Gentoo Linux Security Advisory GLSA 200908-10 - An integer overflow in the PNG handling of Dillo might result in the remote execution of arbitrary code. Tilei Wang reported an integer overflow in the Png_datainfo_callback() function, possibly leading to a heap-based buffer overflow. Versions less than 2.1.1 are affected.
9713950b61dbbb2436c43e54b7f1ebf3a2ceadaae7fb79b2a1c3f0bac7036199
Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by HTML pages with embedded PNG images, the Png_datainfo_callback function does not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability. Versions 2.1 and below are affected.
0a9bd01bbd35cd229feb029c2a84091f982b71b8dbf99cb85b892b57eae472c1