[Png-mng-security] Memory Leaks in libpng

Cosmin Truta cosmin at cs.toronto.edu
Sun Jul 20 02:16:32 UTC 2008


I agree with Greg, memory leaks are not really security issues, left
alone the fact that they're in iCCP, which browsers that I know of don't
handle.

IMO, this may safely go to png-mng-implement.

Best regards,
Cosmin


On Sat, 19 Jul 2008, Greg Roelofs wrote:

> The png-mng-implement mailing list is usually the best place to report
> libpng issues, unless it's a security issue.  This is kind of a borderline
> case; in principle, a hostile web site could load itself up with lots of
> these images, causing a denial of service in visiting browsers, but there
> are many other ways to do the same thing with entirely valid images, such
> as loading up the web page with a huge number of very large images.  So
> I'd be inclined not to treat this as a security issue.  However, insofar
> as others may disagree, I've bcc'd the libpng security list rather than
> cc'd the png-mng-implement list.



More information about the png-mng-security-archive mailing list