RHSA-2011:1105: Moderate: libpng security update

First published: Thu Jul 28 2011(Updated: )

The libpng packages contain a library of functions for creating and<br>manipulating PNG (Portable Network Graphics) image format files.<br>A buffer overflow flaw was found in the way libpng processed certain PNG<br>image files. An attacker could create a specially-crafted PNG image that,<br>when opened, could cause an application using libpng to crash or,<br>potentially, execute arbitrary code with the privileges of the user running<br>the application. (CVE-2011-2690)<br>Note: The application behavior required to exploit CVE-2011-2690 is rarely<br>used. No application shipped with Red Hat Enterprise Linux behaves this<br>way, for example.<br>An out-of-bounds memory read flaw was found in the way libpng processed<br>certain PNG image files. An attacker could create a specially-crafted PNG<br>image that, when opened, could cause an application using libpng to crash.<br>(CVE-2011-2501)<br>An uninitialized memory read issue was found in the way libpng processed<br>certain PNG images that use the Physical Scale (sCAL) extension. An<br>attacker could create a specially-crafted PNG image that, when opened,<br>could cause an application using libpng to crash. (CVE-2011-2692)<br>Users of libpng should upgrade to these updated packages, which upgrade<br>libpng to version 1.2.46 to correct these issues. All running applications<br>using libpng must be restarted for the update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2011:1105
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• package-manager/redhat