[Png-mng-security] Memory Leaks in libpng
Cosmin Truta
cosmin at cs.toronto.edu
Sun Jul 20 02:16:32 UTC 2008
I agree with Greg, memory leaks are not really security issues, left
alone the fact that they're in iCCP, which browsers that I know of don't
handle.
IMO, this may safely go to png-mng-implement.
Best regards,
Cosmin
On Sat, 19 Jul 2008, Greg Roelofs wrote:
> The png-mng-implement mailing list is usually the best place to report
> libpng issues, unless it's a security issue. This is kind of a borderline
> case; in principle, a hostile web site could load itself up with lots of
> these images, causing a denial of service in visiting browsers, but there
> are many other ways to do the same thing with entirely valid images, such
> as loading up the web page with a huge number of very large images. So
> I'd be inclined not to treat this as a security issue. However, insofar
> as others may disagree, I've bcc'd the libpng security list rather than
> cc'd the png-mng-implement list.
More information about the png-mng-security-archive
mailing list