CVE-2010-1519

Name of the Vulnerable Software and Affected Versions glpng version 1.45

Description The issue is related to multiple integer overflows in the glpng.c file, which can be exploited by context-dependent attackers to execute arbitrary code. This is achieved through crafted PNG images, specifically affecting the pngLoadRawF function and the pngLoadF function, leading to heap-based buffer overflows.

Recommendations For glpng version 1.45, consider applying patches or updates that address the integer overflows in the glpng.c file, specifically in the pngLoadRawF and pngLoadF functions, to prevent heap-based buffer overflows. As a temporary workaround, consider restricting the use of glpng to process untrusted PNG images until a patch is available.