PT-2011-1260 · Libpng · Libpng
Torindel
·
Published
2011-08-31
·
Updated
2012-06-15
·
CVE-2006-7244
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
libpng versions 1.2.13beta1 through 1.2.15beta3
Description
The issue is related to a memory leak in the pngwutil.c file of libpng. It allows context-dependent attackers to cause a denial of service, which can result in a memory leak or segmentation fault. This can be achieved by using a JPEG image that contains an iCCP chunk with a negative embedded profile length.
Recommendations
For libpng versions 1.2.13beta1 through 1.2.15beta3, update to version 1.2.15beta3 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libpng