw@lists.fedoraproject.org Classification: Other Target Release: ---
Quoting Secunia advisory SA35346:
http://secunia.com/advisories/35346/
A vulnerability has been reported in libpng, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an error when processing 1-bit interlaced images. This can be exploited to disclose uninitialised memory via specially crafted images having widths that are not divisible by 8.
The vulnerability is reported in versions prior to 1.2.37.