MGASA-2014-0210

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0210.html

Import Source

https://advisories.mageia.org/MGASA-2014-0210.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0210

Related

Published

2014-05-10T19:34:01Z

Modified

2014-05-10T19:33:53Z

Summary

Updated libpng packages fix two security vulnerabilities

Details

Updated libpng12 and libpng packages fix security vulnerabilities:

An integer overflow leading to a heap-based buffer overflow was found in the pngsetsPLT() and pngsettext2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call pngsetsPLT() or pngsettext2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7353).

An integer overflow leading to a heap-based buffer overflow was found in the pngsetunknownchunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call pngsetunknownchunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7354).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2014-0210

Affected packages