[Png-mng-security] libpng-1.0.21rc1, 1.2.13rc1, and 1.4.0beta13
Glenn Randers-Pehrson
glennrp at comcast.net
Sat Nov 11 12:32:55 UTC 2006
At 12:49 PM 11/11/2006 +0100, Dimitri wrote:
>Hi,
>
>> They contain fixes for the two just-mentioned vulnerabilities.
>> Please review and test, but don't advertize or redistribute them.
>
>The following change in pngwutil.c cannot be found in the CHANGES file:
>[...]
> png_warning(png_ptr,
> "Truncating profile to actual length in iCCP chunk");
> profile_len = embedded_profile_len;
>[...]
>This change has been introduced with libpng-1.2.13beta1.
Right. I was planning to put it in the CHANGES for 1.2.13. This is
actually another security problem since one might crash a decoder by
putting a larger profile inside the iCCP profile than is actually
expected.
Glenn
More information about the png-mng-security-archive
mailing list