paul Posted November 13, 2007 Report Share Posted November 13, 2007 Multiple vulnerabilities were discovered in libpng: An off-by-one error when handling ICC profile chunks in the png_set_iCCP() function (CVE-2007-5266; only affects Mandriva Linux 2008.0). George Cook and Jeff Phillips reported several errors in pngrtran.c, such as the use of logical instead of bitwise functions and incorrect comparisons (CVE-2007-5268; only affects Mandriva Linux 2008.0). Tavis Ormandy reported out-of-bounds read errors in several PNG chunk handling functions (CVE-2007-5269). Updated packages have been patched to correct these issues. For Mandriva Linux 2008.0, libpng 1.2.22 is being provided which corrects all three issues. Link to comment Share on other sites More sharing options...
Recommended Posts