DescriptionThe png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SU-2012:0989-1, published Tue Aug 14 11:08:40 MDT 2012
- openSUSE-SU-2012:0934-1, published Wed, 1 Aug 2012 18:08:20 +0200 (CEST)
List of released packages
Status of this issue by product and package
|SUSE Linux Enterprise Desktop 10 SP3||libpng||Released|
|SUSE Linux Enterprise Desktop 10 SP4||libpng||Released|
|SUSE Linux Enterprise Server 10 SP3||libpng||Released|
|SUSE Linux Enterprise Server 10 SP4||libpng||Released|
|SUSE Linux Enterprise Server 10 SP4 LTSS||libpng||Released|