[SECURITY] libpng vulnerabilities

marco atzeri marco.atzeri@gmail.com
Sun Feb 26 08:02:00 GMT 2012


Hi Chuck,

again, libpng announced security vulnerabilities:

from : http://www.libpng.org/pub/png/libpng.html

Vulnerability Warning

All versions of libpng from 1.0.6 through 1.5.8, 1.4.8, 1.2.46, and 
1.0.56, respectively, fail to correctly validate a heap allocation in 
png_decompress_chunk(), which can lead to a buffer-overrun and the 
possibility of execution of hostile code on 32-bit systems. This serious 
vulnerability has been assigned ID CVE-2011-3026 and is fixed in version 
1.5.9 (and versions 1.4.9, 1.2.47, and 1.0.57, respectively, on the 
older branches), released 18 February 2012.

Regards
Marco

PS: zlib 1.2.6  ?



More information about the Cygwin-apps mailing list