|Description||Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DLA-343-1, DLA-410-1, DSA-3399-1, DSA-3507-1|
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
The original patch was incomplete, cf.
and fixed in new upstream versions 1.6.20, 1.5.25,
1.4.18, 1.2.55, and 1.0.65
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)