CVE-2012-3425 Information

Feb 14, 2021 cve

Description

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58 1.2.x before 1.2.48 1.4.x before 1.4.10 and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15 http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8 http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html http://www.openwall.com/lists/oss-security/2012/07/24/3 http://www.openwall.com/lists/oss-security/2012/07/24/5 http://www.ubuntu.com/usn/USN-2815-1

Share on: