https://bugzilla.redhat.com/show_bug.cgi?id=1086516
Bug ID: 1086516
Summary: CVE-2013-7354 Integer overflow leading to a heap-based
buffer overflow in png_set_sPLT() and png_set_text_2()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: huzaifas(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jkoncick(a)redhat.com, jkurik(a)redhat.com,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
pfrields(a)redhat.com, phracek(a)redhat.com,
rjones(a)redhat.com
An integer overflow leading to a heap-based buffer overflow was found in the
png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could
create a specially-crafated image file and render it with an application
written to explicitly call png_set_sPLT() or png_set_text_2() function, could
cause libpng to crash or execute arbitrary code with the permissions of the
user running such an application.
The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.
Reference:
http://sourceforge.net/p/libpng/bugs/199/
http://seclists.org/oss-sec/2014/q2/83
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe