[Png-mng-security] libpng-1.0.21rc1, 1.2.13rc1, and 1.4.0beta13

Glenn Randers-Pehrson glennrp at comcast.net
Sat Nov 11 12:32:55 UTC 2006


At 12:49 PM 11/11/2006 +0100, Dimitri wrote:
>Hi,
>
>> They contain fixes for the two just-mentioned vulnerabilities.
>> Please review and test, but don't advertize or redistribute them.
>
>The following change in pngwutil.c cannot be found in the CHANGES file:
>[...]
>         png_warning(png_ptr,
>           "Truncating profile to actual length in iCCP chunk");
>         profile_len = embedded_profile_len;
>[...]
>This change has been introduced with libpng-1.2.13beta1.

Right.  I was planning to put it in the CHANGES for 1.2.13.  This is
actually another security problem since one might crash a decoder by
putting a larger profile inside the iCCP profile than is actually
expected.

Glenn



More information about the png-mng-security-archive mailing list