FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

png -- memory corruption/possible remote code execution

Affected packages
linux-f10-png < 1.4.11
png < 1.4.11

Details

VuXML ID 262b92fe-81c8-11e1-8899-001ec9578670
Discovery 2012-03-29
Entry 2012-04-08

The PNG project reports:

libpng fails to correctly handle malloc() failures for text chunks (in png_set_text_2()), which can lead to memory corruption and the possibility of remote code execution.

[source]

References

CVE Name CVE-2011-3048
URL http://www.libpng.org/pub/png/libpng.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.