*** This bug is a security vulnerability *** Public security bug reported:
>From the oCERT advisory: "Applications using libpng that install unknown chunk handlers, or copy unknown chunks, may be vulnerable to a security issue which may result in incorrect output, information leaks, crashes, or arbitrary code execution. The issue involves libpng incorrectly handling zero length chunks which results in uninitialized memory affecting the control flow of the application." Details: http://www.ocert.org/advisories/ocert-2008-003.html http://libpng.sourceforge.net/Advisory-1.2.26.txt >From the upstream advisory: "We believe this is a rare circumstance. It occurs in "pngtest" that is a part of the libpng distribution, in pngcrush, and in recent versions of ImageMagick (6.2.5 through 6.4.0-4). We are not aware of any other vulnerable applications." Ubuntu might be affected by this issue through ImageMagick version 6.3.7.9 in Hardy, the pngcrush package (in universe) or pngtest.c example in package libpng12-0. ** Affects: libpng (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1382 -- CVE-2008-1382: libpng zero-length chunks incorrect handling https://bugs.launchpad.net/bugs/217128 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs