Core Security Technologies Advisory - Google's Android SDK suffers from heap and integer overflow vulnerabilities. Proof of concept code included.
db70984bcafa3398efb1a27f29b4cb70fd1830830d6b36d9e5f74f71f24c8993Ubuntu Security Notice 383-1 - Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library.
c22c47ca069358f914d82ef90b21ef9ae20f1b9e0b1c8dfd5d89eb56911e7478OpenPKG Security Advisory OpenPKG-SA-2006.036 - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng, versions 1.0.6 through 1.2.12 and 1.0.20. The bug is in the decoder for the sPLT ("suggested palette") chunk and can lead to crashes and, accordingly, a DoS, when an application using libpng for PNG processing displays a specially crafted PNG image.
07ff912f411260cf3c683d58e776be099366e83f76133ec9493ca3063f3204beMandriva Linux Security Advisory MDKSA-2006-213 - Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
16dfb5a6c7e6707a0ab36a659780cc80a81f846a6ffe983455b3d7997b8b054aMandriva Linux Security Advisory MDKSA-2006-212 - Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
17d4deff97eaa0aa1549620a7b141701693bc1a5676342d60c398472ad85c995Mandriva Linux Security Advisory MDKSA-2006-211 - PXELINUX is a PXE bootloader. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
bec993adc61012b208fde1aeafd80f2ae7d021ef31ae18387bd68abd564e1707Mandriva Linux Security Advisory MDKSA-2006-210 - SYSLINUX is a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
fe47733ea5b8bb15fe282684b5c99de8d11cfda874d3a977c414beca1913e7beMandriva Linux Security Advisory MDKSA-2006-209 - A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
9f4e63de96b4e6dd2e6c35b3f8b340aca88b6e5a720a265d8d382d8ceb56145a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed