[Png-mng-security] security bug in png_handle_tRNS
Tom Lane
tgl at sss.pgh.pa.us
Tue May 8 13:40:08 UTC 2007
Glenn Randers-Pehrson <glennrp at comcast.net> writes:
> At 03:12 AM 5/8/2007 -0400, Tom Lane wrote:
>> Something that Red Hat's security folks will be demanding of me pretty
>> soon: can this be exploited to do anything more than just crash your
>> browser? Right offhand it looks like it can only cause a null pointer
>> dereference, but maybe I'm missing something more interesting.
> I don't think so.
Thanks. BTW, I understand CVE-2007-2445 is already allocated for this
issue.
regards, tom lane
More information about the png-mng-security-archive
mailing list