libpng: Buffer overflow — GLSA 200607-06

A buffer overflow has been found in the libpng library that could lead to the execution of arbitrary code.

Affected Packages

media-libs/libpng on all architectures
Affected versions < 1.2.12
Unaffected versions >= 1.2.12
app-emulation/emul-linux-x86-baselibs on the amd64 architecture
Affected versions < 2.5.1
Unaffected versions >= 2.5.1

Background

libpng is an open, extensible image format library, with lossless compression.

Description

In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.

Impact

By enticing a user to load a maliciously crafted PNG image, an attacker could execute arbitrary code with the rights of the user, or crash the application using the libpng library, such as the emul-linux-x86-baselibs.

Workaround

There is no known workaround at this time.

Resolution

All libpng users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.12"

All AMD64 emul-linux-x86-baselibs users should also upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-baselibs-2.5.1"

References

Release Date
July 19, 2006

Latest Revision
July 19, 2006: 01

Severity
normal

Exploitable
remote

Bugzilla entries