[Png-mng-security] security bug in png_handle_tRNS

Tom Lane tgl at sss.pgh.pa.us
Tue May 8 13:40:08 UTC 2007


Glenn Randers-Pehrson <glennrp at comcast.net> writes:
> At 03:12 AM 5/8/2007 -0400, Tom Lane wrote:
>> Something that Red Hat's security folks will be demanding of me pretty
>> soon: can this be exploited to do anything more than just crash your
>> browser?  Right offhand it looks like it can only cause a null pointer
>> dereference, but maybe I'm missing something more interesting.

> I don't think so.

Thanks.  BTW, I understand CVE-2007-2445 is already allocated for this
issue.

			regards, tom lane



More information about the png-mng-security-archive mailing list