Upstream information
Description
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
NVD | |
---|---|
Base Score | 7.1 |
Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Complete |
Note from the SUSE Security Team
We are considering this a minor security issue. Out of memory conditions during image handling can be achieved in various ways, not the least by just passing a huge image. This specific leak is also linear (you need a PNG as large as the to be leaked memory), making it unlikely to be used. As the backport of the fix is quite intrusive, we decided in favour of stability not to backport and so not to fix this minor issue. SUSE Bugzilla entries: 475533 [RESOLVED / FIXED], 854395 [RESOLVED / FIXED]SUSE Security Advisories:
- openSUSE-SU-2011:0915-1
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA libpng-devel-1.2.31-5.33.1 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA libpng12-0-1.2.31-5.25.1 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA libpng12-0-1.2.31-5.31.1 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA libpng12-0-1.2.31-5.33.1 SUSE Linux Enterprise Software Development Kit 11 SP4 GA libpng-devel-1.2.31-5.33.1 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 08:08:15 2013CVE page last modified: Mon Sep 9 17:06:24 2024