The png_handle_sCAL function in pngrutil.c in libpng 1.0.x prior to 1.0.55, 1.2.x prior to 1.2.45, 1.4.x prior to 1.4.8, and 1.5.x prior to 1.5.4 does not properly handle invalid sCAL chunks, which allows remote malicious users to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libpng libpng |
||
fedoraproject fedora 14 |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |
||
canonical ubuntu linux 10.10 |
||
canonical ubuntu linux 11.04 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 8.04 |