DescriptionThe png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SR:2009:003, published Mon, 02 Feb 2009 16:30:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Linux Enterprise Server 11 SP1|| |
|SUSE Linux Enterprise Server 11 SP2|| |
|SUSE Linux Enterprise Server 11 SP3|| |
|SUSE Linux Enterprise Server 11 SP4|| |
|SUSE Linux Enterprise Software Development Kit 11 SP4|| |