Advisories ยป MGASA-2014-0131

Updated libpng package fixes security vulnerability

Publication date: 15 Mar 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-0333

Description

The png_push_read_chunk function in pngpread.c in the progressive decoder
in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of
service (infinite loop and CPU consumption) via an IDAT chunk with a
length of zero (CVE-2014-0333).
                

References

SRPMS

4/core