[Png-mng-security] Potential denial of service attack in lcms-1.17
glennrp at comcast.net
glennrp at comcast.net
Tue Nov 25 01:11:58 UTC 2008
-------------- Original message ----------------------
From: "John Bowler" <jbowler at acm.org>
> By code examination if lcms-1.17...
> Fix is to test for white y of zero and fail in the relevant APIs (return
> false.)
Should the fix go in lcms? We can (will) fix libpng as well. I can
take care of fixing mozilla's copy of lcms.
I got no answer to our prior bug report to the lcms mailing list
nor to a private email to the lcms author.
Would you send me an apropriately tweaked small PNG file?
Glenn
More information about the png-mng-security-archive
mailing list