[Png-mng-security] libpng: memory overwrite (png_check_keyword()) [SuSE]

Greg Roelofs newt at pobox.com
Mon Feb 9 21:42:30 UTC 2009


Is this an old bug that SuSE just got around to fixing, or a new one that
hasn't been reported here?

http://lwn.net/Alerts/317619/

   - libpng
     This update of libpng fixes the function png_check_keyword() that
     allowed setting arbitrary bytes in the process memory to 0.
     (CVE-2008-5907)
     Affected products: openSUSE 10.3-11.1, OES, SLES9, NLD9, SLES 10,
     SLED10

Greg



More information about the png-mng-security-archive mailing list