OpenPKG Security Advisory
OpenPKG-SA-2006.036
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.036 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.036 Advisory Published: 2008-07-25 12:39 UTC Issue Id (internal): OpenPKG-SI-20061117.01 Issue First Created: 2006-11-17 Issue Last Modified: 2006-12-07 Issue Revision: 08
Subject Name: libpng Subject Summary: Portable Network Graphics (PNG) Image Format Library Subject Home: http://www.libpng.org/pub/png/ Subject Versions: * <= 1.2.12 Vulnerability Id: CVE-2006-5793 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: denial of service Description: As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG [0] image format library libpng [1], versions 1.0.6 through 1.2.12 and 1.0.20. The bug is in the decoder for the sPLT ("suggested palette") chunk and can lead to crashes and, accordingly, a DoS, when an application using libpng for PNG processing displays a specially crafted PNG image. References: [0] http://www.libpng.org/pub/png/ [1] http://www.libpng.org/pub/png/libpng.html
Primary Package Name: png Primary Package Home: http://openpkg.org/go/package/png Affected Distribution: Affected Branch: Affected Package: OpenPKG Enterprise E1.0-SOLID png-1.2.12-E1.0.0 OpenPKG Community 2-STABLE-20061018 png-1.2.12-2.20061018 OpenPKG Community 2-STABLE png-1.2.12-2.20061018 OpenPKG Community CURRENT png-1.2.12-20061012 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID png-1.2.12-E1.0.1 OpenPKG Community 2-STABLE-20061018 png-1.2.13-2.20061116 OpenPKG Community 2-STABLE png-1.2.13-2.20061116 OpenPKG Community CURRENT png-1.2.13-20061116
