blob: dc463ddb9a36f4cd5579c1600b37c4bde9194d4f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#use wml::debian::translation-check translation="1.3" maintainer=""
#pddp rafalm80
<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Chris Evans discovered several vulnerabilities in libpng:</p>
<ul>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597">CAN-2004-0597</a>
<p>Multiple buffer overflows exist, including when
handling transparency chunk data, which could be exploited to cause
arbitrary code to be executed when a specially crafted PNG image is
processed</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598">CAN-2004-0598</a>
<p>Multiple NULL pointer dereferences in
png_handle_iCPP() and elsewhere could be exploited to cause an
application to crash when a specially crafted PNG image is processed</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599">CAN-2004-0599</a>
<p>Multiple integer overflows in the png_handle_sPLT(),
png_read_png() functions and elsewhere could be exploited to cause an
application to crash, or potentially arbitrary code to be executed,
when a specially crafted PNG image is processed</p>
<p>In addition, a bug related to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363">CAN-2002-1363</a> was fixed:</p>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0768">CAN-2004-0768</a>
<p>A buffer overflow could be caused by incorrect
calculation of buffer offsets, possibly leading to the execution of
arbitrary code</p>
</ul>
<p>For the current stable distribution (woody), these problems have been
fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version
1.0.12-3.woody.7.</p>
<p>For the unstable distribution (sid), these problems will be fixed soon.</p>
<p>We recommend that you update your libpng and libpng3 packages.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2004/dsa-536.data"
|