Package: libpng Severity: serious Tags: patch security CVE-2007-2445 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2445
CERT Vulnerability Note VU#684664 http://www.kb.cert.org/vuls/id/684664 It seems that a grayscale image with a malformed (bad CRC) tRNS chunk will crash libpng and mozilla. The following patch fixes this problem: --- pngrutil.c 2006-12-08 12:21:12.000000000 +1100 +++ pngrutil.c 2007-05-09 17:19:54.000000000 +1000 @@ -1314,7 +1314,10 @@ } if (png_crc_finish(png_ptr, 0)) + { + png_ptr->num_trans = 0; return; + } png_set_tRNS(png_ptr, info_ptr, readbuf, png_ptr->num_trans, &(png_ptr->trans_values)); Aníbal Monsalve Salazar -- http://v7w.com/anibal
signature.asc
Description: Digital signature
