First published: Fri Sep 23 2011(Updated: )
It was reported [1] that libpng 1.5.4 suffered from a flaw when encountering a malformed cHRM chunk in a PNG graphics file. libpng would perform a divide-by-zero, which would cause libpng, or any application linked to libpng, to crash. This flaw only affected libpng 1.5.4 where it was introduced, and is corrected in version 1.5.5. [2] [1] <a href="http://www.kb.cert.org/vuls/id/477046">http://www.kb.cert.org/vuls/id/477046</a> [2] <a href="http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624">http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624</a> Statement: Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libpng | <1.5.5 | 1.5.5 |
Greg Roelofs Libpng | =1.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.