Updated libpng packages fix two security vulnerabilities
Publication date: 10 May 2014Modification date: 10 May 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-7353 , CVE-2013-7354
Description
Updated libpng12 and libpng packages fix security vulnerabilities: An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7353). An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application (CVE-2013-7354).
References
SRPMS
3/core
- libpng12-1.2.50-3.2.mga3
- libpng-1.5.13-2.2.mga3