It was discovered that libpng did not properly perform bounds checking in
certain operations An attacker could send a specially crafted PNG image and
cause a denial of service in applications linked against libpng This issue
only affected Ubuntu 804 LTS (CVE-2007-5268, CVE-2007-5269) ...
Glenn Randers-Pehrson discovered that the embedded libpng in Firefox
did not properly initialize pointers If a user were tricked into
viewing a malicious website with a crafted PNG file, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program (CVE-2009-0040) ...
Several vulnerabilities have been discovered in libpng, a library for
reading and writing PNG files The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2007-2445
The png_handle_tRNS function allows attackers to cause a denial of service
(application crash) via a grayscale PNG image with a bad tRNS chunk C ...
Synopsis
Moderate: libpng security update
Type/Severity
Security Advisory: Moderate
Topic
Updated libpng and libpng10 packages that fix a couple of security issuesare now available for Red Hat Enterprise Linux 21, 4, and 5This update has been rated as having moderate security impact by the RedHat Security ...
Synopsis
Moderate: libpng security update
Type/Severity
Security Advisory: Moderate
Topic
Updated libpng and libpng10 packages that fix a security issue are nowavailable for Red Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team
...
Synopsis
Critical: seamonkey security update
Type/Severity
Security Advisory: Critical
Topic
Updated seamonkey packages that fix security issues are now available forRed Hat Enterprise Linux 21, 3, and 4This update has been rated as having critical security impact by the RedHat Security Response Team
...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Topic
An updated firefox package that fixes various security issues is nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team
...
Debian Bug report logs -
#516256
[SA33970] libpng Uninitialised Pointer Arrays Vulnerability
Package:
libpng;
Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>;
Reported by: Giuseppe Iuculano <giuseppe@iuculanoit>
Date: Fri, 20 Feb 2009 07:21:01 UTC
Severity: serious
Tags: security
Found in versi ...
Debian Bug report logs -
#512665
CVE-2008-5907: png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero
Package:
libpng;
Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>;
Reported by: Raphael Geissert <atomo64@gmailcom>
Date: Thu, 22 Jan 2 ...
Debian Bug report logs -
#535124
2022 fixes several security issues
Package:
icedove;
Maintainer for icedove is Carsten Schoenert <cschoenert@t-onlinede>; Source for icedove is src:thunderbird (PTS, buildd, popcon)
Reported by: Guido Günther <agx@sigxcpuorg>
Date: Mon, 29 Jun 2009 21:33:01 UTC
Severity: grave
...
Mozilla Foundation Security Advisory 2009-10
Upgrade PNG library to fix memory safety hazards
Announced
March 4, 2009
Reporter
Tavis Ormandy
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
...