Mandriva Linux Security Advisory MDKSA-2006-211 - PXELINUX is a PXE bootloader. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
bec993adc61012b208fde1aeafd80f2ae7d021ef31ae18387bd68abd564e1707
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed