CVE-2010-2249

Priority
Medium
Description
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3,
allows remote attackers to cause a denial of service (memory consumption
and application crash) via a PNG image containing malformed Physical Scale
(aka sCAL) chunks.
References
Bugs
Notes
jdstrand> chromium uses libpng on Ubuntu 10.04 and later
jdstrand> firefox uses libpng on Ubuntu 10.04 and later
Package
Upstream:released (1.2.44,1.4.3)
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.3)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.42-1ubuntu2.1)
Ubuntu 11.04 (Natty Narwhal):not-affected (1.2.44-1)
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):ignored (uses system libpng)
Ubuntu 11.04 (Natty Narwhal):ignored (uses system libpng)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (uses system libpng)
Ubuntu 11.04 (Natty Narwhal):ignored (uses system libpng)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:06 UTC (commit 5347)