DescriptionMemory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
Note from the SUSE Security TeamWe are considering this a minor security issue. Out of memory conditions during image handling can be achieved in various ways, not the least by just passing a huge image. This specific leak is also linear (you need a PNG as large as the to be leaked memory), making it unlikely to be used. As the backport of the fix is quite intrusive, we decided in favour of stability not to backport and so not to fix this minor issue. SUSE Bugzilla entries: 475533 [RESOLVED / FIXED], 854395 [RESOLVED / FIXED] SUSE Security Advisories:
- openSUSE-SU-2011:0915-1, published Wed, 17 Aug 2011 19:08:20 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Linux Enterprise Server 11 SP1|| ||Patchnames: |
|SUSE Linux Enterprise Server 11 SP2|| |
|SUSE Linux Enterprise Server 11 SP3|| |
|SUSE Linux Enterprise Server 11 SP4|| |
|SUSE Linux Enterprise Software Development Kit 11 SP4|| |