|Description||Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
|References||DLA-343-1, DLA-410-1, DSA-3399-1, DSA-3507-1|
The information below is based on the following data on fixed versions.
Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
The original patch was incomplete, cf.
and fixed in new upstream versions 1.6.20, 1.5.25,
1.4.18, 1.2.55, and 1.0.65
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)