From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200611-09.xml | 62 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 metadata/glsa/glsa-200611-09.xml (limited to 'metadata/glsa/glsa-200611-09.xml') diff --git a/metadata/glsa/glsa-200611-09.xml b/metadata/glsa/glsa-200611-09.xml new file mode 100644 index 000000000000..3908071ab21c --- /dev/null +++ b/metadata/glsa/glsa-200611-09.xml @@ -0,0 +1,62 @@ + + + + libpng: Denial of Service + + A vulnerability in libpng may allow a remote attacker to crash applications + that handle untrusted images. + + libpng + 2006-11-17 + 2006-11-17: 01 + 154380 + remote + + + 1.2.13 + 1.2.13 + + + +

+ libpng is a free ANSI C library used to process and manipulate PNG + images. +

+ + +

+ Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a + vulnerability exists in the sPLT chunk handling code of libpng, a large + sPLT chunk may cause an application to attempt to read out of bounds. +

+ + +

+ A remote attacker could craft an image that when processed or viewed by + an application using libpng causes the application to terminate + abnormally. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libpng users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.13" + + + CVE-2006-5793 + + + taviso + + + vorlon + + -- cgit v1.2.3