[Png-mng-security] Vulnerability in libpng sPLT chunk handling

Greg Roelofs newt at pobox.com
Sat Nov 11 18:11:24 UTC 2006


>> BTW, Red Hat's security folk were already informed of this and don't
>> think it's a critical issue, because they don't see any crash.

>> My ancient copy of 1.0.5 doesn't crash either.  Maybe it's only a big
>> problem in the latest releases?  Or am I missing something?

I was unable to trigger a crash with anything but pngtest on x86/Linux
2.4.x/glibc 2.3.x.  But pngtest crashes reliably.

Greg



More information about the png-mng-security-archive mailing list